fix logic

LucaFilipozzi · Apr 10, 2024 · 384df19 · 384df19
1 parent 5875133
commit 384df19
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/...ava/com/github/lucafilipozzi/keycloak/events/login/LoginEventListenerProviderFactory.java b/...ava/com/github/lucafilipozzi/keycloak/events/login/LoginEventListenerProviderFactory.java
@@ -91,9 +91,11 @@ private void disableUsers(KeycloakSession session) {
 
               PasswordPolicy passwordPolicy = realm.getPasswordPolicy();
               if (passwordPolicy == null
-                  || !passwordPolicy.getPolicies().contains("disable-users-password-policy")) {
+                  || !passwordPolicy.getPolicies().contains("disable-users-password-policy")
+                  || !passwordPolicy.getPolicies().contains(PasswordPolicy.FORCE_EXPIRED_ID)
+                  || passwordPolicy.getDaysToExpirePassword() < 0) {
                 LOG.debugf(
-                    "realm='%s' does not have 'Disable Users' password policy set",
+                    "realm='%s' does not have 'Disable Users' and/or 'Expire Password' password policies set",
                     realm.getName());
                 return;
               }
@@ -102,6 +104,8 @@ private void disableUsers(KeycloakSession session) {
 
               long gracePeriodMillis = gracePeriodDays * DAYS_TO_MILLIS;
 
+              long expirePasswordMillis = passwordPolicy.getDaysToExpirePassword() * DAYS_TO_MILLIS;
+
               LOG.infof(
                   "checking realm='%s' for expired passwords or inactive accounts exceeding %d day(s)",
                   realm.getName(), gracePeriodDays);
@@ -112,7 +116,7 @@ private void disableUsers(KeycloakSession session) {
                         passwordCredentialProvider.getPassword(realm, user);
                     if (credential != null
                         && ((currentTimeMillis - credential.getCreatedDate())
-                            > gracePeriodMillis)) {
+                            > (gracePeriodMillis + expirePasswordMillis))) {
                       LOG.warnf(
                           "disabled realm='%s' user='%s' userId='%s' for expired password",
                           realm.getName(), user.getUsername(), user.getId());

diff --git a/pom.xml b/pom.xml
@@ -37,7 +37,7 @@
   </scm>
 
   <properties>
-    <revision>1.8.0</revision>
+    <revision>1.8.1</revision>
     <github.account>LucaFilipozzi</github.account>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <keycloak.version>18.0.2</keycloak.version>