def init(self, configurationAttributes): print "Basic (lock account). Initialization" self.invalidLoginCountAttribute = "oxCountInvalidLogin" if configurationAttributes.containsKey( "invalid_login_count_attribute"): self.invalidLoginCountAttribute = configurationAttributes.get( "invalid_login_count_attribute").getValue2() else: print "Basic (lock account). Initialization. Using default attribute" self.maximumInvalidLoginAttemps = 3 if configurationAttributes.containsKey( "maximum_invalid_login_attemps"): self.maximumInvalidLoginAttemps = StringHelper.toInteger( configurationAttributes.get( "maximum_invalid_login_attemps").getValue2()) else: print "Basic (lock account). Initialization. Using default number attempts" self.lockExpirationTime = 180 if configurationAttributes.containsKey("lock_expiration_time"): self.lockExpirationTime = StringHelper.toInteger( configurationAttributes.get( "lock_expiration_time").getValue2()) else: print "Basic (lock account). Initialization. Using default lock expiration time" print "Basic (lock account). Initialized successfully. invalid_login_count_attribute: '%s', maximum_invalid_login_attemps: '%s'" % ( self.invalidLoginCountAttribute, self.maximumInvalidLoginAttemps) return True
def authenticate(self, configurationAttributes, requestParameters, step): if step == 1: print "Basic (lock account). Authenticate for step 1" credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): userService = Component.getInstance(UserService) try: logged_in = userService.authenticate(user_name, user_password) except AuthenticationException: print "Basic (lock account). Authenticate. Failed to authenticate user '%s'" % user_name if (not logged_in): countInvalidLoginArributeValue = self.getUserAttributeValue(user_name, self.invalidLoginCountAttribute) countInvalidLogin = StringHelper.toInteger(countInvalidLoginArributeValue, 0) if countInvalidLogin < self.maximumInvalidLoginAttemps: countInvalidLogin = countInvalidLogin + 1 self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(countInvalidLogin)) if countInvalidLogin >= self.maximumInvalidLoginAttemps: self.lockUser(user_name) return False self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(0)) return True else: return False
def authenticate(self, configurationAttributes, requestParameters, step): if step == 1: print "Basic (lock account). Authenticate for step 1" credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): userService = UserService.instance() try: logged_in = userService.authenticate(user_name, user_password) except AuthenticationException: print "Basic (lock account). Authenticate. Failed to authenticate user '%s'" % user_name if (not logged_in): countInvalidLoginArributeValue = self.getUserAttributeValue(user_name, self.invalidLoginCountAttribute) countInvalidLogin = StringHelper.toInteger(countInvalidLoginArributeValue, 0) if countInvalidLogin < self.maximumInvalidLoginAttemps: countInvalidLogin = countInvalidLogin + 1 self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(countInvalidLogin)) if countInvalidLogin >= self.maximumInvalidLoginAttemps: self.lockUser(user_name) return False self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(0)) return True else: return False
def getCountAuthenticationSteps(self, configurationAttributes): identity = CdiUtil.bean(Identity) if identity.isSetWorkingParameter("otp_count_login_steps"): return StringHelper.toInteger( "%s" % identity.getWorkingParameter("otp_count_login_steps")) else: return 2
def getCountAuthenticationSteps(self, configurationAttributes): context = Contexts.getEventContext() session_attributes = context.get("sessionAttributes") if session_attributes.containsKey("otp_count_login_steps"): return StringHelper.toInteger(session_attributes.get("otp_count_login_steps")) else: return 2
def getCountAuthenticationSteps(self, configurationAttributes): identity = CdiUtil.bean(Identity) session_attributes = identity.getSessionId().getSessionAttributes() if session_attributes.containsKey("otp_count_login_steps"): return StringHelper.toInteger(session_attributes.get("otp_count_login_steps")) else: return 2
