diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/PasswordGrantHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/PasswordGrantHandler.java index bba4046100..5822cd1f35 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/PasswordGrantHandler.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/PasswordGrantHandler.java @@ -169,6 +169,11 @@ private Optional authenticateUserAtUserStore(OAuth2AccessTok if (log.isDebugEnabled()) { log.debug("user " + tokenReq.getResourceOwnerUsername() + " authenticated: " + authenticated); } + triggerPasswordExpiryValidationEvent(PASSWORD_GRANT_POST_AUTHENTICATION_EVENT, tenantAwareUserName, + userTenantDomain, userStoreManager, true); + if (log.isDebugEnabled()) { + log.debug(PASSWORD_GRANT_POST_AUTHENTICATION_EVENT + " event is triggered"); + } if (authenticated) { AuthenticatedUser authenticatedUser = new AuthenticatedUser(authenticationResult.getAuthenticatedUser().get()); @@ -178,11 +183,6 @@ private Optional authenticateUserAtUserStore(OAuth2AccessTok return Optional.of(authenticatedUser); } - triggerPasswordExpiryValidationEvent(PASSWORD_GRANT_POST_AUTHENTICATION_EVENT, tenantAwareUserName, - userTenantDomain, userStoreManager, true); - if (log.isDebugEnabled()) { - log.debug(PASSWORD_GRANT_POST_AUTHENTICATION_EVENT + " event is triggered"); - } return Optional.empty(); } @@ -387,14 +387,14 @@ private AuthenticatedUser validateUserCredentials(OAuth2AccessTokenReqDTO tokenR authenticatedUser = authenticateUserAtUserStore(tokenReq, userId, userStoreManager, tenantAwareUserName, isPublishPasswordGrantLoginEnabled, userTenantDomain, serviceProvider); } - if (authenticatedUser.isPresent()) { - return authenticatedUser.get(); - } triggerPasswordExpiryValidationEvent(PASSWORD_GRANT_POST_AUTHENTICATION_EVENT, tenantAwareUserName, userTenantDomain, userStoreManager, false); if (log.isDebugEnabled()) { log.debug(PASSWORD_GRANT_POST_AUTHENTICATION_EVENT + " event is triggered"); } + if (authenticatedUser.isPresent()) { + return authenticatedUser.get(); + } if (isPublishPasswordGrantLoginEnabled) { publishAuthenticationData(tokenReq, false, serviceProvider); } diff --git a/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/PasswordGrantHandlerTest.java b/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/PasswordGrantHandlerTest.java index b33606f2d2..f197e8bc3d 100644 --- a/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/PasswordGrantHandlerTest.java +++ b/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/PasswordGrantHandlerTest.java @@ -18,6 +18,7 @@ package org.wso2.carbon.identity.oauth2.token.handlers.grant; +import org.apache.commons.logging.Log; import org.mockito.MockedStatic; import org.testng.annotations.BeforeMethod; import org.testng.annotations.DataProvider; @@ -50,6 +51,8 @@ import org.wso2.carbon.user.core.util.UserCoreUtil; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; +import java.lang.reflect.Field; +import java.lang.reflect.Modifier; import java.util.HashMap; import java.util.Map; @@ -59,6 +62,8 @@ import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.mockStatic; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; import static org.testng.Assert.assertTrue; import static org.testng.Assert.fail; @@ -82,8 +87,10 @@ public class PasswordGrantHandlerTest { private static final String CLIENT_ID = "IbWwXLf5MnKSY6x6gnR_7gd7f1wa"; + private Log mockLog; + @BeforeMethod - public void init() { + public void init() throws Exception { tokReqMsgCtx = mock(OAuthTokenReqMessageContext.class); oAuth2AccessTokenReqDTO = mock(OAuth2AccessTokenReqDTO.class); @@ -97,6 +104,18 @@ public void init() { serverConfiguration = mock(OAuthServerConfiguration.class); oauthIssuer = mock(OauthTokenIssuer.class); localAndOutboundAuthenticationConfig = mock(LocalAndOutboundAuthenticationConfig.class); + mockLog = mock(Log.class); + Field logField = + PasswordGrantHandler.class.getDeclaredField("log"); + logField.setAccessible(true); + + // Remove the 'final' modifier using reflection + Field modifiersField = Field.class.getDeclaredField("modifiers"); + modifiersField.setAccessible(true); + modifiersField.setInt(logField, logField.getModifiers() & ~Modifier.FINAL); + + // Set the static field to the mock object + logField.set(null, mockLog); } @DataProvider(name = "ValidateGrantDataProvider") @@ -135,6 +154,8 @@ public void testValidateGrant(String username, boolean isSaas) throws Exception when(oAuth2AccessTokenReqDTO.getTenantDomain()).thenReturn("wso2.com"); when(oAuth2AccessTokenReqDTO.getResourceOwnerPassword()).thenReturn("randomPassword"); + when(mockLog.isDebugEnabled()).thenReturn(true); + oAuthServerConfiguration.when(OAuthServerConfiguration::getInstance).thenReturn(serverConfiguration); when(serverConfiguration.getIdentityOauthTokenIssuer()).thenReturn(oauthIssuer); @@ -186,6 +207,7 @@ public void testValidateGrant(String username, boolean isSaas) throws Exception PasswordGrantHandler passwordGrantHandler = new PasswordGrantHandler(); boolean isValid = passwordGrantHandler.validateGrant(tokReqMsgCtx); + verify(mockLog, times(2)).debug(eq("PASSWORD_GRANT_POST_AUTHENTICATION event is triggered")); assertTrue(isValid, "Password grant validation should be successful"); } }