summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSean Hassan <sean.hassan@att.com>2020-06-18 12:20:20 -0500
committerSean Hassan <sean.hassan@att.com>2020-06-18 12:24:53 -0500
commit274e4bc9d5afa66a788dfab966984e8d60a22b6d (patch)
tree718e00e326ce2381bdf1309667a68e9c28e924db
parent9602ca33aef3a2a441513359b2750e9fbee11cb4 (diff)
Organization defined users whose user roles do not expire will also not have their credentials expire
Issue-ID: AAF-1161 Signed-off-by: Sean Hassan <sean.hassan@att.com> Change-Id: Ic48981b91d40ad04c82f17043b810445ef6dea40
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java4
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java8
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java4
3 files changed, 8 insertions, 8 deletions
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
index e5cde35c..761ebec9 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
@@ -759,7 +759,7 @@ public class Function {
}
for (CredDAO.Data cd : cdr.value) {
- if (cd.expires.after(now)) {
+ if (cd.expires.after(now) || trans.org().isUserExpireExempt(cd.id, cd.expires)) {
return Result.ok();
}
}
@@ -1440,7 +1440,7 @@ public class Function {
List<UserRoleDAO.Data> list = rurdd.value;
List<String> rv = new ArrayList<>(list.size()); // presize
for (UserRoleDAO.Data urdd : rurdd.value) {
- if (includeExpired || urdd.expires.after(now)) {
+ if (includeExpired || urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) {
rv.add(urdd.user);
}
}
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
index 39578f83..2e8e55f5 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
@@ -938,7 +938,7 @@ public class Question {
if (!cdd.id.equals(user)) {
trans.error().log("doesUserCredMatch DB call does not match for user: " + user);
}
- if (cdd.expires.after(now)) {
+ if (cdd.expires.after(now) || trans.org().isUserExpireExempt(cdd.id, cdd.expires)) {
byte[] dbcred = cdd.cred.array();
try {
@@ -1273,7 +1273,7 @@ public class Question {
if (rur.isOKhasData()) {
Date now = new Date();
for (UserRoleDAO.Data urdd : rur.value){
- if (urdd.expires.after(now)) {
+ if (urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) {
return true;
}
}
@@ -1285,7 +1285,7 @@ public class Question {
Result<List<UserRoleDAO.Data>> rur = userRoleDAO().read(trans, user,ns+DOT_OWNER);
if (rur.isOKhasData()) {for (UserRoleDAO.Data urdd : rur.value){
Date now = new Date();
- if (urdd.expires.after(now)) {
+ if (urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) {
return true;
}
}};
@@ -1297,7 +1297,7 @@ public class Question {
Date now = new Date();
int count = 0;
if (rur.isOKhasData()) {for (UserRoleDAO.Data urdd : rur.value){
- if (urdd.expires.after(now)) {
+ if (urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) {
++count;
}
}};
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
index 795231eb..778eb295 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
@@ -349,8 +349,8 @@ public interface Organization {
public void setTestMode(boolean dryRun);
/**
- * Evaluates a user to determine if they are exempt from role expiration.
- * Returns true if true, false is false. Default implementation is always false.
+ * Evaluates a user to determine if they are exempt from role and cred expiration.
+ * Returns true if true, false if false. Default implementation is always false.
*
* @param user
* @param expires