def init(self, configurationAttributes): print "Cert. Initialization" if not (configurationAttributes.containsKey("chain_cert_file_path")): print "Cert. Initialization. Property chain_cert_file_path is mandatory" return False if not (configurationAttributes.containsKey("map_user_cert")): print "Cert. Initialization. Property map_user_cert is mandatory" return False chain_cert_file_path = configurationAttributes.get( "chain_cert_file_path").getValue2() self.chain_certs = CertUtil.loadX509CertificateFromFile( chain_cert_file_path) print "Cert. Initialization. Loaded '%d' chain certificates" % self.chain_certs.size( ) crl_max_response_size = 5 * 1024 * 1024 # 10Mb if configurationAttributes.containsKey("crl_max_response_size"): crl_max_response_size = StringHelper.toInteger( configurationAttributes.get( "crl_max_response_size").getValue2(), crl_max_response_size) print "Cert. Initialization. CRL max response size is '%d'" % crl_max_response_size # Define array to order methods correctly self.validator_types = ['generic', 'path', 'ocsp', 'crl'] self.validators = { 'generic': [GenericCertificateVerifier(), False], 'path': [PathCertificateVerifier(False), False], 'ocsp': [OCSPCertificateVerifier(), False], 'crl': [CRLCertificateVerifier(crl_max_response_size), False] } for type in self.validator_types: validator_param_name = "use_%s_validator" % type if configurationAttributes.containsKey(validator_param_name): validator_status = StringHelper.toBoolean( configurationAttributes.get( validator_param_name).getValue2(), False) self.validators[type][1] = validator_status print "Cert. Initialization. Validation method '%s' status: '%s'" % ( type, self.validators[type][1]) self.map_user_cert = StringHelper.toBoolean( configurationAttributes.get("map_user_cert").getValue2(), False) print "Cert. Initialization. map_user_cert: '%s'" % self.map_user_cert self.enabled_recaptcha = self.initRecaptcha(configurationAttributes) print "Cert. Initialization. enabled_recaptcha: '%s'" % self.enabled_recaptcha print "Cert. Initialized successfully" return True
def init(self, configurationAttributes): print "Cert. Initialization" if not (configurationAttributes.containsKey("chain_cert_file_path")): print "Cert. Initialization. Property chain_cert_file_path is mandatory" return False if not (configurationAttributes.containsKey("map_user_cert")): print "Cert. Initialization. Property map_user_cert is mandatory" return False chain_cert_file_path = configurationAttributes.get("chain_cert_file_path").getValue2() self.chain_certs = CertUtil.loadX509CertificateFromFile(chain_cert_file_path) print "Cert. Initialization. Loaded '%d' chain certificates" % self.chain_certs.size() crl_max_response_size = 5 * 1024 * 1024 # 10Mb if configurationAttributes.containsKey("crl_max_response_size"): crl_max_response_size = StringHelper.toInteger(configurationAttributes.get("crl_max_response_size").getValue2(), crl_max_response_size) print "Cert. Initialization. CRL max response size is '%d'" % crl_max_response_size # Define array to order methods correctly self.validator_types = [ 'generic', 'path', 'ocsp', 'crl'] self.validators = { 'generic' : [GenericCertificateVerifier(), False], 'path' : [PathCertificateVerifier(False), False], 'ocsp' : [OCSPCertificateVerifier(), False], 'crl' : [CRLCertificateVerifier(crl_max_response_size), False] } for type in self.validator_types: validator_param_name = "use_%s_validator" % type if configurationAttributes.containsKey(validator_param_name): validator_status = StringHelper.toBoolean(configurationAttributes.get(validator_param_name).getValue2(), False) self.validators[type][1] = validator_status print "Cert. Initialization. Validation method '%s' status: '%s'" % (type, self.validators[type][1]) self.map_user_cert = StringHelper.toBoolean(configurationAttributes.get("map_user_cert").getValue2(), False) print "Cert. Initialization. map_user_cert: '%s'" % self.map_user_cert self.enabled_recaptcha = self.initRecaptcha(configurationAttributes) print "Cert. Initialization. enabled_recaptcha: '%s'" % self.enabled_recaptcha print "Cert. Initialized successfully" return True
