def lockUser(self, user_name, maxCount):
if StringHelper.isEmpty(user_name):
return None
userService = CdiUtil.bean(UserService)
cacheService = CdiUtil.bean(CacheService)
facesMessages = CdiUtil.bean(FacesMessages)
facesMessages.setKeepMessages()
find_user_by_uid = userService.getUser(user_name)
if (find_user_by_uid == None):
return None
status_attribute_value = userService.getCustomAttribute(
find_user_by_uid, "gluuStatus")
if status_attribute_value != None:
user_status = status_attribute_value.getValue()
if StringHelper.equals(user_status, "inactive"):
print "Basic (lock account). Lock user. User '%s' locked already" % user_name
return
userService.setCustomAttribute(find_user_by_uid, "gluuStatus",
"inactive")
updated_user = userService.updateUser(find_user_by_uid)
object_to_store = "{'locked': true}"
cacheService.put(StringHelper.toString(self.lockExpirationTime),
"lock_user_" + user_name, object_to_store)
facesMessages.add(
FacesMessage.SEVERITY_ERROR,
"Your account is locked. Please try again after " +
StringHelper.toString(self.lockExpirationTime) + " secs")
print "Basic (lock account). Lock user. User '%s' locked" % user_name
def authenticate(self, configurationAttributes, requestParameters, step):
if step == 1:
print "Basic (lock account). Authenticate for step 1"
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
userService = Component.getInstance(UserService)
try:
logged_in = userService.authenticate(user_name, user_password)
except AuthenticationException:
print "Basic (lock account). Authenticate. Failed to authenticate user '%s'" % user_name
if (not logged_in):
countInvalidLoginArributeValue = self.getUserAttributeValue(user_name, self.invalidLoginCountAttribute)
countInvalidLogin = StringHelper.toInteger(countInvalidLoginArributeValue, 0)
if countInvalidLogin < self.maximumInvalidLoginAttemps:
countInvalidLogin = countInvalidLogin + 1
self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(countInvalidLogin))
if countInvalidLogin >= self.maximumInvalidLoginAttemps:
self.lockUser(user_name)
return False
self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(0))
return True
else:
return False
def authenticate(self, configurationAttributes, requestParameters, step):
if step == 1:
print "Basic (lock account). Authenticate for step 1"
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
userService = UserService.instance()
try:
logged_in = userService.authenticate(user_name, user_password)
except AuthenticationException:
print "Basic (lock account). Authenticate. Failed to authenticate user '%s'" % user_name
if (not logged_in):
countInvalidLoginArributeValue = self.getUserAttributeValue(user_name, self.invalidLoginCountAttribute)
countInvalidLogin = StringHelper.toInteger(countInvalidLoginArributeValue, 0)
if countInvalidLogin < self.maximumInvalidLoginAttemps:
countInvalidLogin = countInvalidLogin + 1
self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(countInvalidLogin))
if countInvalidLogin >= self.maximumInvalidLoginAttemps:
self.lockUser(user_name)
return False
self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(0))
return True
else:
return False
def unLockUser(self, user_name):
if StringHelper.isEmpty(user_name):
return None
userService = CdiUtil.bean(UserService)
cacheService = CdiUtil.bean(CacheService)
find_user_by_uid = userService.getUser(user_name)
if (find_user_by_uid == None):
return None
object_to_store = json.dumps(
{
'locked': False,
'created': LocalDateTime.now().toString()
},
separators=(',', ':'))
cacheService.put(StringHelper.toString(self.lockExpirationTime),
"lock_user_" + user_name, object_to_store)
userService.setCustomAttribute(find_user_by_uid, "gluuStatus",
"active")
userService.setCustomAttribute(find_user_by_uid,
self.invalidLoginCountAttribute, None)
updated_user = userService.updateUser(find_user_by_uid)
print "Basic (lock account). Lock user. User '%s' unlocked" % user_name
def authenticate(self, configurationAttributes, requestParameters, step):
authenticationService = CdiUtil.bean(AuthenticationService)
if step == 1:
print "Basic (lock account). Authenticate for step 1"
facesMessages = CdiUtil.bean(FacesMessages)
facesMessages.setKeepMessages()
identity = CdiUtil.bean(Identity)
credentials = identity.getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
cacheService = CdiUtil.bean(CacheService)
userService = CdiUtil.bean(UserService)
logged_in = False
if (StringHelper.isNotEmptyString(user_name)
and StringHelper.isNotEmptyString(user_password)):
try:
logged_in = authenticationService.authenticate(
user_name, user_password)
except AuthenticationException:
print "Basic (lock account). Authenticate. Failed to authenticate user '%s'" % user_name
if not logged_in:
countInvalidLoginArributeValue = self.getUserAttributeValue(
user_name, self.invalidLoginCountAttribute)
userSatus = self.getUserAttributeValue(user_name, "gluuStatus")
print "Current user status %s" % userSatus
countInvalidLogin = StringHelper.toInteger(
countInvalidLoginArributeValue, 0)
if countInvalidLogin < self.maximumInvalidLoginAttemps:
countInvalidLogin = countInvalidLogin + 1
remainingAttempts = self.maximumInvalidLoginAttemps - countInvalidLogin
print "Remainings counts %s" % remainingAttempts
self.setUserAttributeValue(
user_name, self.invalidLoginCountAttribute,
StringHelper.toString(countInvalidLogin))
if remainingAttempts > 0 and userSatus == "active":
facesMessages.add(
FacesMessage.SEVERITY_INFO,
StringHelper.toString(remainingAttempts) +
" more attempt(s) before account is LOCKED!")
