2 years ago · e0cbb966f0
--- a/internal/common/eventmanager.go
+++ b/internal/common/eventmanager.go
@@ -2137,10 +2137,17 @@ func executeMetadataCheckRuleAction(conditions dataprovider.ConditionOptions, pa
 
				 
			
 
				 func executePwdExpirationCheckForUser(user *dataprovider.User, config dataprovider.EventActionPasswordExpiration) error {
			
 
				 	if err := user.LoadAndApplyGroupSettings(); err != nil {
			
 
				-		eventManagerLog(logger.LevelError, "skipping password expiration check for user %s, cannot apply group settings: %v",
			
 
				+		eventManagerLog(logger.LevelError, "skipping password expiration check for user %q, cannot apply group settings: %v",
			
 
				 			user.Username, err)
			
 
				 		return err
			
 
				 	}
			
 
				+	if user.ExpirationDate > 0 {
			
 
				+		if expDate := util.GetTimeFromMsecSinceEpoch(user.ExpirationDate); expDate.Before(time.Now()) {
			
 
				+			eventManagerLog(logger.LevelDebug, "skipping password expiration check for expired user %q, expiration date: %s",
			
 
				+				user.Username, expDate)
			
 
				+			return nil
			
 
				+		}
			
 
				+	}
			
 
				 	if user.Filters.PasswordExpiration == 0 {
			
 
				 		eventManagerLog(logger.LevelDebug, "password expiration not set for user %q skipping check", user.Username)
			
 
				 		return nil
			
--- a/internal/common/eventmanager_test.go
+++ b/internal/common/eventmanager_test.go
@@ -1207,13 +1207,24 @@ func TestUserExpirationCheck(t *testing.T) {
 
				 			ExpirationDate: util.GetTimeAsMsSinceEpoch(time.Now().Add(-24 * time.Hour)),
			
 
				 		},
			
 
				 	}
			
 
				+	user.Filters.PasswordExpiration = 5
			
 
				 	err := dataprovider.AddUser(&user, "", "", "")
			
 
				 	assert.NoError(t, err)
			
 
				 
			
 
				-	err = executeUserExpirationCheckRuleAction(dataprovider.ConditionOptions{}, &EventParams{})
			
 
				+	conditions := dataprovider.ConditionOptions{
			
 
				+		Names: []dataprovider.ConditionPattern{
			
 
				+			{
			
 
				+				Pattern: username,
			
 
				+			},
			
 
				+		},
			
 
				+	}
			
 
				+	err = executeUserExpirationCheckRuleAction(conditions, &EventParams{})
			
 
				 	if assert.Error(t, err) {
			
 
				 		assert.Contains(t, err.Error(), "expired users")
			
 
				 	}
			
 
				+	// the check will be skipped, the user is expired
			
 
				+	err = executePwdExpirationCheckRuleAction(dataprovider.EventActionPasswordExpiration{Threshold: 10}, conditions, &EventParams{})
			
 
				+	assert.NoError(t, err)
			
 
				 
			
 
				 	err = dataprovider.DeleteUser(username, "", "", "")
			
 
				 	assert.NoError(t, err)