def init(self, configurationAttributes): print "Basic (lock account). Initialization" self.invalidLoginCountAttribute = "oxCountInvalidLogin" if configurationAttributes.containsKey("invalid_login_count_attribute"): self.invalidLoginCountAttribute = configurationAttributes.get("invalid_login_count_attribute").getValue2() else: print "Basic (lock account). Initialization. Using default attribute" self.maximumInvalidLoginAttemps = 3 if configurationAttributes.containsKey("maximum_invalid_login_attemps"): self.maximumInvalidLoginAttemps = StringHelper.toInteger(configurationAttributes.get("maximum_invalid_login_attemps").getValue2()) else: print "Basic (lock account). Initialization. Using default number attempts" print "Basic (lock account). Initialized successfully. invalid_login_count_attribute: '%s', maximum_invalid_login_attemps: '%s'" % (self.invalidLoginCountAttribute, self.maximumInvalidLoginAttemps) return True
def init(self, configurationAttributes): print("Basic (multi auth conf & lock account). Initialization") if (not configurationAttributes.containsKey("auth_configuration_file")): print("Basic (multi auth conf & lock account). The property auth_configuration_file is empty") return False self.invalidLoginCountAttribute = "oxCountInvalidLogin" if configurationAttributes.containsKey("invalid_login_count_attribute"): self.invalidLoginCountAttribute = configurationAttributes.get( "invalid_login_count_attribute").getValue2() else: print("Basic (multi auth conf & lock account). Initialization. Using default attribute") self.maximumInvalidLoginAttemps = 3 if configurationAttributes.containsKey("maximum_invalid_login_attemps"): self.maximumInvalidLoginAttemps = StringHelper.toInteger( configurationAttributes.get("maximum_invalid_login_attemps").getValue2()) else: print("Basic (multi auth conf & lock account). Initialization. Using default number attempts") authConfigurationFile = configurationAttributes.get( "auth_configuration_file").getValue2() authConfiguration = self.loadAuthConfiguration(authConfigurationFile) if authConfiguration is None: print("Basic (multi auth conf & lock account). File with authentication configuration should be not empty") return False validationResult = self.validateAuthConfiguration(authConfiguration) if (not validationResult): return False ldapExtendedEntryManagers = self.createLdapExtendedEntryManagers( authConfiguration) if ldapExtendedEntryManagers is None: return False self.ldapExtendedEntryManagers = ldapExtendedEntryManagers print("Basic (multi auth conf & lock account). Initialized successfully") return True
def processOtpAuthentication(self, requestParameters, user_name, identity, otp_auth_method): facesMessages = CdiUtil.bean(FacesMessages) facesMessages.setKeepMessages() userService = CdiUtil.bean(UserService) otpCode = ServerUtil.getFirstValue(requestParameters, "loginForm:otpCode") if StringHelper.isEmpty(otpCode): facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to authenticate. OTP code is empty") print "OTP. Process OTP authentication. otpCode is empty" return False if otp_auth_method == "enroll": # Get key from session otp_secret_key_encoded = identity.getWorkingParameter( "otp_secret_key") if otp_secret_key_encoded == None: print "OTP. Process OTP authentication. OTP secret key is invalid" return False otp_secret_key = self.fromBase64Url(otp_secret_key_encoded) if self.otpType == "hotp": validation_result = self.validateHotpKey( otp_secret_key, 1, otpCode) if (validation_result != None) and validation_result["result"]: print "OTP. Process HOTP authentication during enrollment. otpCode is valid" # Store HOTP Secret Key and moving factor in user entry otp_user_external_uid = "hotp:%s;%s" % ( otp_secret_key_encoded, validation_result["movingFactor"]) # Add otp_user_external_uid to user's external GUID list find_user_by_external_uid = userService.addUserAttribute( user_name, "oxExternalUid", otp_user_external_uid) if find_user_by_external_uid != None: return True print "OTP. Process HOTP authentication during enrollment. Failed to update user entry" elif self.otpType == "totp": validation_result = self.validateTotpKey( otp_secret_key, otpCode) if (validation_result != None) and validation_result["result"]: print "OTP. Process TOTP authentication during enrollment. otpCode is valid" # Store TOTP Secret Key and moving factor in user entry otp_user_external_uid = "totp:%s" % otp_secret_key_encoded # Add otp_user_external_uid to user's external GUID list find_user_by_external_uid = userService.addUserAttribute( user_name, "oxExternalUid", otp_user_external_uid) if find_user_by_external_uid != None: return True print "OTP. Process TOTP authentication during enrollment. Failed to update user