if countInvalidLogin >= self.maximumInvalidLoginAttemps:
self.lockUser(user_name, self.maximumInvalidLoginAttemps)
return False
object_from_store = cacheService.get(None,
"lock_user_" + user_name)
if object_from_store == None and countInvalidLogin >= self.maximumInvalidLoginAttemps:
print "Basic (lock account).Lock Expired for '%s'" % user_name
self.unLockUser(user_name)
logged_in = authenticationService.authenticate(
user_name, user_password)
return True
elif object_from_store != None:
print "Basic (lock account). Lock Expiration time is ACTIVE for user '%s'" % user_name
return False
self.setUserAttributeValue(user_name,
self.invalidLoginCountAttribute,
StringHelper.toString(0))
return True
else:
return False
def authenticate(self, configurationAttributes, requestParameters, step):
authenticationService = CdiUtil.bean(AuthenticationService)
if step == 1:
print "Basic (lock account). Authenticate for step 1"
facesMessages = CdiUtil.bean(FacesMessages)
facesMessages.setKeepMessages()
identity = CdiUtil.bean(Identity)
credentials = identity.getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
cacheService = CdiUtil.bean(CacheService)
userService = CdiUtil.bean(UserService)
logged_in = False
if (StringHelper.isNotEmptyString(user_name)
and StringHelper.isNotEmptyString(user_password)):
try:
logged_in = authenticationService.authenticate(
user_name, user_password)
except AuthenticationException:
print "Basic (lock account). Authenticate. Failed to authenticate user '%s'" % user_name
if not logged_in:
countInvalidLoginArributeValue = self.getUserAttributeValue(
user_name, self.invalidLoginCountAttribute)
userSatus = self.getUserAttributeValue(user_name, "gluuStatus")
print "Current user '%s' status is '%s'" % (user_name,
userSatus)
countInvalidLogin = StringHelper.toInteger(
countInvalidLoginArributeValue, 0)
if countInvalidLogin < self.maximumInvalidLoginAttemps:
countInvalidLogin = countInvalidLogin + 1
remainingAttempts = self.maximumInvalidLoginAttemps - countInvalidLogin
print "Remaining login count attempts '%s' for user '%s'" % (
remainingAttempts, user_name)
self.setUserAttributeValue(
user_name, self.invalidLoginCountAttribute,
StringHelper.toString(countInvalidLogin))
if remainingAttempts > 0 and userSatus == "active":
facesMessages.add(
FacesMessage.SEVERITY_INFO,
StringHelper.toString(remainingAttempts) +
" more attempt(s) before account is LOCKED!")
