Forcing users to change their password after a number of days with Rails/Devise

Question

I am using Rails 4 with Devise. I've been looking for a setting that forces users to change their passwords if it's older than 3 months, but I can't find anything in devise.rb (there are other settings to force changing passwords on first logon, etc.). Any ideas?

Answer 1

Check out the devise_security_extension, it's a devise extension that adds the functionality I think you are looking for.

Once you install it, you can then do

devise :password_expirable

and in your config/initializers/devise.rb, you can add in (or uncommented depending how you installed it) the time frame you want to expire the password

config.expire_password_after = 3.months

Hope this helps!