beenull/sftpgo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

eventmanager: skip password expiration check for expired users

Browse source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino 2023-02-25 16:33:39 +01:00
parent df9d47900a
commit e0cbb966f0
No known key found for this signature in database
GPG key ID: 935D2952DEC4EECF
2 changed files with 20 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
internal/common/eventmanager.go
View file

@ -2137,10 +2137,17 @@ func executeMetadataCheckRuleAction(conditions dataprovider.ConditionOptions, pa
func executePwdExpirationCheckForUser(user *dataprovider.User, config dataprovider.EventActionPasswordExpiration) error {
if err := user.LoadAndApplyGroupSettings(); err != nil {
eventManagerLog(logger.LevelError, "skipping password expiration check for user %s, cannot apply group settings: %v",
eventManagerLog(logger.LevelError, "skipping password expiration check for user %q, cannot apply group settings: %v",
user.Username, err)
return err
}
if user.ExpirationDate > 0 {
if expDate := util.GetTimeFromMsecSinceEpoch(user.ExpirationDate); expDate.Before(time.Now()) {
eventManagerLog(logger.LevelDebug, "skipping password expiration check for expired user %q, expiration date: %s",
user.Username, expDate)
return nil
}
}
if user.Filters.PasswordExpiration == 0 {
eventManagerLog(logger.LevelDebug, "password expiration not set for user %q skipping check", user.Username)
return nil

13
internal/common/eventmanager_test.go
View file

@ -1207,13 +1207,24 @@ func TestUserExpirationCheck(t *testing.T) {
ExpirationDate: util.GetTimeAsMsSinceEpoch(time.Now().Add(-24 * time.Hour)),
},
}
user.Filters.PasswordExpiration = 5
err := dataprovider.AddUser(&user, "", "", "")
assert.NoError(t, err)
err = executeUserExpirationCheckRuleAction(dataprovider.ConditionOptions{}, &EventParams{})
conditions := dataprovider.ConditionOptions{
Names: []dataprovider.ConditionPattern{
{
Pattern: username,
},
},
}
err = executeUserExpirationCheckRuleAction(conditions, &EventParams{})
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "expired users")
}
// the check will be skipped, the user is expired
err = executePwdExpirationCheckRuleAction(dataprovider.EventActionPasswordExpiration{Threshold: 10}, conditions, &EventParams{})
assert.NoError(t, err)
err = dataprovider.DeleteUser(username, "", "", "")
assert.NoError(t, err)