def lockUser(self, user_name, maxCount): if StringHelper.isEmpty(user_name): return None userService = CdiUtil.bean(UserService) cacheService = CdiUtil.bean(CacheService) facesMessages = CdiUtil.bean(FacesMessages) facesMessages.setKeepMessages() find_user_by_uid = userService.getUser(user_name) if (find_user_by_uid == None): return None status_attribute_value = userService.getCustomAttribute( find_user_by_uid, "gluuStatus") if status_attribute_value != None: user_status = status_attribute_value.getValue() if StringHelper.equals(user_status, "inactive"): print "Basic (lock account). Lock user. User '%s' locked already" % user_name return userService.setCustomAttribute(find_user_by_uid, "gluuStatus", "inactive") updated_user = userService.updateUser(find_user_by_uid) object_to_store = "{'locked': true}" cacheService.put(StringHelper.toString(self.lockExpirationTime), "lock_user_" + user_name, object_to_store) facesMessages.add( FacesMessage.SEVERITY_ERROR, "Your account is locked. Please try again after " + StringHelper.toString(self.lockExpirationTime) + " secs") print "Basic (lock account). Lock user. User '%s' locked" % user_name
def authenticate(self, configurationAttributes, requestParameters, step): if step == 1: print "Basic (lock account). Authenticate for step 1" credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): userService = Component.getInstance(UserService) try: logged_in = userService.authenticate(user_name, user_password) except AuthenticationException: print "Basic (lock account). Authenticate. Failed to authenticate user '%s'" % user_name if (not logged_in): countInvalidLoginArributeValue = self.getUserAttributeValue(user_name, self.invalidLoginCountAttribute) countInvalidLogin = StringHelper.toInteger(countInvalidLoginArributeValue, 0) if countInvalidLogin < self.maximumInvalidLoginAttemps: countInvalidLogin = countInvalidLogin + 1 self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(countInvalidLogin)) if countInvalidLogin >= self.maximumInvalidLoginAttemps: self.lockUser(user_name) return False self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(0)) return True else: return False
def authenticate(self, configurationAttributes, requestParameters, step): if step == 1: print "Basic (lock account). Authenticate for step 1" credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): userService = UserService.instance() try: logged_in = userService.authenticate(user_name, user_password) except AuthenticationException: print "Basic (lock account). Authenticate. Failed to authenticate user '%s'" % user_name if (not logged_in): countInvalidLoginArributeValue = self.getUserAttributeValue(user_name, self.invalidLoginCountAttribute) countInvalidLogin = StringHelper.toInteger(countInvalidLoginArributeValue, 0) if countInvalidLogin < self.maximumInvalidLoginAttemps: countInvalidLogin = countInvalidLogin + 1 self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(countInvalidLogin)) if countInvalidLogin >= self.maximumInvalidLoginAttemps: self.lockUser(user_name) return False self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(0)) return True else: return False
def unLockUser(self, user_name): if StringHelper.isEmpty(user_name): return None userService = CdiUtil.bean(UserService) cacheService = CdiUtil.bean(CacheService) find_user_by_uid = userService.getUser(user_name) if (find_user_by_uid == None): return None object_to_store = json.dumps( { 'locked': False, 'created': LocalDateTime.now().toString() }, separators=(',', ':')) cacheService.put(StringHelper.toString(self.lockExpirationTime), "lock_user_" + user_name, object_to_store) userService.setCustomAttribute(find_user_by_uid, "gluuStatus", "active") userService.setCustomAttribute(find_user_by_uid, self.invalidLoginCountAttribute, None) updated_user = userService.updateUser(find_user_by_uid) print "Basic (lock account). Lock user. User '%s' unlocked" % user_name