entry" elif otp_auth_method == "authenticate": user_enrollments = self.findEnrollments(user_name) if len(user_enrollments) == 0: print "OTP. Process OTP authentication. There is no OTP enrollment for user '%s'" % user_name facesMessages.add(FacesMessage.SEVERITY_ERROR, "There is no valid OTP user enrollments") return False if self.otpType == "hotp": for user_enrollment in user_enrollments: user_enrollment_data = user_enrollment.split(";") otp_secret_key_encoded = user_enrollment_data[0] # Get current moving factor from user entry moving_factor = StringHelper.toInteger( user_enrollment_data[1]) otp_secret_key = self.fromBase64Url(otp_secret_key_encoded) # Validate TOTP validation_result = self.validateHotpKey( otp_secret_key, moving_factor, otpCode) if (validation_result != None) and validation_result["result"]: print "OTP. Process HOTP authentication during authentication. otpCode is valid" otp_user_external_uid = "hotp:%s;%s" % ( otp_secret_key_encoded, moving_factor) new_otp_user_external_uid = "hotp:%s;%s" % ( otp_secret_key_encoded, validation_result["movingFactor"]) # Update moving factor in user entry find_user_by_external_uid = userService.replaceUserAttribute( user_name, "oxExternalUid", otp_user_external_uid, new_otp_user_external_uid) if find_user_by_external_uid != None: return True print "OTP. Process HOTP authentication during authentication. Failed to update user entry" elif self.otpType == "totp": for user_enrollment in user_enrollments: otp_secret_key = self.fromBase64Url(user_enrollment) # Validate TOTP validation_result = self.validateTotpKey( otp_secret_key, otpCode) if (validation_result != None) and validation_result["result"]: print "OTP. Process TOTP authentication during authentication. otpCode is valid" return True facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to authenticate. OTP code is invalid") print "OTP. Process OTP authentication. OTP code is invalid" return False
def authenticate(self, configurationAttributes, requestParameters, step): authenticationService = CdiUtil.bean(AuthenticationService) if step == 1: print "Basic (lock account). Authenticate for step 1" facesMessages = CdiUtil.bean(FacesMessages) facesMessages.setKeepMessages() identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() cacheService = CdiUtil.bean(CacheService) userService = CdiUtil.bean(UserService) logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): try: logged_in = authenticationService.authenticate( user_name, user_password) except AuthenticationException: print "Basic (lock account). Authenticate. Failed to authenticate user '%s'" % user_name if not logged_in: countInvalidLoginArributeValue = self.getUserAttributeValue( user_name, self.invalidLoginCountAttribute) userSatus = self.getUserAttributeValue(user_name, "gluuStatus") print "Current user status %s" % userSatus countInvalidLogin = StringHelper.toInteger( countInvalidLoginArributeValue, 0) if countInvalidLogin < self.maximumInvalidLoginAttemps: countInvalidLogin = countInvalidLogin + 1 remainingAttempts = self.maximumInvalidLoginAttemps - countInvalidLogin print "Remainings counts %s" % remainingAttempts self.setUserAttributeValue( user_name, self.invalidLoginCountAttribute, StringHelper.toString(countInvalidLogin)) if remainingAttempts > 0 and userSatus == "active": facesMessages.add( FacesMessage.SEVERITY_INFO, StringHelper.toString(remainingAttempts) + " more attempt(s) before account is LOCKED!") if countInvalidLogin >= self.maximumInvalidLoginAttemps: self.lockUser(user_name, self.maximumInvalidLoginAttemps) return False object_from_store = cacheService.get(None, "lock_user_" + user_name) if object_from_store == None and countInvalidLogin >= self.maximumInvalidLoginAttemps: print "Basic (lock account).Lock Expired for '%s'" % user_name self.unLockUser(user_name) logged_in = authenticationService.authenticate( user_name, user_password) return True elif object_from_store != None: print "Basic (lock account). Lock Expiration time is ACTIVE for user '%s'" % user_name return False self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(0)) return True else: return False
