CABPI-227: disable password reset and force change

 - add plugin to return 0 as password lifetime thus disabling that,
 - return false for forced change config read

Author: dmanners

app/code/Magento/AdminAdobeIms/Plugin/DisableForcedPasswordChangePlugin.php

@@ -0,0 +1,43 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\AdminAdobeIms\Plugin;
+
+use Magento\AdminAdobeIms\Service\ImsConfig;
+use Magento\User\Model\Backend\Config\ObserverConfig;
+
+class DisableForcedPasswordChangePlugin
+{
+    /** @var ImsConfig */
+    private ImsConfig $imsConfig;
+
+    /**
+     * @param ImsConfig $imsConfig
+     */
+    public function __construct(
+        ImsConfig $imsConfig
+    ) {
+        $this->imsConfig = $imsConfig;
+    }
+
+    /**
+     * Disable forced password change when our module is active
+     *
+     * @param ObserverConfig $subject
+     * @param bool $result
+     * @return bool
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     */
+    public function afterIsPasswordChangeForced(ObserverConfig $subject, bool $result): bool
+    {
+        if ($this->imsConfig->enabled() === false) {
+            return $result;
+        }
+        return false;
+    }
+}

app/code/Magento/AdminAdobeIms/Plugin/DisablePasswordResetPlugin.php

@@ -0,0 +1,43 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\AdminAdobeIms\Plugin;
+
+use Magento\AdminAdobeIms\Service\ImsConfig;
+use Magento\User\Model\Backend\Config\ObserverConfig;
+
+class DisablePasswordResetPlugin
+{
+    /** @var ImsConfig */
+    private ImsConfig $imsConfig;
+
+    /**
+     * @param ImsConfig $imsConfig
+     */
+    public function __construct(
+        ImsConfig $imsConfig
+    ) {
+        $this->imsConfig = $imsConfig;
+    }
+
+    /**
+     * Since the password reset module treats 0 as disabled we can just return 0 when our module is enabled
+     *
+     * @param ObserverConfig $subject
+     * @param float $result
+     * @return float
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     */
+    public function afterGetAdminPasswordLifetime(ObserverConfig $subject, float $result): float
+    {
+        if ($this->imsConfig->enabled() === false) {
+            return $result;
+        }
+        return 0;
+    }
+}

app/code/Magento/AdminAdobeIms/README.md

@@ -134,4 +134,3 @@ Open:
 2. Validate that when disabled the fields work again,
 3. Update Wiki
 4. Functional tests
-5. Test user with no password, but module disable with POST Request and API call

app/code/Magento/AdminAdobeIms/etc/adminhtml/di.xml

@@ -58,4 +58,10 @@
         <plugin name="remove_user_validation_rules"
                 type="Magento\AdminAdobeIms\Plugin\RemoveUserValidationRulesPlugin"/>
     </type>
+    <type name="Magento\User\Model\Backend\Config\ObserverConfig">
+        <plugin name="disable_password_reset"
+                type="Magento\AdminAdobeIms\Plugin\DisablePasswordResetPlugin"/>
+        <plugin name="disable_forced_password_change"
+                type="Magento\AdminAdobeIms\Plugin\DisableForcedPasswordChangePlugin"/>
+    </type>
 </config>