From 69a06a6923551f83511d6eedc0ac6cfca04944e9 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Wed, 30 Mar 2022 08:07:25 -0400
Subject: [PATCH] Implement a password unexpiration mechanism in xcc

If the node has expired password, do what is necessary to unexpire the
password
to get through assignment.
---
 .../confluent/discovery/handlers/xcc.py            | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/confluent_server/confluent/discovery/handlers/xcc.py b/confluent_server/confluent/discovery/handlers/xcc.py
index 44a8c4d5..fbd54801 100644
--- a/confluent_server/confluent/discovery/handlers/xcc.py
+++ b/confluent_server/confluent/discovery/handlers/xcc.py
@@ -228,6 +228,20 @@ class NodeHandler(immhandler.NodeHandler):
             if '_csrf_token' in wc.cookies:
                 wc.set_header('X-XSRF-TOKEN', wc.cookies['_csrf_token'])
             if rspdata.get('pwchg_required', None) == 'true':
+                if newpassword is None:
+                    # a normal login hit expired condition
+                    tmppassword = 'Tmp42' + password[5:]
+                    wc.request('POST', '/api/function', json.dumps(
+                        {'USER_UserPassChange': '1,{0}'.format(tmppassword)}))
+                    rsp = wc.getresponse()
+                    rsp.read()
+                    # We must step down change interval and reusecycle to restore password
+                    wc.grab_json_response('/api/dataset', {'USER_GlabalMinPassChgInt': '0', 'USER_GlobalMinPassReuseCycle': '0'})
+                    wc.request('POST', '/api/function', json.dumps(
+                        {'USER_UserPassChange': '1,{0}'.format(password)}))
+                    rsp = wc.getresponse()
+                    rsp.read()
+                    return (wc, {})
                 wc.request('POST', '/api/function', json.dumps(
                     {'USER_UserPassChange': '1,{0}'.format(newpassword)}))
                 rsp = wc.getresponse()