def processOtpAuthentication(self, requestParameters, user_name, session_attributes, otp_auth_method): facesMessages = FacesMessages.instance() FacesContext.getCurrentInstance().getExternalContext().getFlash().setKeepMessages(True) userService = UserService.instance() otpCode = ServerUtil.getFirstValue(requestParameters, "loginForm:otpCode") if StringHelper.isEmpty(otpCode): facesMessages.add(StatusMessage.Severity.ERROR, "Failed to authenticate. OTP code is empty") print "OTP. Process OTP authentication. otpCode is empty" return False if otp_auth_method == "enroll": # Get key from session otp_secret_key_encoded = session_attributes.get("otp_secret_key") if otp_secret_key_encoded == None: print "OTP. Process OTP authentication. OTP secret key is invalid" return False otp_secret_key = self.fromBase64Url(otp_secret_key_encoded) if self.otpType == "hotp": validation_result = self.validateHotpKey(otp_secret_key, 1, otpCode) if (validation_result != None) and validation_result["result"]: print "OTP. Process HOTP authentication during enrollment. otpCode is valid" # Store HOTP Secret Key and moving factor in user entry otp_user_external_uid = "hotp:%s;%s" % ( otp_secret_key_encoded, validation_result["movingFactor"] ) # Add otp_user_external_uid to user's external GUID list find_user_by_external_uid = userService.addUserAttribute(user_name, "oxExternalUid", otp_user_external_uid) if find_user_by_external_uid != None: return True print "OTP. Process HOTP authentication during enrollment. Failed to update user entry" elif self.otpType == "totp": validation_result = self.validateTotpKey(otp_secret_key, otpCode) if (validation_result != None) and validation_result["result"]: print "OTP. Process TOTP authentication during enrollment. otpCode is valid" # Store TOTP Secret Key and moving factor in user entry otp_user_external_uid = "totp:%s" % otp_secret_key_encoded # Add otp_user_external_uid to user's external GUID list find_user_by_external_uid = userService.addUserAttribute(user_name, "oxExternalUid", otp_user_external_uid) if find_user_by_external_uid != None: return True print "OTP. Process TOTP authentication during enrollment. Failed to update user entry" elif otp_auth_method == "authenticate": user_enrollments = self.findEnrollments(user_name) if len(user_enrollments) == 0: print "OTP. Process OTP authentication. There is no OTP enrollment for user '%s'" % user_name facesMessages.add(StatusMessage.Severity.ERROR, "There is no valid OTP user enrollments") return False if self.otpType == "hotp": for user_enrollment in user_enrollments: user_enrollment_data = user_enrollment.split(";") otp_secret_key_encoded = user_enrollment_data[0] # Get current moving factor from user entry moving_factor = StringHelper.toInteger(user_enrollment_data[1]) otp_secret_key = self.fromBase64Url(otp_secret_key_encoded) # Validate TOTP validation_result = self.validateHotpKey(otp_secret_key, moving_factor, otpCode) if (validation_result != None) and validation_result["result"]: print "OTP. Process HOTP authentication during authentication. otpCode is valid" otp_user_external_uid = "hotp:%s;%s" % ( otp_secret_key_encoded, moving_factor ) new_otp_user_external_uid = "hotp:%s;%s" % ( otp_secret_key_encoded, validation_result["movingFactor"] ) # Update moving factor in user entry find_user_by_external_uid = userService.replaceUserAttribute(user_name, "oxExternalUid", otp_user_external_uid, new_otp_user_external_uid) if find_user_by_external_uid != None: return True print "OTP. Process HOTP authentication during authentication. Failed to update user entry" elif self.otpType == "totp": for user_enrollment in user_enrollments: otp_secret_key = self.fromBase64Url(user_enrollment) # Validate TOTP validation_result = self.validateTotpKey(otp_secret_key, otpCode) if (validation_result != None) and validation_result["result"]: print "OTP. Process TOTP authentication during authentication. otpCode is valid" return True facesMessages.add(StatusMessage.Severity.ERROR, "Failed to authenticate. OTP code is invalid") print "OTP. Process OTP authentication. OTP code is invalid" return False
