Skip to content

Commit

Permalink
Fix issues in the password expiry feature
Browse files Browse the repository at this point in the history
  • Loading branch information
madurangasiriwardena committed Aug 24, 2023
1 parent fcdd3c0 commit b5cf820
Show file tree
Hide file tree
Showing 6 changed files with 10 additions and 57 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -73,9 +73,6 @@ public PostAuthnHandlerFlowStatus handle(HttpServletRequest httpServletRequest,
AUTHENTICATOR_TYPE)) {
return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
}
if (PasswordPolicyUtils.isAdminUser(authenticatedUser.getTenantDomain(), authenticatedUser.getUserName())) {
return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
}
if (!PasswordPolicyUtils.isPasswordExpiryEnabled(tenantDomain)) {
return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,7 @@ public void handleEvent(Event event) throws IdentityEventException {
.get(IdentityEventConstants.EventProperty.TENANT_DOMAIN);

try {
if (PasswordPolicyUtils.isAdminUser(tenantDomain, username) ||
!PasswordPolicyUtils.isPasswordExpiryEnabled(tenantDomain)) {
if (!PasswordPolicyUtils.isPasswordExpiryEnabled(tenantDomain)) {
return;
}
} catch (PostAuthenticationFailedException e) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ public class PasswordPolicyConstants {
"http://wso2.org/claims/identity/lastPasswordUpdateTime";
public static final String LAST_CREDENTIAL_UPDATE_TIMESTAMP_CLAIM_NON_IDENTITY =
"http://wso2.org/claims/lastPasswordChangedTimestamp";
public static final String PASSWORD_RESET_PAGE = "accountrecoveryendpoint/password-recovery-confirm.jsp";
public static final String PASSWORD_RESET_PAGE = "/accountrecoveryendpoint/password-recovery-confirm.jsp";
public static final String PASSWORD_CHANGE_EVENT_HANDLER_NAME = "enforcePasswordResetEventHandler";
public static final String ENFORCE_PASSWORD_RESET_HANDLER = "EnforcePasswordResetHandler";
public static final String CONNECTOR_CONFIG_PASSWORD_EXPIRY_IN_DAYS = "passwordExpiry.passwordExpiryInDays";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -70,10 +70,6 @@ protected void activate(ComponentContext context) {
}
}

public static RealmService getRealmService() {
return EnforcePasswordResetComponentDataHolder.getInstance().getRealmService();
}

@Reference(
name = "user.realmservice.default",
service = RealmService.class,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@

package org.wso2.carbon.identity.password.expiry.internal;

import org.osgi.framework.BundleContext;
import org.wso2.carbon.identity.governance.IdentityGovernanceService;
import org.wso2.carbon.user.core.service.RealmService;

Expand All @@ -29,7 +28,6 @@ public class EnforcePasswordResetComponentDataHolder {

private static EnforcePasswordResetComponentDataHolder instance
= new EnforcePasswordResetComponentDataHolder();
private BundleContext bundleContext = null;
private RealmService realmService = null;
private IdentityGovernanceService identityGovernanceService;

Expand All @@ -52,16 +50,6 @@ public void setRealmService(RealmService realmService) {
this.realmService = realmService;
}

public BundleContext getBundleContext() {

return bundleContext;
}

public void setBundleContext(BundleContext bundleContext) {

this.bundleContext = bundleContext;
}

public void setIdentityGovernanceService(IdentityGovernanceService identityGovernanceService) {

this.identityGovernanceService = identityGovernanceService;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,10 @@

package org.wso2.carbon.identity.password.expiry.util;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import org.wso2.carbon.identity.password.expiry.constants.PasswordPolicyConstants;
import org.wso2.carbon.identity.password.expiry.internal.EnforcePasswordResetComponentDataHolder;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.core.ServiceURLBuilder;
Expand All @@ -34,7 +33,6 @@
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
Expand All @@ -50,8 +48,6 @@
*/
public class PasswordPolicyUtils {

private static final Log log = LogFactory.getLog(PasswordPolicyUtils.class);

