Script function to check if a user password has expired

jose.granero · September 16, 2019, 9:25am

Is there any way to check if a user password has expired?, if not it would be great to implement it in a future release.

PGriffith · September 16, 2019, 3:31pm

What would you do with this information? Genuinely curious - something like implement your own reset screen? Or send a notification somewhere?

jose.granero · September 16, 2019, 4:56pm

Hi Paul,

Yes that’s right, I want to redirect users to a customized window where they could change their passwords through the User Management Component once these passwords have expired.

jose.granero · September 24, 2019, 12:04pm

Hi Paul,

What do you think about my request?, implementing it would be great, since managing password expiration when using customized windows for logging in is a real pain in the neck

PGriffith · September 24, 2019, 7:04pm

Well, the trick is that our authentication is a bit in flux right now - we’re going to move everything (including Vision) over to the identity-provider mechanism used in Perspective in 8.0, and there are some technical hurdles to detecting things like this. We also generally try to avoid things that only work with one “type” of something - we can easily detect an expired password with an internal user source, but might not be able to for an active directory source (depending on how it’s configured).

I would say, post to ideas.inductiveautomation.com. The more community interest we see, the more we’ll prioritize work on particular features.

jose.granero · September 25, 2019, 9:59am

Thank you for your answer Paul.

How can we detect an expired password when using an internal user source?

PGriffith · October 17, 2019, 9:33pm

We don’t have any exposed mechanism to do so. You might be able to via some SDK methods, but it would be fairly fragile. Another option would be to use a custom module so you’ve got “sanctioned” access to the gateway context.

brandon1 · September 8, 2021, 8:05pm

Hey Paul,

I was looking through the SDK for 8.1, and I have not found any references to a method that lets me know that a particular user in an internal user source has an expired password.

Can you please point me to a method as I would like to look into creating a custom module to check this.

Thanks,
Brandon

PGriffith · September 8, 2021, 9:32pm

The InternalUserRecord class has a com.inductiveautomation.ignition.gateway.authentication.records.InternalUserRecord#PasswordDate field. You would compare that against the max age set on the user source.