N°6171 - Password Expiration: can expire mode has no effect on user who have never changed their password - core change

datamodels/2.x/authent-local/model.authent-local.php

@@ -3,7 +3,7 @@
 //
 //   This file is part of iTop.
 //
-//   iTop is free software; you can redistribute it and/or modify	
+//   iTop is free software; you can redistribute it and/or modify
 //   it under the terms of the GNU Affero General Public License as published by
 //   the Free Software Foundation, either version 3 of the License, or
 //   (at your option) any later version.
@@ -69,7 +69,7 @@ class UserLocal extends UserInternal
 	const EXPIRE_NEVER = 'never_expire';
 	const EXPIRE_FORCE = 'force_expire';
 	const EXPIRE_ONE_TIME_PWD = 'otp_expire';
-	
+
 	/** @var UserLocalPasswordValidity|null */
 	protected $m_oPasswordValidity = null;
 
@@ -160,7 +160,7 @@ class UserLocal extends UserInternal
 
 	/**
 	 * Use with care!
-	 */	 	
+	 */
 	public function SetPassword($sNewPassword)
 	{
 		$this->Set('password', $sNewPassword);
@@ -197,19 +197,38 @@ class UserLocal extends UserInternal
 
 	protected function OnWrite()
 	{
-		if (empty($this->m_oPasswordValidity))
-		{
-			return;
-		}
-
 		if (array_key_exists('password_renewed_date', $this->ListChanges()))
 		{
 			return;
 		}
 
+		if (empty($this->m_oPasswordValidity))
+		{
+			//password unchanged
+			if (is_null($this->Get('password_renewed_date')))
+			{
+				//initialize password_renewed_date with User creation date
+				$sKey = $this->GetKey();
+$sOql = <<<OQL
+SELECT CMDBChangeOpCreate AS ccc
+JOIN CMDBChange AS c ON ccc.change = c.id
+WHERE ccc.objclass="UserLocal" AND ccc.objkey="$sKey"
+OQL;
+					$oCmdbChangeOpSearch = \DBObjectSearch::FromOQL($sOql);
+					$oSet = new \DBObjectSet($oCmdbChangeOpSearch);
+					$oCMDBChangeOpCreate = $oSet->Fetch();
+					if (! is_null($oCMDBChangeOpCreate))
+					{
+						$oUserCreationDate = date(\AttributeDate::GetInternalFormat(), $oCMDBChangeOpCreate->Get('date'));
+						$this->Set('password_renewed_date', $oUserCreationDate);
+					}
+			}
+			return;
+		}
+
 		$sNow = date(\AttributeDate::GetInternalFormat());
 		$this->Set('password_renewed_date', $sNow);
-	
+
 		// Reset the "force" expiration flag when the user updates her/his own password!
 		if ($this->IsCurrentUser())
 		{
@@ -294,7 +313,7 @@ class UserLocal extends UserInternal
 		{
 			$this->m_aCheckIssues[] = $this->m_oPasswordValidity->getPasswordValidityMessage();
 		}
-		
+
 		// A User cannot force a one-time password on herself/himself
 		if ($this->IsCurrentUser()) {
 			if (array_key_exists('expiration', $this->ListChanges()) && ($this->Get('expiration') == self::EXPIRE_ONE_TIME_PWD)) {

tests/php-unit-tests/unitary-tests/datamodels/2.x/authent-local/UserLocalTest.php

@@ -279,7 +279,6 @@ class UserLocalTest extends ItopDataTestCase
 		$oUserLocal->DBWrite();
 		$this->assertEquals($oExpectedAfter, $oUserLocal->Get('password_renewed_date'), 'UPDATE "password" fields trigger automatic change of the  "password_renewed_date" field');
 
-
 		//UPDATE both password & password_renewed_date
 		$oUserLocal->Set('password', 'fooBar1???2');
 		$oUserLocal->Set('password_renewed_date', $oBefore);
@@ -356,10 +355,10 @@ class UserLocalTest extends ItopDataTestCase
 				'oExpectedBefore' => null,
 				'bRenewedDateTouched' => true,
 			),
-			'EXPIRE_NEVER: nominal case' => array(
+			'EXPIRE_NEVER (default mode): nothing changed on UserLocal' => array(
 				'sExpirationMode' => UserLocal::EXPIRE_NEVER,
 				'oExpectedBefore' => null,
-				'bRenewedDateTouched' => true,
+				'bRenewedDateTouched' => false,
 			),
 			'EXPIRE_FORCE: nominal case' => array(
 				'sExpirationMode' => UserLocal::EXPIRE_FORCE,