diff --git a/login-event-listener-provider/src/main/java/com/github/lucafilipozzi/keycloak/events/login/LoginEventListenerProviderFactory.java b/login-event-listener-provider/src/main/java/com/github/lucafilipozzi/keycloak/events/login/LoginEventListenerProviderFactory.java index 877cea6..ba840c9 100644 --- a/login-event-listener-provider/src/main/java/com/github/lucafilipozzi/keycloak/events/login/LoginEventListenerProviderFactory.java +++ b/login-event-listener-provider/src/main/java/com/github/lucafilipozzi/keycloak/events/login/LoginEventListenerProviderFactory.java @@ -91,9 +91,11 @@ private void disableUsers(KeycloakSession session) { PasswordPolicy passwordPolicy = realm.getPasswordPolicy(); if (passwordPolicy == null - || !passwordPolicy.getPolicies().contains("disable-users-password-policy")) { + || !passwordPolicy.getPolicies().contains("disable-users-password-policy") + || !passwordPolicy.getPolicies().contains(PasswordPolicy.FORCE_EXPIRED_ID) + || passwordPolicy.getDaysToExpirePassword() < 0) { LOG.debugf( - "realm='%s' does not have 'Disable Users' password policy set", + "realm='%s' does not have 'Disable Users' and/or 'Expire Password' password policies set", realm.getName()); return; } @@ -102,6 +104,8 @@ private void disableUsers(KeycloakSession session) { long gracePeriodMillis = gracePeriodDays * DAYS_TO_MILLIS; + long expirePasswordMillis = passwordPolicy.getDaysToExpirePassword() * DAYS_TO_MILLIS; + LOG.infof( "checking realm='%s' for expired passwords or inactive accounts exceeding %d day(s)", realm.getName(), gracePeriodDays); @@ -112,7 +116,7 @@ private void disableUsers(KeycloakSession session) { passwordCredentialProvider.getPassword(realm, user); if (credential != null && ((currentTimeMillis - credential.getCreatedDate()) - > gracePeriodMillis)) { + > (gracePeriodMillis + expirePasswordMillis))) { LOG.warnf( "disabled realm='%s' user='%s' userId='%s' for expired password", realm.getName(), user.getUsername(), user.getId()); diff --git a/pom.xml b/pom.xml index 8ed4b4b..41f41f6 100644 --- a/pom.xml +++ b/pom.xml @@ -37,7 +37,7 @@ - 1.8.0 + 1.8.1 LucaFilipozzi UTF-8 18.0.2