diff --git a/datamodels/2.x/authent-local/model.authent-local.php b/datamodels/2.x/authent-local/model.authent-local.php index 86b30120c..2a7815be8 100755 --- a/datamodels/2.x/authent-local/model.authent-local.php +++ b/datamodels/2.x/authent-local/model.authent-local.php @@ -3,7 +3,7 @@ // // This file is part of iTop. // -// iTop is free software; you can redistribute it and/or modify +// iTop is free software; you can redistribute it and/or modify // it under the terms of the GNU Affero General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. @@ -69,7 +69,7 @@ class UserLocal extends UserInternal const EXPIRE_NEVER = 'never_expire'; const EXPIRE_FORCE = 'force_expire'; const EXPIRE_ONE_TIME_PWD = 'otp_expire'; - + /** @var UserLocalPasswordValidity|null */ protected $m_oPasswordValidity = null; @@ -160,7 +160,7 @@ class UserLocal extends UserInternal /** * Use with care! - */ + */ public function SetPassword($sNewPassword) { $this->Set('password', $sNewPassword); @@ -197,19 +197,38 @@ class UserLocal extends UserInternal protected function OnWrite() { - if (empty($this->m_oPasswordValidity)) - { - return; - } - if (array_key_exists('password_renewed_date', $this->ListChanges())) { return; } + if (empty($this->m_oPasswordValidity)) + { + //password unchanged + if (is_null($this->Get('password_renewed_date'))) + { + //initialize password_renewed_date with User creation date + $sKey = $this->GetKey(); +$sOql = <<Fetch(); + if (! is_null($oCMDBChangeOpCreate)) + { + $oUserCreationDate = date(\AttributeDate::GetInternalFormat(), $oCMDBChangeOpCreate->Get('date')); + $this->Set('password_renewed_date', $oUserCreationDate); + } + } + return; + } + $sNow = date(\AttributeDate::GetInternalFormat()); $this->Set('password_renewed_date', $sNow); - + // Reset the "force" expiration flag when the user updates her/his own password! if ($this->IsCurrentUser()) { @@ -294,7 +313,7 @@ class UserLocal extends UserInternal { $this->m_aCheckIssues[] = $this->m_oPasswordValidity->getPasswordValidityMessage(); } - + // A User cannot force a one-time password on herself/himself if ($this->IsCurrentUser()) { if (array_key_exists('expiration', $this->ListChanges()) && ($this->Get('expiration') == self::EXPIRE_ONE_TIME_PWD)) { diff --git a/tests/php-unit-tests/unitary-tests/datamodels/2.x/authent-local/UserLocalTest.php b/tests/php-unit-tests/unitary-tests/datamodels/2.x/authent-local/UserLocalTest.php index b1505004b..509f9143e 100644 --- a/tests/php-unit-tests/unitary-tests/datamodels/2.x/authent-local/UserLocalTest.php +++ b/tests/php-unit-tests/unitary-tests/datamodels/2.x/authent-local/UserLocalTest.php @@ -279,7 +279,6 @@ class UserLocalTest extends ItopDataTestCase $oUserLocal->DBWrite(); $this->assertEquals($oExpectedAfter, $oUserLocal->Get('password_renewed_date'), 'UPDATE "password" fields trigger automatic change of the "password_renewed_date" field'); - //UPDATE both password & password_renewed_date $oUserLocal->Set('password', 'fooBar1???2'); $oUserLocal->Set('password_renewed_date', $oBefore); @@ -356,10 +355,10 @@ class UserLocalTest extends ItopDataTestCase 'oExpectedBefore' => null, 'bRenewedDateTouched' => true, ), - 'EXPIRE_NEVER: nominal case' => array( + 'EXPIRE_NEVER (default mode): nothing changed on UserLocal' => array( 'sExpirationMode' => UserLocal::EXPIRE_NEVER, 'oExpectedBefore' => null, - 'bRenewedDateTouched' => true, + 'bRenewedDateTouched' => false, ), 'EXPIRE_FORCE: nominal case' => array( 'sExpirationMode' => UserLocal::EXPIRE_FORCE,