Merge pull request #6753 from PasinduYeshan/feature/rule-based-passwo…

…rd-expiry Introduce Rule-based Password Expiry
wso2 · Sep 2, 2024 · 3c1a7c3 · 3c1a7c3
2 parents c3cab44 + b32ea25
commit 3c1a7c3
Show file tree

Hide file tree

Showing 16 changed files with 1,265 additions and 288 deletions.
diff --git a/.changeset/rotten-grapes-clap.md b/.changeset/rotten-grapes-clap.md
@@ -0,0 +1,8 @@
+---
+"@wso2is/admin.server-configurations.v1": minor
+"@wso2is/admin.extensions.v1": minor
+"@wso2is/admin.validation.v1": minor
+"@wso2is/i18n": patch
+---
+
+Introduce rule based password expiry
diff --git a/apps/console/src/public/deployment.config.json b/apps/console/src/public/deployment.config.json
@@ -691,7 +691,9 @@
                         "console:loginAndRegistration"
                     ],
                     "read": [
-                        "internal_governance_view"
+                        "internal_governance_view",
+                        "internal_group_mgt_view",
+                        "internal_role_mgt_view"
                     ],
                     "update": [
                         "internal_config_update",

diff --git a/features/admin.extensions.v1/components/password-expiry/components/password-expiry.tsx b/features/admin.extensions.v1/components/password-expiry/components/password-expiry.tsx
@@ -20,6 +20,7 @@ import {
     GovernanceConnectorConstants
 } from "@wso2is/admin.server-configurations.v1/constants/governance-connector-constants";
 import { Field } from "@wso2is/form/src";
+import { Heading } from "@wso2is/react-components";
 import React, { ReactElement } from "react";
 import { TFunction } from "react-i18next";
 
@@ -32,7 +33,9 @@ export const generatePasswordExpiry = (
 ): ReactElement => {
     return (
         <>
-            <h5>{ t("extensions:manage.serverConfigurations.passwordExpiry.heading") }</h5>
+            <Heading as="h4">
+                { t("extensions:manage.serverConfigurations.passwordExpiry.heading") }
+            </Heading>
             <div className="criteria">
                 <Field.Checkbox
                     ariaLabel="Enable/Disable Password Expiry"

diff --git a/...min.extensions.v1/components/password-history-count/components/password-history-count.tsx b/...min.extensions.v1/components/password-history-count/components/password-history-count.tsx
@@ -16,11 +16,11 @@
  * under the License.
  */
 
+import Alert from "@oxygen-ui/react/Alert";
 import { Field } from "@wso2is/form/src";
-import { Message } from "@wso2is/react-components/src";
+import { Heading } from "@wso2is/react-components";
 import React, { ReactElement } from "react";
 import { TFunction } from "react-i18next";
-import { Divider, Icon } from "semantic-ui-react";
 
 export const generatePasswordHistoryCount = (
     componentId: string,
@@ -31,7 +31,12 @@ export const generatePasswordHistoryCount = (
 ): ReactElement => {
     return (
         <>
-            <h5>{ t("extensions:manage.serverConfigurations.passwordHistoryCount.heading") }</h5>
+            <Heading as="h4">
+                { t("extensions:manage.serverConfigurations.passwordHistoryCount.heading") }
+            </Heading>
+            <Alert severity="info" className="info-box">
+                { t("extensions:manage.serverConfigurations.passwordHistoryCount.message") }
+            </Alert>
             <div className="criteria">
                 <Field.Checkbox
                     ariaLabel="Enable/Disable Password History Count"
@@ -70,12 +75,6 @@ export const generatePasswordHistoryCount = (
                 />
                 <label>{ t("extensions:manage.serverConfigurations.passwordHistoryCount.label2") }</label>
             </div>
-            <Message info>
-                <Icon name="info circle" />
-                { t("extensions:manage.serverConfigurations.passwordHistoryCount.message") }
-            </Message>
-            <Divider className="mt-6 mb-6" />
-            <h5>{ t("extensions:manage.serverConfigurations.passwordValidationHeading") }</h5>
         </>
     );
 };
diff --git a/features/admin.extensions.v1/configs/models/server-configuration.ts b/features/admin.extensions.v1/configs/models/server-configuration.ts
@@ -95,4 +95,6 @@ export interface PasswordPoliciesInterface extends ValidationFormInterface {
     passwordExpiryEnabled?: boolean;
     passwordHistoryCount?: number | string;
     passwordHistoryCountEnabled?: boolean;
+    passwordExpiryRules?: Record<string, string>;
+    passwordExpirySkipFallback?: boolean;
 }
diff --git a/features/admin.extensions.v1/configs/server-configuration.tsx b/features/admin.extensions.v1/configs/server-configuration.tsx
@@ -241,22 +241,50 @@ const serverConfigurationConfig: ServerConfigurationConfig = {
     processPasswordPoliciesSubmitData: (data: PasswordPoliciesInterface, isLegacy: boolean) => {
         let passwordExpiryTime: number | undefined = parseInt((data.passwordExpiryTime as string));
         const passwordExpiryEnabled: boolean | undefined = data.passwordExpiryEnabled;
+        const passwordExpirySkipFallback: boolean | undefined = data.passwordExpirySkipFallback || false;
+        const passwordExpiryRules: Record<string, string> | undefined =
+            data?.passwordExpiryRules || {};
         let passwordHistoryCount: number | undefined = parseInt((data.passwordHistoryCount as string));
         const passwordHistoryCountEnabled: boolean | undefined = data.passwordHistoryCountEnabled;
 
         delete data.passwordExpiryTime;
         delete data.passwordExpiryEnabled;
         delete data.passwordHistoryCount;
         delete data.passwordHistoryCountEnabled;
+        delete data.skipPasswordExpiryFallback;
+        delete data.passwordExpiryRules;
 
