From 274e4bc9d5afa66a788dfab966984e8d60a22b6d Mon Sep 17 00:00:00 2001 From: Sean Hassan Date: Thu, 18 Jun 2020 12:20:20 -0500 Subject: Organization defined users whose user roles do not expire will also not have their credentials expire Issue-ID: AAF-1161 Signed-off-by: Sean Hassan Change-Id: Ic48981b91d40ad04c82f17043b810445ef6dea40 --- .../src/main/java/org/onap/aaf/auth/dao/hl/Function.java | 4 ++-- .../src/main/java/org/onap/aaf/auth/dao/hl/Question.java | 8 ++++---- .../src/main/java/org/onap/aaf/auth/org/Organization.java | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) (limited to 'auth') diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java index e5cde35c..761ebec9 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java @@ -759,7 +759,7 @@ public class Function { } for (CredDAO.Data cd : cdr.value) { - if (cd.expires.after(now)) { + if (cd.expires.after(now) || trans.org().isUserExpireExempt(cd.id, cd.expires)) { return Result.ok(); } } @@ -1440,7 +1440,7 @@ public class Function { List list = rurdd.value; List rv = new ArrayList<>(list.size()); // presize for (UserRoleDAO.Data urdd : rurdd.value) { - if (includeExpired || urdd.expires.after(now)) { + if (includeExpired || urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) { rv.add(urdd.user); } } diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java index 39578f83..2e8e55f5 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java @@ -938,7 +938,7 @@ public class Question { if (!cdd.id.equals(user)) { trans.error().log("doesUserCredMatch DB call does not match for user: " + user); } - if (cdd.expires.after(now)) { + if (cdd.expires.after(now) || trans.org().isUserExpireExempt(cdd.id, cdd.expires)) { byte[] dbcred = cdd.cred.array(); try { @@ -1273,7 +1273,7 @@ public class Question { if (rur.isOKhasData()) { Date now = new Date(); for (UserRoleDAO.Data urdd : rur.value){ - if (urdd.expires.after(now)) { + if (urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) { return true; } } @@ -1285,7 +1285,7 @@ public class Question { Result> rur = userRoleDAO().read(trans, user,ns+DOT_OWNER); if (rur.isOKhasData()) {for (UserRoleDAO.Data urdd : rur.value){ Date now = new Date(); - if (urdd.expires.after(now)) { + if (urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) { return true; } }}; @@ -1297,7 +1297,7 @@ public class Question { Date now = new Date(); int count = 0; if (rur.isOKhasData()) {for (UserRoleDAO.Data urdd : rur.value){ - if (urdd.expires.after(now)) { + if (urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) { ++count; } }}; diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java index 795231eb..778eb295 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java @@ -349,8 +349,8 @@ public interface Organization { public void setTestMode(boolean dryRun); /** - * Evaluates a user to determine if they are exempt from role expiration. - * Returns true if true, false is false. Default implementation is always false. + * Evaluates a user to determine if they are exempt from role and cred expiration. + * Returns true if true, false if false. Default implementation is always false. * * @param user * @param expires -- cgit 1.2.3-korg