if (countInvalidLogin >= self.maximumInvalidLoginAttemps) and (
(userSatus == None) or (userSatus == "active")):
print "Basic (lock account). Locking '%s' for '%s' seconds" % (
user_name, self.lockExpirationTime)
self.lockUser(user_name)
return False
if (countInvalidLogin >= self.maximumInvalidLoginAttemps
) and userSatus == "inactive":
print "Basic (lock account). User '%s' is locked. Checking if we can unlock him" % user_name
unlock_and_authenticate = False
object_from_store = cacheService.get(
None, "lock_user_" + user_name)
if object_from_store == None:
# Object in cache was expired. We need to unlock user
print "Basic (lock account). User locking details for user '%s' not exists" % user_name
unlock_and_authenticate = True
else:
# Analyze object from cache
user_lock_details = json.loads(object_from_store)
user_lock_details_locked = user_lock_details['locked']
user_lock_details_created = user_lock_details[
'created']
user_lock_details_created_date = LocalDateTime.parse(
user_lock_details_created,
DateTimeFormatter.ISO_LOCAL_DATE_TIME)
user_lock_details_created_diff = Duration.between(
user_lock_details_created_date,
LocalDateTime.now()).getSeconds()
print "Basic (lock account). Get user '%s' locking details. locked: '%s', Created: '%s', Difference in seconds: '%s'" % (
user_name, user_lock_details_locked,
user_lock_details_created,
user_lock_details_created_diff)
if user_lock_details_locked and user_lock_details_created_diff >= self.lockExpirationTime:
print "Basic (lock account). Unlocking user '%s' after lock expiration" % user_name
unlock_and_authenticate = True
if unlock_and_authenticate:
self.unLockUser(user_name)
self.setUserAttributeValue(
user_name, self.invalidLoginCountAttribute,
StringHelper.toString(0))
logged_in = authenticationService.authenticate(
user_name, user_password)
if not logged_in:
# Update number of attempts
self.setUserAttributeValue(
user_name, self.invalidLoginCountAttribute,
StringHelper.toString(1))
if self.maximumInvalidLoginAttemps == 1:
# Lock user if maximum count login attempts is 1
self.lockUser(user_name)
return False
return logged_in
else:
return False
def authenticate(self, configurationAttributes, requestParameters, step):
if (step == 1):
print("Basic (multi auth conf & lock account). Authenticate for step 1")
credentials = Identity.instance().getCredentials()
keyValue = credentials.getUsername()
userPassword = credentials.getPassword()
if not StringHelper.isNotEmptyString(keyValue) or not StringHelper.isNotEmptyString(userPassword):
print("Basic (multi auth conf & lock account). Missing fields ")
faces_messages = FacesMessages.instance()
faces_messages.clear()
FacesContext.getCurrentInstance().getExternalContext().getFlash().setKeepMessages(True)
faces_messages.addFromResourceBundle(
FacesMessage.SEVERITY_ERROR, "login.missingField")
return False
keyValue = keyValue.strip()
user_status = self.getUserAttributeValue(keyValue, "gluuStatus")
if user_status is not None and user_status != "active":
print("Basic (multi auth conf & lock account). Account locked for user '%s'" % keyValue)
faces_messages = FacesMessages.instance()
faces_messages.clear()
FacesContext.getCurrentInstance().getExternalContext().getFlash().setKeepMessages(True)
faces_messages.addFromResourceBundle(
FacesMessage.SEVERITY_ERROR, "login.accountLocked")
return False
if (StringHelper.isNotEmptyString(keyValue) and StringHelper.isNotEmptyString(userPassword)):
authenticationService = Component.getInstance(
AuthenticationService)
logged_in = False
for ldapExtendedEntryManager in self.ldapExtendedEntryManagers:
if logged_in:
break
ldapConfiguration = ldapExtendedEntryManager["ldapConfiguration"]
ldapEntryManager = ldapExtendedEntryManager["ldapEntryManager"]
loginAttributes = ldapExtendedEntryManager["loginAttributes"]
localLoginAttributes = ldapExtendedEntryManager["localLoginAttributes"]
print("Basic (multi auth conf & lock account). Authenticate for step 1. Using configuration: " +
ldapConfiguration.getConfigId())
idx = 0
count = len(loginAttributes)
while (idx < count):
primaryKey = loginAttributes[idx]
localPrimaryKey = localLoginAttributes[idx]
loggedIn = authenticationService.authenticate(
ldapConfiguration, ldapEntryManager, keyValue, userPassword, primaryKey, localPrimaryKey)
if (loggedIn):
logged_in = True
break
idx += 1
if logged_in:
self.setUserAttributeValue(
keyValue, self.invalidLoginCountAttribute, StringHelper.toString(0))
return True
countInvalidLoginArributeValue = self.getUserAttributeValue(
keyValue, self.invalidLoginCountAttribute)
countInvalidLogin = StringHelper.toInteger(
countInvalidLoginArributeValue, 0)
if countInvalidLogin < self.maximumInvalidLoginAttemps:
countInvalidLogin = countInvalidLogin + 1
self.setUserAttributeValue(
keyValue, self.invalidLoginCountAttribute, StringHelper.toString(countInvalidLogin))
if countInvalidLogin >= self.maximumInvalidLoginAttemps:
self.lockUser(keyValue)
self.setUserAttributeValue(
keyValue, self.invalidLoginCountAttribute, StringHelper.toString(0))
return False
else:
return False
