VirtoCommerce · artem-dudarev · Aug 10, 2024 · Aug 8, 2024 · Aug 8, 2024 · Aug 8, 2024
diff --git a/src/VirtoCommerce.ProfileExperienceApiModule.Data/Schemas/ProfileSchema.cs b/src/VirtoCommerce.ProfileExperienceApiModule.Data/Schemas/ProfileSchema.cs
@@ -12,6 +12,7 @@
 using Microsoft.Extensions.Logging;
 using VirtoCommerce.Platform.Core.Security;
 using VirtoCommerce.Platform.Security.Authorization;
+using VirtoCommerce.Platform.Security.Extensions;
 using VirtoCommerce.ProfileExperienceApiModule.Data.Aggregates;
 using VirtoCommerce.ProfileExperienceApiModule.Data.Aggregates.Contact;
 using VirtoCommerce.ProfileExperienceApiModule.Data.Aggregates.Organization;
@@ -756,7 +757,9 @@ userName isAdministrator roles { name } userType memberId storeId
         // PT-1654: Fix Authentication
         public async Task CheckAuthAsync(IResolveFieldContext context, object resource, string permission = null, bool checkPasswordExpired = true)
         {
-            var userId = context.GetCurrentUserId();
+            var principal = context.GetCurrentPrincipal();
+            var userId = principal.GetCurrentUserId();
+            var isExternalSignIn = principal.IsExternalSignIn();
             var signInManager = _signInManagerFactory();
 
             try
@@ -767,11 +770,12 @@ public async Task CheckAuthAsync(IResolveFieldContext context, object resource,
                     UserName = Xapi.Core.ModuleConstants.AnonymousUser.UserName,
                 };
 
-                if (checkPasswordExpired && user.PasswordExpired)
+                if (checkPasswordExpired && user.PasswordExpired && !isExternalSignIn)
                 {
                     throw AuthorizationError.PasswordExpired();
                 }
 
+                // Why do we create a new principal???
                 var userPrincipal = await signInManager.CreateUserPrincipalAsync(user);
 
                 if (!string.IsNullOrEmpty(permission) && PermissionRequired(user, resource))

diff --git a/src/VirtoCommerce.ProfileExperienceApiModule.Data/Schemas/UserType.cs b/src/VirtoCommerce.ProfileExperienceApiModule.Data/Schemas/UserType.cs
@@ -1,15 +1,18 @@
 using System;
 using System.Linq;
 using System.Threading.Tasks;
+using GraphQL;
 using GraphQL.Resolvers;
 using GraphQL.Types;
 using MediatR;
 using Microsoft.Extensions.Options;
-using VirtoCommerce.Xapi.Core.Helpers;
-using VirtoCommerce.Xapi.Core.Services;
 using VirtoCommerce.Platform.Core.Security;
+using VirtoCommerce.Platform.Security.Extensions;
 using VirtoCommerce.ProfileExperienceApiModule.Data.Aggregates.Contact;
 using VirtoCommerce.ProfileExperienceApiModule.Data.Queries;
+using VirtoCommerce.Xapi.Core.Extensions;
+using VirtoCommerce.Xapi.Core.Helpers;
+using VirtoCommerce.Xapi.Core.Services;
 
 namespace VirtoCommerce.ProfileExperienceApiModule.Data.Schemas
 {
@@ -31,7 +34,6 @@ public UserType(IContactAggregateRepository contactAggregateRepository, IUserMan
             Field(x => x.ModifiedDate, true);
             Field(x => x.NormalizedEmail, true);
             Field(x => x.NormalizedUserName, true);
-            Field(x => x.PasswordExpired);
             Field(x => x.PhoneNumber, true);
             Field(x => x.PhoneNumberConfirmed);
             Field(x => x.PhotoUrl, true);
@@ -42,8 +44,11 @@ public UserType(IContactAggregateRepository contactAggregateRepository, IUserMan
             Field(x => x.TwoFactorEnabled);
             Field(x => x.UserName);
             Field(x => x.UserType, true);
-            Field<BooleanGraphType>("forcePasswordChange", resolve: x => x.Source.PasswordExpired, description: "Make this user change their password when they sign in next time");
-            Field<IntGraphType>("passwordExpiryInDays", resolve: x => GetPasswordExpiryInDays(userOptionsExtended.Value, x.Source), description: "Password expiry in days");
+
+            Field<NonNullGraphType<BooleanGraphType>>("passwordExpired", resolve: x => GetPasswordExpired(x));
+            Field<BooleanGraphType>("forcePasswordChange", resolve: x => GetPasswordExpired(x), description: "Make this user change their password when they sign in next time");
+            Field<IntGraphType>("passwordExpiryInDays", resolve: x => GetPasswordExpiryInDays(x, userOptionsExtended.Value), description: "Password expiry in days");
+
 