-        if (passwordExpiryEnabled && passwordExpiryTime === 0) {
+        // Default password expiry time.
+        if (passwordExpiryEnabled && !passwordExpirySkipFallback && passwordExpiryTime === 0) {
             passwordExpiryTime = 30;
         }
 
         if (passwordHistoryCountEnabled && passwordHistoryCount === 0) {
             passwordHistoryCount = 1;
         }
 
+        const passwordExpiryProperties: UpdateGovernanceConnectorConfigPropertyInterface[] = [
+            {
+                name: ServerConfigurationsConstants.PASSWORD_EXPIRY_ENABLE,
+                value: passwordExpiryEnabled?.toString()
+            },
+            {
+                name: ServerConfigurationsConstants.PASSWORD_EXPIRY_TIME,
+                value: passwordExpiryTime?.toString()
+            },
+            {
+                name: ServerConfigurationsConstants.PASSWORD_EXPIRY_SKIP_IF_NO_APPLICABLE_RULES,
+                value: passwordExpirySkipFallback?.toString()
+            }
+        ];
+
+        Object.entries(passwordExpiryRules as Record<string, string>).forEach(([ key, value ]: [ string, string ]) => {
+            passwordExpiryProperties.push({
+                name: key,
+                value: value
+            });
+        });
+
         const legacyPasswordPoliciesData: {
             id: string, properties: UpdateGovernanceConnectorConfigPropertyInterface[] } = {
                 id: ServerConfigurationsConstants.PASSWORD_POLICY_CONNECTOR_ID,
@@ -298,16 +326,7 @@ const serverConfigurationConfig: ServerConfigurationConfig = {
             connectors: [
                 {
                     id: ServerConfigurationsConstants.PASSWORD_EXPIRY_CONNECTOR_ID,
-                    properties: [
-                        {
-                            name: ServerConfigurationsConstants.PASSWORD_EXPIRY_ENABLE,
-                            value: passwordExpiryEnabled?.toString()
-                        },
-                        {
-                            name: ServerConfigurationsConstants.PASSWORD_EXPIRY_TIME,
-                            value: passwordExpiryTime?.toString()
-                        }
-                    ]
+                    properties: passwordExpiryProperties
                 },
                 {
                     id: ServerConfigurationsConstants.PASSWORD_HISTORY_CONNECTOR_ID,

diff --git a/features/admin.server-configurations.v1/constants/governance-connector-constants.ts b/features/admin.server-configurations.v1/constants/governance-connector-constants.ts
@@ -45,7 +45,6 @@ export class GovernanceConnectorConstants {
         EXPIRY_TIME_MIN_LENGTH: number;
         EXPIRY_TIME_MIN_VALUE: number;
     } = {
-
         EXPIRY_TIME_MAX_LENGTH: 5,
         EXPIRY_TIME_MAX_VALUE: 10080,
         EXPIRY_TIME_MIN_LENGTH: 1,
@@ -75,7 +74,6 @@ export class GovernanceConnectorConstants {
         SMS_OTP_CODE_LENGTH_MIN_LENGTH: number;
         SMS_OTP_CODE_LENGTH_MIN_VALUE: number;
     } = {
-
         EXPIRY_TIME_MAX_LENGTH: 5,
         EXPIRY_TIME_MAX_VALUE: 10080,
         EXPIRY_TIME_MIN_LENGTH: 1,
@@ -113,7 +111,6 @@ export class GovernanceConnectorConstants {
         FAILED_ATTEMPTS_MIN_LENGTH: number;
         FAILED_ATTEMPTS_MIN_VALUE: number;
     } = {
-
         ACCOUNT_LOCK_INCREMENT_FACTOR_MAX_LENGTH: 2,
         ACCOUNT_LOCK_INCREMENT_FACTOR_MAX_VALUE: 10,
         ACCOUNT_LOCK_INCREMENT_FACTOR_MIN_LENGTH: 1,
@@ -136,7 +133,11 @@ export class GovernanceConnectorConstants {
         EXPIRY_TIME_MAX_VALUE: number;
         EXPIRY_TIME_MIN_LENGTH: number;
         EXPIRY_TIME_MIN_VALUE: number;
+        EXPIRY_RULES_MAX_COUNT: number;
+        EXPIRY_RULE_MAX_VALUES_PER_RULE: number;
     } = {
+        EXPIRY_RULES_MAX_COUNT: 10,
+        EXPIRY_RULE_MAX_VALUES_PER_RULE: 5,
         EXPIRY_TIME_MAX_LENGTH: 5,
         EXPIRY_TIME_MAX_VALUE: 10080,
         EXPIRY_TIME_MIN_LENGTH: 1,