wso2-extensions · PasinduYeshan · Dec 16, 2024
diff --git a/components/org.wso2.carbon.identity.password.expiry/pom.xml b/components/org.wso2.carbon.identity.password.expiry/pom.xml
@@ -89,11 +89,6 @@
             <artifactId>mockito-inline</artifactId>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.wso2.carbon.identity.framework</groupId>
-            <artifactId>org.wso2.carbon.identity.testutil</artifactId>
-            <scope>test</scope>
-        </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity.organization.management.core</groupId>
             <artifactId>org.wso2.carbon.identity.organization.management.service</artifactId>
@@ -154,9 +149,6 @@
                             org.wso2.carbon.user.core; version="${carbon.kernel.package.import.version.range}",
                             org.wso2.carbon.user.core.util; version="${carbon.kernel.package.import.version.range}",
                             org.wso2.carbon.user.core.common; version="${carbon.kernel.package.import.version.range}",
-                            org.wso2.carbon.user.core.listener; version="${carbon.kernel.package.import.version.range}",
-                            org.wso2.carbon.user.core.model; version="${carbon.kernel.package.import.version.range}",
-                            org.wso2.carbon.context; version="${carbon.kernel.package.import.version.range}",
                             org.wso2.carbon.user.api.*; version="${carbon.user.api.imp.pkg.version.range}",
                             org.wso2.carbon.identity.application.common.model.*;
                             version="${carbon.identity.framework.imp.pkg.version.range}",

diff --git a/...main/java/org/wso2/carbon/identity/password/expiry/constants/PasswordPolicyConstants.java b/...main/java/org/wso2/carbon/identity/password/expiry/constants/PasswordPolicyConstants.java
@@ -28,7 +28,6 @@ public class PasswordPolicyConstants {
             "http://wso2.org/claims/identity/lastPasswordUpdateTime";
     public static final String LAST_CREDENTIAL_UPDATE_TIMESTAMP_CLAIM_NON_IDENTITY =
             "http://wso2.org/claims/lastPasswordChangedTimestamp";
-    public static final String PASSWORD_EXPIRY_TIME_CLAIM = "http://wso2.org/claims/identity/passwordExpiryTime";
     public static final String PASSWORD_RESET_PAGE = "/accountrecoveryendpoint/password-recovery-confirm.jsp";
     public static final String PASSWORD_CHANGE_EVENT_HANDLER_NAME = "enforcePasswordResetEventHandler";
     public static final String ENFORCE_PASSWORD_RESET_HANDLER = "EnforcePasswordResetHandler";
@@ -58,7 +57,6 @@ public class PasswordPolicyConstants {
     public static final String AUTHENTICATION_STATUS = "authenticationStatus";
     public static final String BASIC_AUTHENTICATOR = "BasicAuthenticator";
     public static final String FALSE = "false";
-    public static final String TRUE = "true";
     public static final String CONFIRMATION_QUERY_PARAM = "&confirmation=";
     public static final String PASSWORD_EXPIRED_QUERY_PARAMS = "&passwordExpired=true";
     public static final String PASSWORD_EXPIRED_MSG_QUERY_PARAM = "&passwordExpiredMsg=";

diff --git a/...java/org/wso2/carbon/identity/password/expiry/internal/EnforcePasswordResetComponent.java b/...java/org/wso2/carbon/identity/password/expiry/internal/EnforcePasswordResetComponent.java
@@ -35,10 +35,8 @@
 import org.wso2.carbon.identity.event.handler.AbstractEventHandler;
 import org.wso2.carbon.identity.governance.IdentityGovernanceService;
 import org.wso2.carbon.identity.governance.common.IdentityConnectorConfig;
-import org.wso2.carbon.identity.password.expiry.listener.PasswordExpiryEventListener;
 import org.wso2.carbon.identity.password.expiry.services.ExpiredPasswordIdentificationService;
 import org.wso2.carbon.identity.password.expiry.services.impl.ExpiredPasswordIdentificationServiceImpl;
-import org.wso2.carbon.user.core.listener.UserOperationEventListener;
 import org.wso2.carbon.user.core.service.RealmService;
 import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService;
 
@@ -58,10 +56,6 @@ public class EnforcePasswordResetComponent {
     protected void activate(ComponentContext context) {
 
         try {
-            // Register the listener to capture user operations.
-            PasswordExpiryEventListener listener = new PasswordExpiryEventListener();
-            context.getBundleContext().registerService(UserOperationEventListener.class, listener, null);
-
             EnforcePasswordResetAuthenticationHandler enforcePasswordResetAuthenticationHandler =
                     new EnforcePasswordResetAuthenticationHandler();
             BundleContext bundleContext = context.getBundleContext();

diff --git a/...n/java/org/wso2/carbon/identity/password/expiry/listener/PasswordExpiryEventListener.java b/...n/java/org/wso2/carbon/identity/password/expiry/listener/PasswordExpiryEventListener.java
diff --git a/...piry/src/main/java/org/wso2/carbon/identity/password/expiry/util/PasswordPolicyUtils.java b/...piry/src/main/java/org/wso2/carbon/identity/password/expiry/util/PasswordPolicyUtils.java
@@ -48,13 +48,11 @@
 import org.wso2.carbon.user.core.util.UserCoreUtil;
 import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
 import org.wso2.carbon.user.core.common.Group;
-import org.wso2.carbon.identity.password.expiry.exceptions.ExpiredPasswordIdentificationException;
 
 import java.util.ArrayList;
 import java.util.EnumMap;
 import java.util.List;
 import java.util.Map;
-import java.util.Optional;
 import java.util.Set;
 import java.util.stream.Collectors;
 
