[C2] Add password rotation feature from 1.11Β #6460
Description
In C2, we have not yet applied the development made through d4872441 of a feature to give a number of days to users to rotate their passwords.
This requires the addition of the security.password_rotate_days settings (0 by default) and the existence of a new field in the user table (to avoid using extra fields). This also requires the migration of the previous $_configuration['security_password_rotate_days'] to the settings table and the deletion of the extra field 'password_updated_at' (if it exists) after transferring the data it contains into a new user.password_update_at field.
| C1 | C2 |
|---|---|
| extra_field.variable='password_updated_at' | user.password_update_at |
| $_configuration['security_password_rotate_days'] | settings.variable='password_rotation_days', category='security', selected_value=0 (or the value of the extra field in 1.11 if it existed) |
The code from d487244 seems pretty portable (language variables need to be changed) so maybe there is a way to do a cherry-pick, but given the login procedure is different, it probably requires a bit of work.