= Documentation for Password Expiration Feature

The password expiration feature requires that users change their
password on login if it has expired (default: every 90 days). You can
force password expiration checks for all logged in users by adding
the following code to your route block:

   rodauth.require_current_password

Additionally, you can set a minimum amount of time after a password
is changed until it can be changed again.  By default this is not
enabled, but it can be enabled by setting +allow_password_change_after+
to a positive number of seconds.

It is not recommended to use this feature unless you have a policy that
requires it, as password expiration in general results in users chosing
weaker passwords.  When asked to change their password, many users choose
a password that is based on their previous password, so forcing password
expiration is in general a net loss from a security perspective.

== Auth Value Methods

allow_password_change_after :: How long in seconds after the last password change until another password change is allowed (always allowed by default).
password_change_needed_redirect :: Where to redirect if a password needs to be changed.
password_changed_at_session_key :: The key in the session storing the timestamp the password was changed at.
password_expiration_changed_at_column :: The column in the +password_expiration_table+ containing the timestamp
password_expiration_default :: If the last password change time for an account cannot be determined, whether to consider the account expired, false by default.
password_expiration_error_flash :: The flash error to display when the account's password has expired and needs to be changed.
password_expiration_id_column :: The column in the +password_expiration_table+ containing the account's id.
password_expiration_table :: The table holding the password last changed timestamps.
password_not_changeable_yet_error_flash :: The flash error to display when not enough time has elapsed since the last password change and an attempt is made to change the password.
password_not_changeable_yet_redirect :: Where to redirect if the password cannot be changed yet.
require_password_change_after :: How long in seconds until a password change is required (90 days by default).

== Auth Methods

password_expired? :: Whether the password has expired for the related account.
update_password_changed_at :: Update the password last changed timestamp for the current account.