Return current time when lastPasswordUpdateTime is null.

components/org.wso2.carbon.identity.password.expiry/src/main/java/org/wso2/carbon/identity/password/expiry/util/PasswordPolicyUtils.java

@@ -320,12 +320,11 @@ public static Optional<Long> getUserPasswordExpiryTime(String tenantDomain, Stri
             String lastPasswordUpdatedTime =
                     getLastPasswordUpdatedTime(tenantAwareUsername, userStoreManager, userRealm);
 
-            // If last password update time is not available, it will be considered as expired.
-            if (StringUtils.isBlank(lastPasswordUpdatedTime)) {
-                return Optional.of(System.currentTimeMillis());
+            long lastPasswordUpdatedTimeInMillis = 0L;
+            boolean isLastPasswordUpdatedTimeBlank = StringUtils.isBlank(lastPasswordUpdatedTime);
+            if (!isLastPasswordUpdatedTimeBlank) {
+                lastPasswordUpdatedTimeInMillis = getLastPasswordUpdatedTimeInMillis(lastPasswordUpdatedTime);
             }
-
-            long lastPasswordUpdatedTimeInMillis = getLastPasswordUpdatedTimeInMillis(lastPasswordUpdatedTime);
             int defaultPasswordExpiryInDays = getPasswordExpiryInDays(tenantDomain);
             boolean skipIfNoApplicableRules = isSkipIfNoApplicableRulesEnabled(tenantDomain);
 
@@ -334,6 +333,10 @@ public static Optional<Long> getUserPasswordExpiryTime(String tenantDomain, Stri
             // If no rules are defined, use the default expiry time if "skipIfNoApplicableRules" is disabled.
             if (CollectionUtils.isEmpty(passwordExpiryRules)) {
                 if (skipIfNoApplicableRules) return Optional.empty();
+                // If lastPasswordUpdatedTime is blank, set expiry time to now.
+                if (isLastPasswordUpdatedTimeBlank) {
+                    return Optional.of(System.currentTimeMillis());
+                }
                 return Optional.of(
                         lastPasswordUpdatedTimeInMillis + getDaysTimeInMillis(defaultPasswordExpiryInDays));
             }
@@ -356,13 +359,19 @@ public static Optional<Long> getUserPasswordExpiryTime(String tenantDomain, Stri
                     if (PasswordExpiryRuleOperatorEnum.NE.equals(rule.getOperator())) {
                         return Optional.empty();
                     }
+                    if (isLastPasswordUpdatedTimeBlank) {
+                        return Optional.of(System.currentTimeMillis());
+                    }
                     int expiryDays =
                             rule.getExpiryDays() > 0 ? rule.getExpiryDays() : getPasswordExpiryInDays(tenantDomain);
                     return Optional.of(lastPasswordUpdatedTimeInMillis + getDaysTimeInMillis(expiryDays));
                 }
             }
 
             if (skipIfNoApplicableRules) return Optional.empty();
+            if (isLastPasswordUpdatedTimeBlank) {
+                return Optional.of(System.currentTimeMillis());
+            }
             return Optional.of(
                     lastPasswordUpdatedTimeInMillis + getDaysTimeInMillis(defaultPasswordExpiryInDays));
         } catch (UserStoreException e) {

components/org.wso2.carbon.identity.password.expiry/src/test/java/org/wso2/carbon/identity/password/expiry/PasswordPolicyUtilsTest.java

@@ -402,10 +402,10 @@ public void testGetUserPasswordExpiryTime(Integer daysAgo, String[] roles, Strin
         if (expiryDays == null) {
             Assert.assertFalse(expiryTime.isPresent(), description);
         } else if (expiryDays == 0) {
-            Assert.assertNotNull(expiryTime);
+            Assert.assertTrue(expiryTime.isPresent());
             Assert.assertTrue(expiryTime.get() >= testStartTime && expiryTime.get() <= testEndTime);
         } else {
-            Assert.assertNotNull(expiryTime);
+            Assert.assertTrue(expiryTime.isPresent());
             Assert.assertNotNull(updateTime);
             long expectedExpiryTime = updateTime + getDaysTimeInMillis(expiryDays);
             Assert.assertTrue(Math.abs(expiryTime.get() - expectedExpiryTime) <= TIME_TOLERANCE_MS);