Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-08 07:10:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

eventmanager: skip password expiration check for expired users

Browse Source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2023-02-25 16:33:39 +01:00
parent df9d47900a
commit e0cbb966f0
2 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/common/eventmanager.go
View File

@@ -2137,10 +2137,17 @@ func executeMetadataCheckRuleAction(conditions dataprovider.ConditionOptions, pa
func executePwdExpirationCheckForUser(user *dataprovider.User, config dataprovider.EventActionPasswordExpiration) error { func executePwdExpirationCheckForUser(user *dataprovider.User, config dataprovider.EventActionPasswordExpiration) error {
if err := user.LoadAndApplyGroupSettings(); err != nil { if err := user.LoadAndApplyGroupSettings(); err != nil {
eventManagerLog(logger.LevelError, "skipping password expiration check for user %s, cannot apply group settings: %v", eventManagerLog(logger.LevelError, "skipping password expiration check for user %q, cannot apply group settings: %v",
user.Username, err) user.Username, err)
return err return err
} }
if user.ExpirationDate > 0 {
if expDate := util.GetTimeFromMsecSinceEpoch(user.ExpirationDate); expDate.Before(time.Now()) {
eventManagerLog(logger.LevelDebug, "skipping password expiration check for expired user %q, expiration date: %s",
user.Username, expDate)
return nil
}
}
if user.Filters.PasswordExpiration == 0 { if user.Filters.PasswordExpiration == 0 {
eventManagerLog(logger.LevelDebug, "password expiration not set for user %q skipping check", user.Username) eventManagerLog(logger.LevelDebug, "password expiration not set for user %q skipping check", user.Username)
return nil return nil

13
internal/common/eventmanager_test.go
View File

@@ -1207,13 +1207,24 @@ func TestUserExpirationCheck(t *testing.T) {
ExpirationDate: util.GetTimeAsMsSinceEpoch(time.Now().Add(-24 * time.Hour)), ExpirationDate: util.GetTimeAsMsSinceEpoch(time.Now().Add(-24 * time.Hour)),
}, },
} }
user.Filters.PasswordExpiration = 5
err := dataprovider.AddUser(&user, "", "", "") err := dataprovider.AddUser(&user, "", "", "")
assert.NoError(t, err) assert.NoError(t, err)
err = executeUserExpirationCheckRuleAction(dataprovider.ConditionOptions{}, &EventParams{}) conditions := dataprovider.ConditionOptions{
Names: []dataprovider.ConditionPattern{
{
Pattern: username,
},
},
}
err = executeUserExpirationCheckRuleAction(conditions, &EventParams{})
if assert.Error(t, err) { if assert.Error(t, err) {
assert.Contains(t, err.Error(), "expired users") assert.Contains(t, err.Error(), "expired users")
} }
// the check will be skipped, the user is expired
err = executePwdExpirationCheckRuleAction(dataprovider.EventActionPasswordExpiration{Threshold: 10}, conditions, &EventParams{})
assert.NoError(t, err)
err = dataprovider.DeleteUser(username, "", "", "") err = dataprovider.DeleteUser(username, "", "", "")
assert.NoError(t, err) assert.NoError(t, err)