I need to redirect a user to the forgot-password view if it has not changed its password in the last three months. I tried to do this using the template that checks last password reset
exports.onExecutePostLogin = async (event, api) => {
// ensure the secret is valid
if (!event.secrets.MAX_PASSWORD_DAYS) {
return api.access.deny('Invalid configuration');
}
// function to calculate the difference (in days) between two dates
const daydiff = (first, second) => (second - first) / (1000 * 60 * 60 * 24);
// capture the teimstamp of the last password change or account creation
const lastPasswordChange =
event.user.last_password_reset || event.user.created_at;
// ensure password rotation is configured correctly
let maxDays;
try {
maxDays = Number(event.secrets.MAX_PASSWORD_DAYS);
} catch {
return api.access.deny('Invalid configuration');
}
if (!maxDays) {
return api.access.deny('Invalid configuration');
}
// if the password is beyond the configured threshold, reject access with a message to change it
if (daydiff(new Date(lastPasswordChange), new Date()) > maxDays) {
return api.redirect.sendUserTo("url")
//return api.access.deny('please change your password');
}
};
I just changed the api deny for the redirect, but when the user is redirected I get an error even though is the same url the user gets if it clicks in the forgot password button in the login. Is there any way to achieve this?
Another question, in case this is not possible, can I show some message to the user in case the access is denied?