@@ -161,8 +159,6 @@ public static boolean isPasswordExpired(String tenantDomain, String tenantAwareU
             throws PostAuthenticationFailedException {
 
         try {
-            if (!isPasswordExpiryEnabled(tenantDomain)) return false;
-
             UserRealm userRealm = getUserRealm(tenantDomain);
             UserStoreManager userStoreManager = getUserStoreManager(userRealm);
             String userId = ((AbstractUserStoreManager) userStoreManager).getUserIDFromUserName(tenantAwareUsername);
@@ -180,8 +176,11 @@ public static boolean isPasswordExpired(String tenantDomain, String tenantAwareU
                         skipIfNoApplicableRules);
             }
 
-            List<PasswordExpiryRule> filteredRules =
-                    filterApplicableExpiryRules(passwordExpiryRules, skipIfNoApplicableRules);
+            // If the default behavior is to skip the password expiry, rules with skip logic are not necessary.
+            List<PasswordExpiryRule> filteredRules = passwordExpiryRules.stream()
+                    .filter(rule -> !skipIfNoApplicableRules ||
+                            !PasswordExpiryRuleOperatorEnum.NE.equals(rule.getOperator()))
+                    .collect(Collectors.toList());
 
             Map<PasswordExpiryRuleAttributeEnum, Set<String>> fetchedUserAttributes =
                     new EnumMap<>(PasswordExpiryRuleAttributeEnum.class);
@@ -194,7 +193,7 @@ public static boolean isPasswordExpired(String tenantDomain, String tenantAwareU
                     }
                     int expiryDays =
                             rule.getExpiryDays() > 0 ? rule.getExpiryDays() : getPasswordExpiryInDays(tenantDomain);
-                    return daysDifference >= expiryDays || StringUtils.isBlank(lastPasswordUpdatedTime);
+                    return daysDifference >= expiryDays || lastPasswordUpdatedTime == null;
                 }
             }
             // Apply default password expiry policy if no specific rule applies.
@@ -293,137 +292,7 @@ private static boolean isPasswordExpiredUnderDefaultPolicy(String tenantDomain,
             throws PostAuthenticationFailedException {
 
