pwnotify-engine

server/src/main/java/password/pwm/AppProperty.java

@@ -256,6 +256,8 @@ public enum AppProperty
     PASSWORD_STRENGTH_THRESHOLD_WEAK                ( "password.strength.threshold.weak" ),
     PASSWORD_STRENGTH_THRESHOLD_VERY_WEAK           ( "password.strength.threshold.veryWeak" ),
 
+    PWNOTIFY__MAX_LDAP_SEARCH_SIZE                  ("pwNotify.maxLdapSearchSize"),
+
     PEOPLESEARCH_MAX_VALUE_VERIFYUSERDN             ( "peoplesearch.values.verifyUserDN" ),
     PEOPLESEARCH_VALUE_MAXCOUNT                     ( "peoplesearch.values.maxCount" ),
     PEOPLESEARCH_VIEW_DETAIL_LINKS                  ( "peoplesearch.view.detail.links" ),

server/src/main/java/password/pwm/config/PwmSetting.java

@@ -1080,6 +1080,15 @@ public enum PwmSetting
     DATABASE_DEBUG_TRACE(
             "db.debugTrace.enable", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.DATABASE_ADV ),
 
+    // pw expiry notice
+    PW_EXPY_NOTIFY_ENABLE(
+            "pwExpiryNotify.enable", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.PW_EXP_NOTIFY),
+    PW_EXPY_NOTIFY_PERMISSION(
+            "pwExpiryNotify.queryString", PwmSettingSyntax.USER_PERMISSION, PwmSettingCategory.PW_EXP_NOTIFY),
+    PW_EXPY_NOTIFY_INTERVAL(
+            "pwExpiryNotify.intervals", PwmSettingSyntax.DURATION, PwmSettingCategory.PW_EXP_NOTIFY),
+
+
     // reporting
     REPORTING_ENABLE(
             "reporting.enable", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.REPORTING ),

server/src/main/java/password/pwm/config/PwmSettingCategory.java

@@ -121,6 +121,8 @@ public enum PwmSettingCategory
     CAS_SSO( SSO ),
     BASIC_SSO( SSO ),
 
+    PW_EXP_NOTIFY( SETTINGS ),
+
     WEB_SERVICES( SETTINGS ),
     REST_SERVER( WEB_SERVICES ),
     REST_CLIENT( WEB_SERVICES ),

server/src/main/java/password/pwm/http/servlet/admin/AppDashboardData.java

@@ -509,8 +509,7 @@ public class AppDashboardData implements Serializable
             final Locale locale
     )
     {
-        if ( pwmApplication.getClusterService().status() == PwmService.STATUS.OPEN )
-        {
+        if (pwmApplication.getClusterService().status() != PwmService.STATUS.OPEN) {
             return Collections.emptyList();
         }
 

server/src/main/java/password/pwm/svc/PwmServiceEnum.java

@@ -55,7 +55,8 @@ public enum PwmServiceEnum
     SessionStateSvc( password.pwm.http.state.SessionStateService.class ),
     UserSearchEngine( password.pwm.ldap.search.UserSearchEngine.class, Flag.StartDuringRuntimeInstance ),
     TelemetryService( password.pwm.svc.telemetry.TelemetryService.class ),
-    ClusterService( password.pwm.svc.cluster.ClusterService.class ),;
+    ClusterService( password.pwm.svc.cluster.ClusterService.class ),
+    PwExpiryNotifyService(  password.pwm.svc.pwnotify.PasswordExpireNotificationService.class),;
 
     private final Class<? extends PwmService> clazz;
     private final Flag[] flags;

server/src/main/java/password/pwm/svc/pwnotify/PasswordExpireNotificationEngine.java

@@ -69,7 +69,7 @@ public class PasswordExpireNotificationEngine
     private final PwmApplication pwmApplication;
 
 
-    public PasswordExpireNotificationEngine( final PwmApplication pwmApplication )
+    public PasswordExpireNotificationEngine(final PwmApplication pwmApplication)
     {
         this.pwmApplication = pwmApplication;
         this.settings = Settings.fromConfiguration( pwmApplication.getConfig() );
@@ -85,8 +85,7 @@ public class PasswordExpireNotificationEngine
                 1_000_000
         );
 
-        while ( workQueue.hasNext() )
-        {
+        while (workQueue.hasNext()) {
             final UserIdentity userIdentity = workQueue.next();
             processUserIdentity( userIdentity );
         }
@@ -97,10 +96,9 @@ public class PasswordExpireNotificationEngine
     )
             throws PwmUnrecoverableException
     {
-        final ChaiUser theUser = pwmApplication.getProxiedChaiUser( userIdentity );
-        final Instant passwordExpirationTime = LdapOperationsHelper.readPasswordExpirationTime( theUser );
-        if ( passwordExpirationTime == null || passwordExpirationTime.isBefore( Instant.now() ) )
-        {
+        final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
+        final Instant passwordExpirationTime = LdapOperationsHelper.readPasswordExpirationTime(theUser);
+        if (passwordExpirationTime == null || passwordExpirationTime.isBefore(Instant.now())) {
             return;
         }
 
@@ -134,8 +132,7 @@ public class PasswordExpireNotificationEngine
             }
         }
 
-        if ( nextDayInterval < 1 )
-        {
+        if (nextDayInterval < 1) {
             return;
         }
 
@@ -162,7 +159,7 @@ public class PasswordExpireNotificationEngine
                 SESSION_LABEL,
                 userIdentity, userLocale
         );
-        pwmApplication.getEmailQueue().submitEmail( emailItemBean, userInfoBean, macroMachine );
+        pwmApplication.getEmailQueue().submitEmail(emailItemBean, userInfoBean, macroMachine);
     }
 
     static int daysUntilInstant( final Instant instant )

server/src/main/java/password/pwm/svc/pwnotify/PasswordExpireNotificationService.java