def authenticate(self, configurationAttributes, requestParameters, step): authenticationService = CdiUtil.bean(AuthenticationService) if step == 1: print "Basic (lock account). Authenticate for step 1" facesMessages = CdiUtil.bean(FacesMessages) facesMessages.setKeepMessages() identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() cacheService = CdiUtil.bean(CacheService) userService = CdiUtil.bean(UserService) logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): try: logged_in = authenticationService.authenticate( user_name, user_password) except AuthenticationException: print "Basic (lock account). Authenticate. Failed to authenticate user '%s'" % user_name if not logged_in: countInvalidLoginArributeValue = self.getUserAttributeValue( user_name, self.invalidLoginCountAttribute) userSatus = self.getUserAttributeValue(user_name, "gluuStatus") print "Current user status %s" % userSatus countInvalidLogin = StringHelper.toInteger( countInvalidLoginArributeValue, 0) if countInvalidLogin < self.maximumInvalidLoginAttemps: countInvalidLogin = countInvalidLogin + 1 remainingAttempts = self.maximumInvalidLoginAttemps - countInvalidLogin print "Remainings counts %s" % remainingAttempts self.setUserAttributeValue( user_name, self.invalidLoginCountAttribute, StringHelper.toString(countInvalidLogin)) if remainingAttempts > 0 and userSatus == "active": facesMessages.add( FacesMessage.SEVERITY_INFO, StringHelper.toString(remainingAttempts) + " more attempt(s) before account is LOCKED!") if countInvalidLogin >= self.maximumInvalidLoginAttemps: self.lockUser(user_name, self.maximumInvalidLoginAttemps) return False object_from_store = cacheService.get(None, "lock_user_" + user_name) if object_from_store == None and countInvalidLogin >= self.maximumInvalidLoginAttemps: print "Basic (lock account).Lock Expired for '%s'" % user_name self.unLockUser(user_name) logged_in = authenticationService.authenticate( user_name, user_password) return True elif object_from_store != None: print "Basic (lock account). Lock Expiration time is ACTIVE for user '%s'" % user_name return False self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(0)) return True else: return False
def authenticate(self, configurationAttributes, requestParameters, step): authenticationService = CdiUtil.bean(AuthenticationService) if step == 1: print "Basic (lock account). Authenticate for step 1" facesMessages = CdiUtil.bean(FacesMessages) facesMessages.setKeepMessages() identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() cacheService = CdiUtil.bean(CacheService) userService = CdiUtil.bean(UserService) logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): try: logged_in = authenticationService.authenticate( user_name, user_password) except AuthenticationException: print "Basic (lock account). Authenticate. Failed to authenticate user '%s'" % user_name if not logged_in: countInvalidLoginArributeValue = self.getUserAttributeValue( user_name, self.invalidLoginCountAttribute) userSatus = self.getUserAttributeValue(user_name, "gluuStatus") print "Current user '%s' status is '%s'" % (user_name, userSatus) countInvalidLogin = StringHelper.toInteger( countInvalidLoginArributeValue, 0) if countInvalidLogin < self.maximumInvalidLoginAttemps: countInvalidLogin = countInvalidLogin + 1 remainingAttempts = self.maximumInvalidLoginAttemps - countInvalidLogin print "Remaining login count attempts '%s' for user '%s'" % ( remainingAttempts, user_name) self.setUserAttributeValue( user_name, self.invalidLoginCountAttribute, StringHelper.toString(countInvalidLogin)) if remainingAttempts > 0 and userSatus == "active": facesMessages.add( FacesMessage.SEVERITY_INFO, StringHelper.toString(remainingAttempts) + " more attempt(s) before account is LOCKED!") if (countInvalidLogin >= self.maximumInvalidLoginAttemps) and ( (userSatus == None) or (userSatus == "active")): print "Basic (lock account). Locking '%s' for '%s' seconds" % ( user_name, self.lockExpirationTime) self.lockUser(user_name) return False if (countInvalidLogin >= self.maximumInvalidLoginAttemps ) and userSatus == "inactive": print "Basic (lock account). User '%s' is locked. Checking if we can unlock him" % user_name unlock_and_authenticate = False object_from_store = cacheService.get( None, "lock_user_" + user_name) if object_from_store == None: # Object in cache was expired. We need to unlock user print "Basic (lock account). User locking details for user '%s' not exists" % user_name unlock_and_authenticate = True else: # Analyze object from cache user_lock_details = json.loads(object_from_store) user_lock_details_locked = user_lock_details['locked'] user_lock_details_created = user_lock_details[ 'created'] user_lock_details_created_date = LocalDateTime.parse( user_lock_details_created, DateTimeFormatter.ISO_LOCAL_DATE_TIME) user_lock_details_created_diff = Duration.between( user_lock_details_created_date, LocalDateTime.now()).getSeconds() print "Basic (lock account). Get user '%s' locking details. locked: '%s', Created: '%s', Difference in seconds: '%s'" % ( user_name, user_lock_details_locked, user_lock_details_created, user_lock_details_created_diff) if user_lock_details_locked and user_lock_details_created_diff >= self.lockExpirationTime: print "Basic (lock account). Unlocking user '%s' after lock expiration" % user_name unlock_and_authenticate = True if unlock_and_authenticate: self.unLockUser(user_name) self.setUserAttributeValue( user_name, self.invalidLoginCountAttribute, StringHelper.toString(0)) logged_in = authenticationService.authenticate( user_name, user_password) if not logged_in: # Update number of attempts self.setUserAttributeValue( user_name, self.invalidLoginCountAttribute, StringHelper.toString(1)) if self.maximumInvalidLoginAttemps == 1: # Lock user if maximum count login attempts is 1 self.lockUser(user_name) return False return logged_in else: return False
def authenticate(self, configurationAttributes, requestParameters, step): if (step == 1): print("Basic (multi auth conf & lock account). Authenticate for step 1") credentials = Identity.instance().getCredentials() keyValue = credentials.getUsername() userPassword = credentials.getPassword() if not StringHelper.isNotEmptyString(keyValue) or not StringHelper.isNotEmptyString(userPassword): print("Basic (multi auth conf & lock account). Missing fields ") faces_messages = FacesMessages.instance() faces_messages.clear() FacesContext.getCurrentInstance().getExternalContext().getFlash().setKeepMessages(True) faces_messages.addFromResourceBundle( FacesMessage.SEVERITY_ERROR, "login.missingField") return False keyValue = keyValue.strip() user_status = self.getUserAttributeValue(keyValue, "gluuStatus") if user_status is not None and user_status != "active": print("Basic (multi auth conf & lock account). Account locked for user '%s'" % keyValue) faces_messages = FacesMessages.instance() faces_messages.clear() FacesContext.getCurrentInstance().getExternalContext().getFlash().setKeepMessages(True) faces_messages.addFromResourceBundle( FacesMessage.SEVERITY_ERROR, "login.accountLocked") return False if (StringHelper.isNotEmptyString(keyValue) and StringHelper.isNotEmptyString(userPassword)): authenticationService = Component.getInstance( AuthenticationService) logged_in = False for ldapExtendedEntryManager in self.ldapExtendedEntryManagers: if logged_in: break ldapConfiguration = ldapExtendedEntryManager["ldapConfiguration"] ldapEntryManager = ldapExtendedEntryManager["ldapEntryManager"] loginAttributes = ldapExtendedEntryManager["loginAttributes"] localLoginAttributes = ldapExtendedEntryManager["localLoginAttributes"] print("Basic (multi auth conf & lock account). Authenticate for step 1. Using configuration: " + ldapConfiguration.getConfigId()) idx = 0 count = len(loginAttributes) while (idx < count): primaryKey = loginAttributes[idx] localPrimaryKey = localLoginAttributes[idx] loggedIn = authenticationService.authenticate( ldapConfiguration, ldapEntryManager, keyValue, userPassword, primaryKey, localPrimaryKey) if (loggedIn): logged_in = True break idx += 1 if logged_in: self.setUserAttributeValue( keyValue, self.invalidLoginCountAttribute, StringHelper.toString(0)) return True countInvalidLoginArributeValue = self.getUserAttributeValue( keyValue, self.invalidLoginCountAttribute) countInvalidLogin = StringHelper.toInteger( countInvalidLoginArributeValue, 0) if countInvalidLogin < self.maximumInvalidLoginAttemps: countInvalidLogin = countInvalidLogin + 1 self.setUserAttributeValue( keyValue, self.invalidLoginCountAttribute, StringHelper.toString(countInvalidLogin)) if countInvalidLogin >= self.maximumInvalidLoginAttemps: self.lockUser(keyValue) self.setUserAttributeValue( keyValue, self.invalidLoginCountAttribute, StringHelper.toString(0)) return False else: return False