Fix the issue of password expiry event trigger of PasswordGrantHandler

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/PasswordGrantHandler.java

@@ -169,6 +169,11 @@ private Optional<AuthenticatedUser>  authenticateUserAtUserStore(OAuth2AccessTok
         if (log.isDebugEnabled()) {
             log.debug("user " + tokenReq.getResourceOwnerUsername() + " authenticated: " + authenticated);
         }
+        triggerPasswordExpiryValidationEvent(PASSWORD_GRANT_POST_AUTHENTICATION_EVENT, tenantAwareUserName,
+                userTenantDomain, userStoreManager, true);
+        if (log.isDebugEnabled()) {
+            log.debug(PASSWORD_GRANT_POST_AUTHENTICATION_EVENT + " event is triggered");
+        }
         if (authenticated) {
             AuthenticatedUser authenticatedUser =
                     new AuthenticatedUser(authenticationResult.getAuthenticatedUser().get());
@@ -178,11 +183,6 @@ private Optional<AuthenticatedUser>  authenticateUserAtUserStore(OAuth2AccessTok
             return Optional.of(authenticatedUser);
         }
 
-        triggerPasswordExpiryValidationEvent(PASSWORD_GRANT_POST_AUTHENTICATION_EVENT, tenantAwareUserName,
-                userTenantDomain, userStoreManager, true);
-        if (log.isDebugEnabled()) {
-            log.debug(PASSWORD_GRANT_POST_AUTHENTICATION_EVENT + " event is triggered");
-        }
         return Optional.empty();
     }
 
@@ -387,14 +387,14 @@ private AuthenticatedUser validateUserCredentials(OAuth2AccessTokenReqDTO tokenR
                 authenticatedUser = authenticateUserAtUserStore(tokenReq, userId, userStoreManager,
                         tenantAwareUserName, isPublishPasswordGrantLoginEnabled, userTenantDomain, serviceProvider);
             }
-            if (authenticatedUser.isPresent()) {
-                return authenticatedUser.get();
-            }
             triggerPasswordExpiryValidationEvent(PASSWORD_GRANT_POST_AUTHENTICATION_EVENT, tenantAwareUserName,
                     userTenantDomain, userStoreManager, false);
             if (log.isDebugEnabled()) {
                 log.debug(PASSWORD_GRANT_POST_AUTHENTICATION_EVENT + " event is triggered");
             }
+            if (authenticatedUser.isPresent()) {
+                return authenticatedUser.get();
+            }
             if (isPublishPasswordGrantLoginEnabled) {
                 publishAuthenticationData(tokenReq, false, serviceProvider);
             }

components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/PasswordGrantHandlerTest.java

@@ -18,6 +18,7 @@
 
 package org.wso2.carbon.identity.oauth2.token.handlers.grant;
 
+import org.apache.commons.logging.Log;
 import org.mockito.MockedStatic;
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.DataProvider;
@@ -50,6 +51,8 @@
 import org.wso2.carbon.user.core.util.UserCoreUtil;
 import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
 
+import java.lang.reflect.Field;
+import java.lang.reflect.Modifier;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -59,6 +62,8 @@
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.mockStatic;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import static org.testng.Assert.assertTrue;
 import static org.testng.Assert.fail;
@@ -82,8 +87,10 @@ public class PasswordGrantHandlerTest {
 
     private static final String CLIENT_ID = "IbWwXLf5MnKSY6x6gnR_7gd7f1wa";
 
+    private Log mockLog;
+
     @BeforeMethod
-    public void init() {
+    public void init() throws Exception {
 
         tokReqMsgCtx = mock(OAuthTokenReqMessageContext.class);
         oAuth2AccessTokenReqDTO = mock(OAuth2AccessTokenReqDTO.class);
@@ -97,6 +104,18 @@ public void init() {
         serverConfiguration = mock(OAuthServerConfiguration.class);
         oauthIssuer = mock(OauthTokenIssuer.class);
         localAndOutboundAuthenticationConfig = mock(LocalAndOutboundAuthenticationConfig.class);
+        mockLog = mock(Log.class);
+        Field logField =
+                PasswordGrantHandler.class.getDeclaredField("log");
+        logField.setAccessible(true);
+
+        // Remove the 'final' modifier using reflection
+        Field modifiersField = Field.class.getDeclaredField("modifiers");
+        modifiersField.setAccessible(true);
+        modifiersField.setInt(logField, logField.getModifiers() & ~Modifier.FINAL);
+
+        // Set the static field to the mock object
+        logField.set(null, mockLog);
     }
 
     @DataProvider(name = "ValidateGrantDataProvider")
@@ -135,6 +154,8 @@ public void testValidateGrant(String username, boolean isSaas) throws Exception
             when(oAuth2AccessTokenReqDTO.getTenantDomain()).thenReturn("wso2.com");
             when(oAuth2AccessTokenReqDTO.getResourceOwnerPassword()).thenReturn("randomPassword");
 
+            when(mockLog.isDebugEnabled()).thenReturn(true);
+
             oAuthServerConfiguration.when(OAuthServerConfiguration::getInstance).thenReturn(serverConfiguration);
 
             when(serverConfiguration.getIdentityOauthTokenIssuer()).thenReturn(oauthIssuer);
@@ -186,6 +207,7 @@ public void testValidateGrant(String username, boolean isSaas) throws Exception
 
             PasswordGrantHandler passwordGrantHandler = new PasswordGrantHandler();
             boolean isValid = passwordGrantHandler.validateGrant(tokReqMsgCtx);
+            verify(mockLog, times(2)).debug(eq("PASSWORD_GRANT_POST_AUTHENTICATION event is triggered"));
             assertTrue(isValid, "Password grant validation should be successful");
         }
     }