/**
* Get the property names required by the password expiry policy.
*
Expand All @@ -62,7 +58,7 @@ public static String[] getPasswordExpiryPropertyNames() {
List<String> properties = new ArrayList<>();
properties.add(PasswordPolicyConstants.CONNECTOR_CONFIG_ENABLE_PASSWORD_EXPIRY);
properties.add(PasswordPolicyConstants.CONNECTOR_CONFIG_PASSWORD_EXPIRY_IN_DAYS);
return properties.toArray(new String[properties.size()]);
return properties.toArray(new String[0]);
}

/**
Expand Down Expand Up @@ -202,6 +198,7 @@ private static int getDaysDifference(long passwordChangedTime) {
* @return The last password updated time.
* @throws PostAuthenticationFailedException
*/
@SuppressFBWarnings("FORMAT_STRING_MANIPULATION")
private static String getLastPasswordUpdatedTime(String tenantAwareUsername, UserStoreManager userStoreManager,
UserRealm userRealm) throws PostAuthenticationFailedException {

Expand All @@ -222,7 +219,8 @@ private static String getLastPasswordUpdatedTime(String tenantAwareUsername, Use
} catch (UserStoreException e) {
throw new PostAuthenticationFailedException(
PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_GETTING_CLAIM_MAPPINGS.getCode(),
PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_GETTING_CLAIM_MAPPINGS.getMessage() + claimURI);
String.format(PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_GETTING_CLAIM_MAPPINGS.getMessage(),
claimURI));
}

return lastPasswordUpdatedTime;
Expand Down Expand Up @@ -281,13 +279,14 @@ public static String getPasswordResetPageUrl(String tenantDomain) throws PostAut
String serverUrl;
try {
if (IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
basePath = ServiceURLBuilder.create().addPath(new String[]{PASSWORD_RESET_PAGE}).setTenant(tenantDomain)
basePath = ServiceURLBuilder.create().addPath(PASSWORD_RESET_PAGE).setTenant(tenantDomain)
.build().getAbsolutePublicURL();
} else {
serverUrl = ServiceURLBuilder.create().build().getAbsolutePublicURL();
if (StringUtils.isNotBlank(tenantDomain) && !MultitenantConstants.SUPER_TENANT_DOMAIN_NAME
.equalsIgnoreCase(tenantDomain)) {
basePath = serverUrl + "/t/" + tenantDomain + PASSWORD_RESET_PAGE;
// accountrecoveryendpoint application is expecting a query param, if tenanted paths are disabled.
basePath = serverUrl + "/t/" + tenantDomain + PASSWORD_RESET_PAGE + "?tenantDomain=" + tenantDomain;
} else {
basePath = serverUrl + PASSWORD_RESET_PAGE;
}
Expand All @@ -299,30 +298,4 @@ public static String getPasswordResetPageUrl(String tenantDomain) throws PostAut
PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_BUILDING_PASSWORD_RESET_PAGE_URL.getMessage());
}
}

/**
* This method checks if the user is and admin.
*
* @param tenantDomain The tenant domain of the user.
* @param username The username of the user.
* @return true if password expiry is enabled, false otherwise.
* @throws PostAuthenticationFailedException If there is an error while reading system configurations.
*/
public static boolean isAdminUser(String tenantDomain, String username) throws PostAuthenticationFailedException {

UserRealm userRealm = getUserRealm(tenantDomain);
UserStoreManager userStoreManager = getUserStoreManager(userRealm);
try {
if (((AbstractUserStoreManager) userStoreManager).getUserIDFromUserName(UserCoreUtil
.removeDomainFromName(username)) != null) {
return true;
}
} catch (UserStoreException e) {
throw new PostAuthenticationFailedException(
PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_GETTING_USERID_FOR_USERNAME.getCode(),
PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_GETTING_USERID_FOR_USERNAME.getMessage() +
username, e);
}
return false;
}
}

0 comments on commit b5cf820

Please sign in to comment.