Merge pull request #670 from nextcloud/feat/add-expiration-warning

css/password_policy-settings.css

@@ -1,2 +1,2 @@
 /* extracted by css-entry-points-plugin */
-@import './settings-Be1Zyivi.chunk.css';
+@import './settings-JzBOrW1D.chunk.css';

src/AdminSettings.vue

@@ -26,16 +26,6 @@
  {{ t('password_policy', 'User password history') }}
  </label>
  </li>
- <li>
- <input id="password-policy-expiration"
- v-model="config.expiration"
- min="0"
- type="number"
- @change="updateNumberSetting('expiration')">
- <label for="password-policy-expiration">
- {{ t('password_policy', 'Number of days until user password expires') }}
- </label>
- </li>
  <li>
  <input id="password-policy_failed-login"
  v-model="config.maximumLoginAttempts"
@@ -49,6 +39,19 @@
  {{ t('password_policy', 'Please note, this option is meant to protect attacked accounts. Disabled accounts have to be re-enabled manually by administration. Attackers that try to guess passwords of accounts will have their IP address blocked by the bruteforce protection independent from this setting.') }}
  </p>
  </li>
+ <li>
+ <input id="password-policy-expiration"
+ v-model="config.expiration"
+ min="0"
+ type="number"
+ @change="updateNumberSetting('expiration')">
+ <label for="password-policy-expiration">
+ {{ t('password_policy', 'Number of days until user password expires') }}
+ </label>
+ <p class="havibeenpwned-hint">
+ {{ t('password_policy', 'Warning: enabling password expiration is nowadays considered a security risk by several security agencies.') }}
+ </p>
+ </li>
  </ul>
 
  <ul class="password-policy__settings-list">