diff options
author | Sean Hassan <sean.hassan@att.com> | 2020-06-18 12:20:20 -0500 |
---|---|---|
committer | Sean Hassan <sean.hassan@att.com> | 2020-06-18 12:24:53 -0500 |
commit | 274e4bc9d5afa66a788dfab966984e8d60a22b6d (patch) | |
tree | 718e00e326ce2381bdf1309667a68e9c28e924db | |
parent | 9602ca33aef3a2a441513359b2750e9fbee11cb4 (diff) |
Organization defined users whose user roles do not expire will also not have their credentials expire
Issue-ID: AAF-1161
Signed-off-by: Sean Hassan <sean.hassan@att.com>
Change-Id: Ic48981b91d40ad04c82f17043b810445ef6dea40
3 files changed, 8 insertions, 8 deletions
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java index e5cde35c..761ebec9 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java @@ -759,7 +759,7 @@ public class Function { } for (CredDAO.Data cd : cdr.value) { - if (cd.expires.after(now)) { + if (cd.expires.after(now) || trans.org().isUserExpireExempt(cd.id, cd.expires)) { return Result.ok(); } } @@ -1440,7 +1440,7 @@ public class Function { List<UserRoleDAO.Data> list = rurdd.value; List<String> rv = new ArrayList<>(list.size()); // presize for (UserRoleDAO.Data urdd : rurdd.value) { - if (includeExpired || urdd.expires.after(now)) { + if (includeExpired || urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) { rv.add(urdd.user); } } diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java index 39578f83..2e8e55f5 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java @@ -938,7 +938,7 @@ public class Question { if (!cdd.id.equals(user)) { trans.error().log("doesUserCredMatch DB call does not match for user: " + user); } - if (cdd.expires.after(now)) { + if (cdd.expires.after(now) || trans.org().isUserExpireExempt(cdd.id, cdd.expires)) { byte[] dbcred = cdd.cred.array(); try { @@ -1273,7 +1273,7 @@ public class Question { if (rur.isOKhasData()) { Date now = new Date(); for (UserRoleDAO.Data urdd : rur.value){ - if (urdd.expires.after(now)) { + if (urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) { return true; } } @@ -1285,7 +1285,7 @@ public class Question { Result<List<UserRoleDAO.Data>> rur = userRoleDAO().read(trans, user,ns+DOT_OWNER); if (rur.isOKhasData()) {for (UserRoleDAO.Data urdd : rur.value){ Date now = new Date(); - if (urdd.expires.after(now)) { + if (urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) { return true; } }}; @@ -1297,7 +1297,7 @@ public class Question { Date now = new Date(); int count = 0; if (rur.isOKhasData()) {for (UserRoleDAO.Data urdd : rur.value){ - if (urdd.expires.after(now)) { + if (urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) { ++count; } }}; diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java index 795231eb..778eb295 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java @@ -349,8 +349,8 @@ public interface Organization { public void setTestMode(boolean dryRun); /** - * Evaluates a user to determine if they are exempt from role expiration. - * Returns true if true, false is false. Default implementation is always false. + * Evaluates a user to determine if they are exempt from role and cred expiration. + * Returns true if true, false if false. Default implementation is always false. * * @param user * @param expires |