@@ -0,0 +1,75 @@
+package password.pwm.svc.pwnotify;
+
+import password.pwm.PwmApplication;
+import password.pwm.config.PwmSetting;
+import password.pwm.error.PwmException;
+import password.pwm.health.HealthRecord;
+import password.pwm.svc.PwmService;
+import password.pwm.util.java.JavaHelper;
+import password.pwm.util.java.TimeDuration;
+import password.pwm.util.logging.PwmLogger;
+
+import java.util.List;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
+
+public class PasswordExpireNotificationService implements PwmService {
+
+    private static final PwmLogger LOGGER = PwmLogger.forClass(PasswordExpireNotificationService.class);
+
+    private ScheduledExecutorService executorService;
+    private PwmApplication pwmApplication;
+    private STATUS status = STATUS.NEW;
+    private PasswordExpireNotificationEngine engine;
+
+    @Override
+    public STATUS status() {
+        return status;
+    }
+
+    @Override
+    public void init(final PwmApplication pwmApplication) throws PwmException {
+        this.pwmApplication = pwmApplication;
+
+        if (!pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.PW_EXPY_NOTIFY_ENABLE)) {
+            status = STATUS.CLOSED;
+            LOGGER.trace("will remain closed, pw notify feature is not enabled");
+            return;
+        }
+
+        engine = new PasswordExpireNotificationEngine(pwmApplication);
+
+        executorService = Executors.newSingleThreadScheduledExecutor(
+                JavaHelper.makePwmThreadFactory(
+                        JavaHelper.makeThreadName(pwmApplication,this.getClass()) + "-",
+                        true
+                ));
+
+        executorService.schedule(new DailyJobRunning(), 24, TimeUnit.HOURS);
+    }
+
+    @Override
+    public void close() {
+        JavaHelper.closeAndWaitExecutor(executorService, new TimeDuration(5, TimeUnit.SECONDS));
+    }
+
+    @Override
+    public List<HealthRecord> healthCheck() {
+        return null;
+    }
+
+    @Override
+    public ServiceInfoBean serviceInfo() {
+        return null;
+    }
+
+    class DailyJobRunning implements Runnable {
+        @Override
+        public void run() {
+
+        }
+    }
+
+
+}

server/src/main/resources/password/pwm/AppProperty.properties

@@ -239,6 +239,7 @@ peoplesearch.values.maxCount=100
 peoplesearch.view.detail.links=
 peoplesearch.orgChart.enableChildCount=true
 peoplesearch.orgChart.maxParents=50
+pwNotify.maxLdapSearchSize=1000000
 queue.email.retryTimeoutMs=10000
 queue.email.maxCount=100000
 queue.email.maxThreads=0

server/src/main/resources/password/pwm/config/PwmSetting.xml

@@ -881,7 +881,7 @@
             <value>{"to":"@User:Email@","from":"Unlock Account Notice \u003c@DefaultEmailFromAddress@\u003e","subject":"Account Unlock Notice","bodyPlain":"Your account has been unlocked.","bodyHtml":""}</value>
         </default>
     </setting>
-    <setting hidden="true" key="email.pwExpirationNotice" level="1">
+    <setting hidden="false" key="email.pwExpirationNotice" level="1">
         <flag>MacroSupport</flag>
         <default>
             <value>{"to":"@User:Email@","from":"Password Expiration Notice \u003c@DefaultEmailFromAddress@\u003e","subject":"Password Expiration Notice","bodyPlain":"Your password is about to expire.  Your password will expire in @User:DaysUntilPwExpire@ days.","bodyHtml":""}</value>
@@ -3660,6 +3660,21 @@
             <value>false</value>
         </default>
     </setting>
+    <setting hidden="false" key="pwExpiryNotify.enable" level="1">
+        <default>
+            <value/>
+        </default>
+    </setting>
+    <setting hidden="false" key="pwExpiryNotify.queryString" level="1">
+        <default>
+            <value/>
+        </default>
+    </setting>
+    <setting hidden="false" key="pwExpiryNotify.intervals" level="1">
+        <default>
+            <value>259200</value>
+        </default>
+    </setting>
     <setting hidden="false" key="reporting.enable" level="1">
         <default>
             <value/>
@@ -4026,6 +4041,8 @@
     </category>
     <category hidden="false" key="REPORTING">
     </category>
+    <category hidden="false" key="PW_EXP_NOTIFY">
+    </category>
     <category hidden="false" key="WEB_SERVICES" level="2">
     </category>
     <category hidden="false" key="REST_SERVER" level="2">

server/src/main/resources/password/pwm/i18n/PwmSetting.properties

@@ -1198,3 +1198,14 @@ Setting_Label_webservices.queryMatch=Web Services LDAP Authentication Permission
 Setting_Label_webservices.thirdParty.queryMatch=Web Services LDAP Third Party Permissions
 Setting_Label_webservice.userAttributes=Web Service User Attributes
 Setting_Label_wordlistCaseSensitive=Word List Case Sensitivity
+
+Category_Description_PW_EXP_NOTIFY=Password Expiration Notification
+Category_Label_PW_EXP_NOTIFY=Password Expiration Notification
+
+Setting_Label_pwExpiryNotify.enable=Enable Password Expiration Notification
+Setting_Label_pwExpiryNotify.queryString=Expiration Notification User Match
+Setting_Label_pwExpiryNotify.intervals=Expiration Notification Intervals
+Setting_Description_pwExpiryNotify.enable=Enable Password Expiration Notification
+Setting_Description_pwExpiryNotify.queryString=Expiration Notification User Match
+Setting_Description_pwExpiryNotify.intervals=Expiration Notification Intervals
+