Bugfix. TKS 관리자 생성과 관련한 버그 수정

internal/delivery/http/organization.go

@@ -140,6 +140,13 @@ func (h *OrganizationHandler) Admin_CreateOrganization(w http.ResponseWriter, r
 		return
 	}
 
+	err = h.userUsecase.ExpirePassword(r.Context(), admin.ID)
+	if err != nil {
+		log.Errorf(r.Context(), "error is :%s(%T)", err.Error(), err)
+		ErrorJSON(w, r, err)
+		return
+	}
+
 	err = h.usecase.ChangeAdminId(r.Context(), organizationId, admin.ID)
 	if err != nil {
 		log.Errorf(r.Context(), "error is :%s(%T)", err.Error(), err)

internal/delivery/http/user.go

@@ -967,10 +967,14 @@ func (u UserHandler) Admin_Create(w http.ResponseWriter, r *http.Request) {
 	for _, stack := range stacks {
 		stackIds = append(stackIds, stack.ID.String())
 	}
-	err = u.syncKeycloakWithClusterAdminPermission(r.Context(), organizationId, stackIds, []model.User{*resUser})
-	if err != nil {
-		ErrorJSON(w, r, err)
-		return
+
+	// 현재 Master Org의 경우 ClusterAdmin 권한과 관련이 없으므로 Skip
+	if organizationId != "master" {
+		err = u.syncKeycloakWithClusterAdminPermission(r.Context(), organizationId, stackIds, []model.User{*resUser})
+		if err != nil {
+			ErrorJSON(w, r, err)
+			return
+		}
 	}
 
 	var out domain.Admin_CreateUserResponse

internal/model/user.go

@@ -23,7 +23,7 @@ type User struct {
 	CreatedAt         time.Time    `json:"createdAt"`
 	UpdatedAt         time.Time    `json:"updatedAt"`
 	PasswordUpdatedAt time.Time    `json:"passwordUpdatedAt"`
-	PasswordExpired   bool         `json:"passwordExpired"`
+	PasswordExpired   bool         `gorm:"-:all" json:"passwordExpired"`
 
 	Email       string `json:"email"`
 	Department  string `json:"department"`

internal/usecase/user.go

@@ -34,6 +34,7 @@ type IUserUsecase interface {
 	GetByAccountId(ctx context.Context, accountId string, organizationId string) (*model.User, error)
 	GetByEmail(ctx context.Context, email string, organizationId string) (*model.User, error)
 	SendEmailForTemporaryPassword(ctx context.Context, accountId string, organizationId string, password string) error
+	ExpirePassword(ctx context.Context, userId uuid.UUID) error
 
 	UpdateByAccountId(ctx context.Context, user *model.User) (*model.User, error)
 	UpdatePasswordByAccountId(ctx context.Context, accountId string, originPassword string, newPassword string, organizationId string) error
@@ -528,6 +529,25 @@ func (u *UserUsecase) ListUsersByRole(ctx context.Context, organizationId string
 
 }
 
+func (u *UserUsecase) ExpirePassword(ctx context.Context, userId uuid.UUID) error {
+	user, err := u.userRepository.GetByUuid(ctx, userId)
+	if err != nil {
+		if _, status := httpErrors.ErrorResponse(err); status == http.StatusNotFound {
+			return httpErrors.NewBadRequestError(fmt.Errorf("user not found"), "U_NO_USER", "")
+		}
+		return httpErrors.NewInternalServerError(err, "", "")
+	}
+
+	err = u.userRepository.UpdatePasswordAt(ctx, userId, user.Organization.ID, true)
+	if err != nil {
+		log.Errorf(ctx, "failed to update password expired time: %v", err)
+		return httpErrors.NewInternalServerError(err, "", "")
+	}
+
+	return nil
+
+}
+
 func NewUserUsecase(r repository.Repository, kc keycloak.IKeycloak) IUserUsecase {
 	return &UserUsecase{
 		authRepository:         r.Auth,