From a3be5c5244b7441a0edf815cbfc753bc71bebdf7 Mon Sep 17 00:00:00 2001
From: donggyu <cho4036@gmail.com>
Date: Wed, 22 May 2024 11:09:14 +0900
Subject: [PATCH 1/2] =?UTF-8?q?bugfix.=20TKS=EA=B4=80=EB=A6=AC=EC=9E=90=20?=
 =?UTF-8?q?=EC=83=9D=EC=84=B1=EC=8B=9C=20=EB=B0=9C=EC=83=9D=ED=95=98?=
 =?UTF-8?q?=EB=8A=94=20502=20=EC=97=90=EB=9F=AC=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/delivery/http/user.go | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/internal/delivery/http/user.go b/internal/delivery/http/user.go
index ea31c7ed..d83c8d5f 100644
--- a/internal/delivery/http/user.go
+++ b/internal/delivery/http/user.go
@@ -967,10 +967,14 @@ func (u UserHandler) Admin_Create(w http.ResponseWriter, r *http.Request) {
 	for _, stack := range stacks {
 		stackIds = append(stackIds, stack.ID.String())
 	}
-	err = u.syncKeycloakWithClusterAdminPermission(r.Context(), organizationId, stackIds, []model.User{*resUser})
-	if err != nil {
-		ErrorJSON(w, r, err)
-		return
+
+	// 현재 Master Org의 경우 ClusterAdmin 권한과 관련이 없으므로 Skip
+	if organizationId != "master" {
+		err = u.syncKeycloakWithClusterAdminPermission(r.Context(), organizationId, stackIds, []model.User{*resUser})
+		if err != nil {
+			ErrorJSON(w, r, err)
+			return
+		}
 	}
 
 	var out domain.Admin_CreateUserResponse

From a4ba3b9091a951d093a85e5a309eb31898d09677 Mon Sep 17 00:00:00 2001
From: donggyu <cho4036@gmail.com>
Date: Wed, 22 May 2024 11:38:10 +0900
Subject: [PATCH 2/2] =?UTF-8?q?bugfix.=20TKS=EA=B4=80=EB=A6=AC=EC=9E=90=20?=
 =?UTF-8?q?=EC=83=9D=EC=84=B1=EC=8B=9C=20=EB=B9=84=EB=B0=80=EB=B2=88?=
 =?UTF-8?q?=ED=98=B8=20=EC=9E=84=EC=8B=9C=ED=99=94?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/delivery/http/organization.go |  7 +++++++
 internal/model/user.go                 |  2 +-
 internal/usecase/user.go               | 20 ++++++++++++++++++++
 3 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/internal/delivery/http/organization.go b/internal/delivery/http/organization.go
index 292d73ba..8674136e 100644
--- a/internal/delivery/http/organization.go
+++ b/internal/delivery/http/organization.go
@@ -140,6 +140,13 @@ func (h *OrganizationHandler) Admin_CreateOrganization(w http.ResponseWriter, r
 		return
 	}
 
+	err = h.userUsecase.ExpirePassword(r.Context(), admin.ID)
+	if err != nil {
+		log.Errorf(r.Context(), "error is :%s(%T)", err.Error(), err)
+		ErrorJSON(w, r, err)
+		return
+	}
+
 	err = h.usecase.ChangeAdminId(r.Context(), organizationId, admin.ID)
 	if err != nil {
 		log.Errorf(r.Context(), "error is :%s(%T)", err.Error(), err)
diff --git a/internal/model/user.go b/internal/model/user.go
index dfaa0db7..cd4c5b95 100644
--- a/internal/model/user.go
+++ b/internal/model/user.go
@@ -23,7 +23,7 @@ type User struct {
 	CreatedAt         time.Time    `json:"createdAt"`
 	UpdatedAt         time.Time    `json:"updatedAt"`
 	PasswordUpdatedAt time.Time    `json:"passwordUpdatedAt"`
-	PasswordExpired   bool         `json:"passwordExpired"`
+	PasswordExpired   bool         `gorm:"-:all" json:"passwordExpired"`
 
 	Email       string `json:"email"`
 	Department  string `json:"department"`
diff --git a/internal/usecase/user.go b/internal/usecase/user.go
index 35be8fb9..f8e67c54 100644
--- a/internal/usecase/user.go
+++ b/internal/usecase/user.go
@@ -34,6 +34,7 @@ type IUserUsecase interface {
 	GetByAccountId(ctx context.Context, accountId string, organizationId string) (*model.User, error)
 	GetByEmail(ctx context.Context, email string, organizationId string) (*model.User, error)
 	SendEmailForTemporaryPassword(ctx context.Context, accountId string, organizationId string, password string) error
+	ExpirePassword(ctx context.Context, userId uuid.UUID) error
 
 	UpdateByAccountId(ctx context.Context, user *model.User) (*model.User, error)
 	UpdatePasswordByAccountId(ctx context.Context, accountId string, originPassword string, newPassword string, organizationId string) error
@@ -528,6 +529,25 @@ func (u *UserUsecase) ListUsersByRole(ctx context.Context, organizationId string
 
 }
 
+func (u *UserUsecase) ExpirePassword(ctx context.Context, userId uuid.UUID) error {
+	user, err := u.userRepository.GetByUuid(ctx, userId)
+	if err != nil {
+		if _, status := httpErrors.ErrorResponse(err); status == http.StatusNotFound {
+			return httpErrors.NewBadRequestError(fmt.Errorf("user not found"), "U_NO_USER", "")
+		}
+		return httpErrors.NewInternalServerError(err, "", "")
+	}
+
+	err = u.userRepository.UpdatePasswordAt(ctx, userId, user.Organization.ID, true)
+	if err != nil {
+		log.Errorf(ctx, "failed to update password expired time: %v", err)
+		return httpErrors.NewInternalServerError(err, "", "")
+	}
+
+	return nil
+
+}
+
 func NewUserUsecase(r repository.Repository, kc keycloak.IKeycloak) IUserUsecase {
 	return &UserUsecase{
 		authRepository:         r.Auth,