             AddField(new FieldType
             {
@@ -91,11 +96,19 @@ public UserType(IContactAggregateRepository contactAggregateRepository, IUserMan
             });
         }
 
-        private static int? GetPasswordExpiryInDays(UserOptionsExtended userOptionsExtended, ApplicationUser user)
+        private static bool GetPasswordExpired(IResolveFieldContext<ApplicationUser> context)
+        {
+            return context.Source.PasswordExpired && !IsExternalSignIn(context);
+        }
+
+        private static int? GetPasswordExpiryInDays(IResolveFieldContext<ApplicationUser> context, UserOptionsExtended userOptionsExtended)
         {
             var result = (int?)null;
 
+            var user = context.Source;
+
             if (!user.PasswordExpired &&
+                !IsExternalSignIn(context) &&
                 userOptionsExtended.RemindPasswordExpiryInDays > 0 &&
                 userOptionsExtended.MaxPasswordAge != null &&
                 userOptionsExtended.MaxPasswordAge.Value > TimeSpan.Zero)
@@ -112,5 +125,10 @@ public UserType(IContactAggregateRepository contactAggregateRepository, IUserMan
 
             return result;
         }
+
+        private static bool IsExternalSignIn(IResolveFieldContext<ApplicationUser> context)
+        {
+            return context.Source.Id == context.GetCurrentUserId() && context.GetCurrentPrincipal().IsExternalSignIn();
+        }
     }
 }
diff --git a/...erce.ProfileExperienceApiModule.Data/VirtoCommerce.ProfileExperienceApiModule.Data.csproj b/...erce.ProfileExperienceApiModule.Data/VirtoCommerce.ProfileExperienceApiModule.Data.csproj
@@ -19,9 +19,9 @@
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.SourceLink.GitHub" Version="8.0.0" PrivateAssets="All" />
-    <PackageReference Include="VirtoCommerce.Xapi.Core" Version="3.800.0" />
+    <PackageReference Include="VirtoCommerce.Xapi.Core" Version="3.802.0" />
     <PackageReference Include="VirtoCommerce.XOrder.Core" Version="3.800.0" />
-    <PackageReference Include="VirtoCommerce.Platform.Security" Version="3.841.0" />
+    <PackageReference Include="VirtoCommerce.Platform.Security" Version="3.848.0" />
     <PackageReference Include="VirtoCommerce.CustomerModule.Core" Version="3.811.0" />
     <PackageReference Include="VirtoCommerce.MarketingModule.Core" Version="3.800.0" />
     <PackageReference Include="VirtoCommerce.NotificationsModule.Core" Version="3.800.0" />

diff --git a/src/VirtoCommerce.ProfileExperienceApiModule.Web/module.manifest b/src/VirtoCommerce.ProfileExperienceApiModule.Web/module.manifest
@@ -4,9 +4,9 @@
   <version>3.813.0</version>
   <version-tag />
 
-  <platformVersion>3.841.0</platformVersion>
+  <platformVersion>3.848.0</platformVersion>
   <dependencies>
-    <dependency id="VirtoCommerce.Xapi" version="3.800.0" />
+    <dependency id="VirtoCommerce.Xapi" version="3.802.0" />
     <dependency id="VirtoCommerce.XOrder" version="3.800.0" optional="true" />
     <dependency id="VirtoCommerce.Core" version="3.800.0" />
     <dependency id="VirtoCommerce.Customer" version="3.811.0" />