Hi
I can tell for sure that they are NOT available, but the history check could be implemented by changing this parts in CUBA:
method checkPassword in UserManagementService : now it checks only if new password is the same as the old password, and it should be changed to check if new password is among the N passwords used in the past by that user (remember that they need to be stored somewhere, probably in a separate PasswordLog table)
method changeUserPassword in the same service: store the old password in the log for future check
ChangePasswordDialog: change the error message from “password must not be equal to old” with something like “password must not be equal to last N used”
Similarly the password expiration can be implemented in the same UserManagementService, and by changing the LoginWorkerBean and corresponding screens for error messages.
It’s not such a big deal as it seems, if I’ll have some spare time in the future, I’ll add in my up-coming security component (that I hope to publish on GH someday).
If you want to try implementing it yourself, share your results here