From ab6f52b1b5a0eb3ca99547032289064b06df5458 Mon Sep 17 00:00:00 2001 From: MaxKey Date: Sun, 19 Dec 2021 20:18:03 +0800 Subject: [PATCH] statusValid --- .../authn/AbstractAuthenticationProvider.java | 39 +++++++++++++++---- .../authn/RealmAuthenticationProvider.java | 4 +- .../realm/jdbc/JdbcAuthenticationRealm.java | 3 +- .../db/PasswordPolicyValidator.java | 2 - .../java/org/maxkey/web/WebConstants.java | 4 ++ 5 files changed, 40 insertions(+), 12 deletions(-) diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java index f96e5386c..1290eb694 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java @@ -25,6 +25,7 @@ import org.maxkey.authn.realm.AbstractAuthenticationRealm; import org.maxkey.authn.support.rememberme.AbstractRemeberMeService; import org.maxkey.configuration.ApplicationConfig; import org.maxkey.constants.ConstantsLoginType; +import org.maxkey.constants.ConstantsStatus; import org.maxkey.entity.UserInfo; import org.maxkey.password.onetimepwd.AbstractOtpAuthn; import org.maxkey.web.WebConstants; @@ -324,18 +325,40 @@ public abstract class AbstractAuthenticationProvider { return true; } - protected boolean userinfoValid(UserInfo userInfo, String username) { + protected boolean statusValid(LoginCredential loginCredential , UserInfo userInfo) { if (null == userInfo) { - String message = WebContext.getI18nValue("login.error.username"); - _logger.debug("login user " + username + " not in this System ." + message); - UserInfo loginUser = new UserInfo(username); + String i18nMessage = WebContext.getI18nValue("login.error.username"); + _logger.debug("login user " + loginCredential.getUsername() + " not in this System ." + i18nMessage); + UserInfo loginUser = new UserInfo(loginCredential.getUsername()); loginUser.setId(loginUser.generateId()); - loginUser.setUsername(username); + loginUser.setUsername(loginCredential.getUsername()); loginUser.setDisplayName("not exist"); loginUser.setLoginCount(0); - authenticationRealm.insertLoginHistory(loginUser, ConstantsLoginType.LOCAL, "", - WebContext.getI18nValue("login.error.username"),WebConstants.LOGIN_RESULT.USER_NOT_EXIST); - throw new BadCredentialsException(WebContext.getI18nValue("login.error.username")); + authenticationRealm.insertLoginHistory( + loginUser, + ConstantsLoginType.LOCAL, + "", + i18nMessage, + WebConstants.LOGIN_RESULT.USER_NOT_EXIST); + throw new BadCredentialsException(i18nMessage); + }else { + if(userInfo.getIsLocked()==ConstantsStatus.LOCK) { + authenticationRealm.insertLoginHistory( + userInfo, + loginCredential.getAuthType(), + loginCredential.getProvider(), + loginCredential.getCode(), + WebConstants.LOGIN_RESULT.USER_LOCKED + ); + }else if(userInfo.getStatus()!=ConstantsStatus.ACTIVE) { + authenticationRealm.insertLoginHistory( + userInfo, + loginCredential.getAuthType(), + loginCredential.getProvider(), + loginCredential.getCode(), + WebConstants.LOGIN_RESULT.USER_INACTIVE + ); + } } return true; } diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java index a1301a844..ad46e16bb 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java @@ -94,7 +94,7 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider userInfo = loadUserInfo(loginCredential.getUsername(),loginCredential.getPassword()); - userinfoValid(userInfo, loginCredential.getUsername()); + statusValid(loginCredential , userInfo); //mfa tftcaptchaValid(loginCredential.getOtpCaptcha(),loginCredential.getAuthType(),userInfo); @@ -140,7 +140,9 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider @Override public Authentication authentication(LoginCredential loginCredential,boolean isTrusted) { UserInfo loadeduserInfo = loadUserInfo(loginCredential.getUsername(), ""); + statusValid(loginCredential , loadeduserInfo); if (loadeduserInfo != null) { + //Validate PasswordPolicy authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(loadeduserInfo); if(!isTrusted) { diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/JdbcAuthenticationRealm.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/JdbcAuthenticationRealm.java index 27c78f1cf..d82122522 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/JdbcAuthenticationRealm.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/JdbcAuthenticationRealm.java @@ -25,6 +25,7 @@ import org.maxkey.persistence.db.LoginHistoryService; import org.maxkey.persistence.db.LoginService; import org.maxkey.persistence.db.PasswordPolicyValidator; import org.maxkey.persistence.service.UserInfoService; +import org.maxkey.web.WebConstants; import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -119,7 +120,7 @@ public class JdbcAuthenticationRealm extends AbstractAuthenticationRealm { _logger.debug("passwordvalid : {}" , passwordMatches); if (!passwordMatches) { passwordPolicyValidator.plusBadPasswordCount(userInfo); - insertLoginHistory(userInfo, ConstantsLoginType.LOCAL, "", "xe00000004", "password error"); + insertLoginHistory(userInfo, ConstantsLoginType.LOCAL, "", "xe00000004", WebConstants.LOGIN_RESULT.PASSWORD_ERROE); if(userInfo.getBadPasswordCount()>=(passwordPolicyValidator.getPasswordPolicy().getAttempts()/2)) { throw new BadCredentialsException( diff --git a/maxkey-core/src/main/java/org/maxkey/persistence/db/PasswordPolicyValidator.java b/maxkey-core/src/main/java/org/maxkey/persistence/db/PasswordPolicyValidator.java index 4e97e1177..174e00b5f 100644 --- a/maxkey-core/src/main/java/org/maxkey/persistence/db/PasswordPolicyValidator.java +++ b/maxkey-core/src/main/java/org/maxkey/persistence/db/PasswordPolicyValidator.java @@ -281,8 +281,6 @@ public class PasswordPolicyValidator { ); } - - return true; } diff --git a/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java b/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java index 42cea714a..bfc118994 100644 --- a/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java +++ b/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java @@ -91,6 +91,10 @@ public class WebConstants { public static final String FAIL = "fail"; public static final String PASSWORD_ERROE = "password error"; public static final String USER_NOT_EXIST = "user not exist"; + public static final String USER_LOCKED = "locked"; + public static final String USER_INACTIVE = "inactive"; + + }