         if (skipIfNoApplicableRules) return false;
-        return StringUtils.isBlank(lastPasswordUpdatedTime) || daysDifference >= getPasswordExpiryInDays(tenantDomain);
-    }
-
-    /**
-     * This method returns password expiry time for the given user.
-     *
-     * @param tenantDomain         The tenant domain.
-     * @param tenantAwareUsername  The tenant aware username.
-     * @return Optional containing the password expiry time in milliseconds, or empty if not applicable.
-     * @throws ExpiredPasswordIdentificationException If an error occurred while getting the password expiry time.
-     */
-    public static Optional<Long> getUserPasswordExpiryTime(String tenantDomain, String tenantAwareUsername)
-            throws ExpiredPasswordIdentificationException {
-
-        return getUserPasswordExpiryTime(tenantDomain, tenantAwareUsername, null,
-                null, null, null);
-    }
-
-    /**
-     * This method returns password expiry time for the given user.
-     *
-     * @param tenantDomain                     The tenant domain.
-     * @param tenantAwareUsername              The tenant aware username.
-     * @param isPasswordExpiryEnabled          Whether password expiry is enabled.
-     * @param isSkipIfNoApplicableRulesEnabled Whether skip if no applicable rules config is enabled.
-     * @param passwordExpiryRules              Password expiry rules.
-     * @param defaultPasswordExpiryInDays      Default password expiry in days.
-     * @return Optional containing the password expiry time in milliseconds, or empty if not applicable.
-     * @throws ExpiredPasswordIdentificationException If an error occurred while getting the password expiry time.
-     */
-    public static Optional<Long> getUserPasswordExpiryTime(String tenantDomain,
-                                                           String tenantAwareUsername,
-                                                           Boolean isPasswordExpiryEnabled,
-                                                           Boolean isSkipIfNoApplicableRulesEnabled,
-                                                           List<PasswordExpiryRule> passwordExpiryRules,
-                                                           Integer defaultPasswordExpiryInDays)
-        throws ExpiredPasswordIdentificationException {
-
-        try {
-            if (isPasswordExpiryEnabled == null) {
-                isPasswordExpiryEnabled = isPasswordExpiryEnabled(tenantDomain);
-            }
-            // If the password expiry is not enabled, password expiry time is not applicable.
-            if (!isPasswordExpiryEnabled) return Optional.empty();
-
-            if (isSkipIfNoApplicableRulesEnabled == null) {
-                isSkipIfNoApplicableRulesEnabled = isSkipIfNoApplicableRulesEnabled(tenantDomain);
-            }
-            if (defaultPasswordExpiryInDays == null) {
-                defaultPasswordExpiryInDays = getPasswordExpiryInDays(tenantDomain);
-            }
-            if (passwordExpiryRules == null) {
-                passwordExpiryRules = getPasswordExpiryRules(tenantDomain);
-            }
-
-            UserRealm userRealm = getUserRealm(tenantDomain);
-            UserStoreManager userStoreManager = getUserStoreManager(userRealm);
-            String userId = ((AbstractUserStoreManager) userStoreManager).getUserIDFromUserName(tenantAwareUsername);
-            String lastPasswordUpdatedTime =
-                    getLastPasswordUpdatedTime(tenantAwareUsername, userStoreManager, userRealm);
-
-            long lastPasswordUpdatedTimeInMillis = 0L;
-            boolean isLastPasswordUpdatedTimeBlank = StringUtils.isBlank(lastPasswordUpdatedTime);
-            if (!isLastPasswordUpdatedTimeBlank) {
-                lastPasswordUpdatedTimeInMillis = getLastPasswordUpdatedTimeInMillis(lastPasswordUpdatedTime);
-            }
-
-            // If no rules are defined, use the default expiry time if "skipIfNoApplicableRules" is disabled.
-            if (CollectionUtils.isEmpty(passwordExpiryRules)) {
-                if (isSkipIfNoApplicableRulesEnabled) return Optional.empty();
-                // If lastPasswordUpdatedTime is blank, set expiry time to now.
-                if (isLastPasswordUpdatedTimeBlank) {
-                    return Optional.of(System.currentTimeMillis());
-                }
-                return Optional.of(
-                        lastPasswordUpdatedTimeInMillis + getDaysTimeInMillis(defaultPasswordExpiryInDays));
-            }
-
-            Map<PasswordExpiryRuleAttributeEnum, Set<String>> userAttributes =
-                    new EnumMap<>(PasswordExpiryRuleAttributeEnum.class);
-
-            List<PasswordExpiryRule> filteredRules =
-                    filterApplicableExpiryRules(passwordExpiryRules, isSkipIfNoApplicableRulesEnabled);
-            for (PasswordExpiryRule rule : filteredRules) {
-                if (isRuleApplicable(rule, userAttributes, tenantDomain, userId, userStoreManager)) {
-                    // Skip the rule if the operator is not equals.
-                    if (PasswordExpiryRuleOperatorEnum.NE.equals(rule.getOperator())) {
-                        return Optional.empty();
-                    }
-                    if (isLastPasswordUpdatedTimeBlank) {
-                        return Optional.of(System.currentTimeMillis());
-                    }
-                    int expiryDays =
-                            rule.getExpiryDays() > 0 ? rule.getExpiryDays() : getPasswordExpiryInDays(tenantDomain);
-                    return Optional.of(lastPasswordUpdatedTimeInMillis + getDaysTimeInMillis(expiryDays));
-                }
-            }
-
-            if (isSkipIfNoApplicableRulesEnabled) return Optional.empty();
-            if (isLastPasswordUpdatedTimeBlank) {
-                return Optional.of(System.currentTimeMillis());
-            }
-            return Optional.of(
-                    lastPasswordUpdatedTimeInMillis + getDaysTimeInMillis(defaultPasswordExpiryInDays));
-        } catch (UserStoreException | PostAuthenticationFailedException e) {
-            throw new ExpiredPasswordIdentificationException(PasswordPolicyConstants.ErrorMessages.
-                    ERROR_WHILE_GETTING_USER_STORE_DOMAIN.getCode(),
-                    PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_GETTING_USER_STORE_DOMAIN.getMessage());
-        }
-    }
-
-    private static List<PasswordExpiryRule> filterApplicableExpiryRules(List<PasswordExpiryRule> passwordExpiryRules,
-                                                                        boolean skipIfNoApplicableRules) {
-
-        if (!skipIfNoApplicableRules) {
-            return passwordExpiryRules;
-        }
-        // If the default behavior is to skip the password expiry, rules with skip logic are not required.
-        return passwordExpiryRules.stream().filter(
-                rule -> !PasswordExpiryRuleOperatorEnum.NE.equals(rule.getOperator())).collect(Collectors.toList());
-    }
-
-    /**
-     * This method returns the time in milliseconds for the given number of days.
-     *
-     * @param days The number of days.
-     * @return The time in milliseconds.
-     */
-    private static long getDaysTimeInMillis(int days) {
-
-        return (long) days * 24 * 60 * 60 * 1000;
+        return lastPasswordUpdatedTime == null || daysDifference >= getPasswordExpiryInDays(tenantDomain);
     }
 
     /**