FIX #14788 TIME 0:20 fix bypass password modification rule

apps/maarch_entreprise/index.php

@@ -203,6 +203,21 @@ if (!empty($_REQUEST['page']) && empty($_REQUEST['triggerAngular'])) {
         } else {
             header('location: index.php?display=true&page=logout&logout=true');
         }
+
+        $user = \User\models\UserModel::getByLogin(['login' => $cookie['userId'], 'select' => ['password_modification_date']]);
+        $loggingMethod = \SrcCore\models\CoreConfigModel::getLoggingMethod();
+        if (!in_array($loggingMethod['id'], ['sso', 'cas', 'ldap', 'keycloak', 'shibboleth'])) {
+            $passwordRules = \SrcCore\models\PasswordModel::getEnabledRules();
+            if (!empty($passwordRules['renewal'])) {
+                $currentDate = new \DateTime();
+                $lastModificationDate = new \DateTime($user['password_modification_date']);
+                $lastModificationDate->add(new DateInterval("P{$passwordRules['renewal']}D"));
+    
+                if ($currentDate > $lastModificationDate) {
+                    header('location: index.php?display=true&page=logout&logout=true');
+                }
+            }
+        }
     }
 
     //INSERT PART OF PAGE

src/core/controllers/AuthenticationController.php

@@ -65,7 +65,7 @@ class AuthenticationController
         ValidatorModel::stringType($aArgs, ['login', 'currentRoute']);
 
         if ($aArgs['currentRoute'] != '/initialize') {
-            $user = UserModel::getByLogin(['select' => ['status'], 'login' => $aArgs['login']]);
+            $user = UserModel::getByLogin(['select' => ['status', 'password_modification_date'], 'login' => $aArgs['login']]);
 
             if ($user['status'] == 'ABS' && !in_array($aArgs['currentRoute'], ['/users/{id}/status', '/currentUser/profile', '/header', '/passwordRules', '/users/{id}/password'])) {
                 return ['isRouteAvailable' => false, 'errors' => 'User is ABS and must be activated'];