VCST-4420: Skip password expire check when impersonating (#126)

ksavosteev · web-flow · commit 3ea765ea1507 · 2025-12-22T11:29:18.000+02:00
diff --git a/src/VirtoCommerce.ProfileExperienceApiModule.Data/Schemas/ProfileSchema.cs b/src/VirtoCommerce.ProfileExperienceApiModule.Data/Schemas/ProfileSchema.cs
@@ -773,6 +773,8 @@ public async Task CheckAuthAsync(IResolveFieldContext context, object resource,
             var principal = context.GetCurrentPrincipal();
             var userId = principal.GetCurrentUserId();
             var isExternalSignIn = principal.IsExternalSignIn();
+            var isImpersonated = principal.IsImpersonated();
+
             var signInManager = _signInManagerFactory();
 
             try
@@ -783,7 +785,7 @@ public async Task CheckAuthAsync(IResolveFieldContext context, object resource,
                     UserName = Xapi.Core.ModuleConstants.AnonymousUser.UserName,
                 };
 
-                if (checkPasswordExpired && user.PasswordExpired && !isExternalSignIn)
+                if (checkPasswordExpired && user.PasswordExpired && !isExternalSignIn && !isImpersonated)
                 {
                     throw AuthorizationError.PasswordExpired();
                 }
diff --git a/src/VirtoCommerce.ProfileExperienceApiModule.Data/Schemas/UserType.cs b/src/VirtoCommerce.ProfileExperienceApiModule.Data/Schemas/UserType.cs
@@ -97,7 +97,7 @@ public UserType(IContactAggregateRepository contactAggregateRepository, IUserMan
 
         private static bool GetPasswordExpired(IResolveFieldContext<ApplicationUser> context)
         {
-            return context.Source.PasswordExpired && !IsExternalSignIn(context);
+            return context.Source.PasswordExpired && !IsExternalSignIn(context) && !IsImpersonated(context);
         }
 
         private static int? GetPasswordExpiryInDays(IResolveFieldContext<ApplicationUser> context, UserOptionsExtended userOptionsExtended)
@@ -108,6 +108,7 @@ private static bool GetPasswordExpired(IResolveFieldContext<ApplicationUser> con
 
             if (!user.PasswordExpired &&
                 !IsExternalSignIn(context) &&
+                !IsImpersonated(context) &&
                 userOptionsExtended.RemindPasswordExpiryInDays > 0 &&
                 userOptionsExtended.MaxPasswordAge != null &&
                 userOptionsExtended.MaxPasswordAge.Value > TimeSpan.Zero)
@@ -129,5 +130,10 @@ private static bool IsExternalSignIn(IResolveFieldContext<ApplicationUser> conte
         {
             return context.Source.Id == context.GetCurrentUserId() && context.GetCurrentPrincipal().IsExternalSignIn();
         }
+
+        private static bool IsImpersonated(IResolveFieldContext<ApplicationUser> context)
+        {
+            return context.GetCurrentPrincipal().IsImpersonated();
+        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ public UserType(IContactAggregateRepository contactAggregateRepository, IUserMan`
`97`	`97`
`98`	`98`	`private static bool GetPasswordExpired(IResolveFieldContext<ApplicationUser> context)`
`99`	`99`	`{`
`100`		`- return context.Source.PasswordExpired && !IsExternalSignIn(context);`
	`100`	`+ return context.Source.PasswordExpired && !IsExternalSignIn(context) && !IsImpersonated(context);`
`101`	`101`	`}`
`102`	`102`
`103`	`103`	`private static int? GetPasswordExpiryInDays(IResolveFieldContext<ApplicationUser> context, UserOptionsExtended userOptionsExtended)`
`@@ -108,6 +108,7 @@ private static bool GetPasswordExpired(IResolveFieldContext<ApplicationUser> con`
`108`	`108`
`109`	`109`	`if (!user.PasswordExpired &&`
`110`	`110`	`!IsExternalSignIn(context) &&`
	`111`	`+ !IsImpersonated(context) &&`
`111`	`112`	`userOptionsExtended.RemindPasswordExpiryInDays > 0 &&`
`112`	`113`	`userOptionsExtended.MaxPasswordAge != null &&`
`113`	`114`	`userOptionsExtended.MaxPasswordAge.Value > TimeSpan.Zero)`
`@@ -129,5 +130,10 @@ private static bool IsExternalSignIn(IResolveFieldContext<ApplicationUser> conte`
`129`	`130`	`{`
`130`	`131`	`return context.Source.Id == context.GetCurrentUserId() && context.GetCurrentPrincipal().IsExternalSignIn();`
`131`	`132`	`}`
	`133`	`+`
	`134`	`+ private static bool IsImpersonated(IResolveFieldContext<ApplicationUser> context)`
	`135`	`+ {`
	`136`	`+ return context.GetCurrentPrincipal().IsImpersonated();`
	`137`	`+ }`
`132`	`138`	`}`
`133`	`139`	`}`