I need to force users to change password at least every 30 days. How to start with it? I noted in database that table users has column credentials_expire_at and when it's set to past date such an user can't login and I thought of allowing password change in login form when message of expiration detected.
4
votes
1 Answers
3
votes
You need to do it in this way:
- Create
EventListenertoonSecurityInteractiveLoginevent - Check the date
- If it fails redirect to change password form
Look at this coderwall protip: http://coderwall.com/p/cfmbaq
