Django force password expiration
You seem on the right track. Set the date of the last password updated, check if the timedelta is greater than 30 days, if so redirect to the change password page. Your Login view should essentially stay the same except don't actually login the user to the request object if the timedelta is greater than 30 days.
from datetime import date, timedeltafrom django.contrib.auth import authenticate, logindef my_view(request): username = request.POST['username'] password = request.POST['password'] user = authenticate(username=username, password=password) if user is not None: if user.is_active: if date.today() - user.password_date > timedelta(days=30): # Redirect to password change page else: login(request, user) # Redirect to a success page. else: # Return a 'disabled account' error message else: # Return an 'invalid login' error message.
Well, there is django-passwords-policies, http://tarak.github.io/django-password-policies/topics/force.password.change.html