[feature request] LocalAD - make sync password with AD optional with …

…preference key #130. To test, set the shouldPromptForADPasswordChange to false and set the user account to require password change on next login and verify the user is not prompted

Profile Manifest/com.twocanoes.xcreds.plist

@@ -479,6 +479,20 @@ Note that Google does not support the offline_access scope so instead use the pr
 			<key>pfm_type</key>
 			<string>boolean</string>
 		</dict>
+		<dict>
+			<key>pfm_default</key>
+			<true/>
+			<key>pfm_description</key>
+			<string>If the domain controller returns back that the password is expired or needs to be changed, prompt the user. If this is set to false, login will fail and and error message will be shown.</string>
+			<key>pfm_documentation_url</key>
+			<string>https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences</string>
+			<key>pfm_name</key>
+			<string>shouldPromptForADPasswordChange</string>
+			<key>pfm_title</key>
+			<string>Should Prompt For AD Password Change</string>
+			<key>pfm_type</key>
+			<string>boolean</string>
+		</dict>
 		<dict>
 			<key>pfm_default</key>
 			<true/>

XCreds/PrefKeys.swift

@@ -9,7 +9,7 @@ import Foundation
 
 enum PrefKeys: String {
     case clientID, clientSecret, password="xcreds local password",discoveryURL, redirectURI, scopes, accessToken, idToken, refreshToken, tokenEndpoint, expirationDate, invalidToken, refreshRateHours,refreshRateMinutes, showDebug, verifyPassword, shouldShowQuitMenu, shouldShowPreferencesOnStart, shouldSetGoogleAccessTypeToOffline, passwordChangeURL, shouldShowAboutMenu, username, idpHostName, passwordElementID, shouldFindPasswordElement, shouldShowVersionInfo, shouldShowSupportStatus,shouldShowConfigureWifiButton,shouldShowMacLoginButton, loginWindowBackgroundImageURL, shouldShowCloudLoginByDefault, shouldPreferLocalLoginInsteadOfCloudLogin, idpHostNames,autoRefreshLoginTimer, loginWindowWidth, loginWindowHeight, shouldShowRefreshBanner, shouldSwitchToLoginWindowWhenLocked,accounts = "Accounts",
-         windowSignIn = "WindowSignIn", settingsOverrideScriptPath, localAdminUserName, localAdminPassword, usernamePlaceholder, passwordPlaceholder, shouldShowLocalOnlyCheckbox, shouldShowTokenUpdateStatus, shouldDetectNetworkToDetermineLoginWindow, showLoginWindowDelaySeconds, shouldPromptForMigration, shouldAllowKeyComboForMacLoginWindow, aliasName,claimsToAddToLocalUserAccount, loadPageTitle, loadPageInfo
+         windowSignIn = "WindowSignIn", settingsOverrideScriptPath, localAdminUserName, localAdminPassword, usernamePlaceholder, passwordPlaceholder, shouldShowLocalOnlyCheckbox, shouldShowTokenUpdateStatus, shouldDetectNetworkToDetermineLoginWindow, showLoginWindowDelaySeconds, shouldPromptForMigration, shouldAllowKeyComboForMacLoginWindow, aliasName,claimsToAddToLocalUserAccount, loadPageTitle, loadPageInfo,shouldPromptForADPasswordChange
     //, filePathToPreventShowingUI
     case shouldVerifyPasswordWithRopg
     case shouldUseROPGForOIDCLogin

XCreds/defaults.plist

@@ -68,5 +68,7 @@
 	<string>Please Wait....</string>
 	<key>loadPageInfo</key>
 	<string>(or try connecting to network or check preferences)</string>
+	<key>shouldPromptForADPasswordChange</key>
+	<true/>
 </dict>
 </plist>

XCredsLoginPlugIn/LoginWindow/SignInWindowController.swift

@@ -728,9 +728,12 @@ extension SignInViewController: NoMADUserSessionDelegate {
         switch error {
         case .PasswordExpired:
             TCSLogErrorWithMark("Password is expired or requires change.")
-//            authFail()
-//            delegate?.denyLogin(message:"Password is expired or requires change")
+            if DefaultsOverride().bool(forKey: PrefKeys.shouldPromptForADPasswordChange.rawValue) == false {
 
+                authFail("Password is expired or requires change.")
+                return
+
+            }
             let res = showResetUI()
 
             if res == false { //user cancelled so enable UI