def authenticate(self, configurationAttributes, requestParameters, step): authenticationService = CdiUtil.bean(AuthenticationService) if step == 1: print "Basic (lock account). Authenticate for step 1" facesMessages = CdiUtil.bean(FacesMessages) facesMessages.setKeepMessages() identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() cacheService = CdiUtil.bean(CacheService) userService = CdiUtil.bean(UserService) logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): try: logged_in = authenticationService.authenticate( user_name, user_password) except AuthenticationException: print "Basic (lock account). Authenticate. Failed to authenticate user '%s'" % user_name if not logged_in: countInvalidLoginArributeValue = self.getUserAttributeValue( user_name, self.invalidLoginCountAttribute) userSatus = self.getUserAttributeValue(user_name, "gluuStatus") print "Current user '%s' status is '%s'" % (user_name, userSatus) countInvalidLogin = StringHelper.toInteger( countInvalidLoginArributeValue, 0) if countInvalidLogin < self.maximumInvalidLoginAttemps: countInvalidLogin = countInvalidLogin + 1 remainingAttempts = self.maximumInvalidLoginAttemps - countInvalidLogin print "Remaining login count attempts '%s' for user '%s'" % ( remainingAttempts, user_name) self.setUserAttributeValue( user_name, self.invalidLoginCountAttribute, StringHelper.toString(countInvalidLogin)) if remainingAttempts > 0 and userSatus == "active": facesMessages.add( FacesMessage.SEVERITY_INFO, StringHelper.toString(remainingAttempts) + " more attempt(s) before account is LOCKED!") if (countInvalidLogin >= self.maximumInvalidLoginAttemps) and ( (userSatus == None) or (userSatus == "active")): print "Basic (lock account). Locking '%s' for '%s' seconds" % ( user_name, self.lockExpirationTime) self.lockUser(user_name) return False if (countInvalidLogin >= self.maximumInvalidLoginAttemps ) and userSatus == "inactive": print "Basic (lock account). User '%s' is locked. Checking if we can unlock him" % user_name unlock_and_authenticate = False object_from_store = cacheService.get( None, "lock_user_" + user_name) if object_from_store == None: # Object in cache was expired. We need to unlock user print "Basic (lock account). User locking details for user '%s' not exists" % user_name unlock_and_authenticate = True else: # Analyze object from cache user_lock_details = json.loads(object_from_store) user_lock_details_locked = user_lock_details['locked'] user_lock_details_created = user_lock_details[ 'created'] user_lock_details_created_date = LocalDateTime.parse( user_lock_details_created, DateTimeFormatter.ISO_LOCAL_DATE_TIME) user_lock_details_created_diff = Duration.between( user_lock_details_created_date, LocalDateTime.now()).getSeconds() print "Basic (lock account). Get user '%s' locking details. locked: '%s', Created: '%s', Difference in seconds: '%s'" % ( user_name, user_lock_details_locked, user_lock_details_created, user_lock_details_created_diff) if user_lock_details_locked and user_lock_details_created_diff >= self.lockExpirationTime: print "Basic (lock account). Unlocking user '%s' after lock expiration" % user_name unlock_and_authenticate = True if unlock_and_authenticate: self.unLockUser(user_name) self.setUserAttributeValue( user_name, self.invalidLoginCountAttribute, StringHelper.toString(0)) logged_in = authenticationService.authenticate( user_name, user_password) if not logged_in: # Update number of attempts self.setUserAttributeValue( user_name, self.invalidLoginCountAttribute, StringHelper.toString(1)) if self.maximumInvalidLoginAttemps == 1: # Lock user if maximum count login attempts is 1 self.lockUser(user_name) return False return logged_in else: return False
def authenticate(self, configurationAttributes, requestParameters, step): if (step == 1): print("Basic (multi auth conf & lock account). Authenticate for step 1") credentials = Identity.instance().getCredentials() keyValue = credentials.getUsername() userPassword = credentials.getPassword() if not StringHelper.isNotEmptyString(keyValue) or not StringHelper.isNotEmptyString(userPassword): print("Basic (multi auth conf & lock account). Missing fields ") faces_messages = FacesMessages.instance() faces_messages.clear() FacesContext.getCurrentInstance().getExternalContext().getFlash().setKeepMessages(True) faces_messages.addFromResourceBundle( FacesMessage.SEVERITY_ERROR, "login.missingField") return False keyValue = keyValue.strip() user_status = self.getUserAttributeValue(keyValue, "gluuStatus") if user_status is not None and user_status != "active": print("Basic (multi auth conf & lock account). Account locked for user '%s'" % keyValue) faces_messages = FacesMessages.instance() faces_messages.clear() FacesContext.getCurrentInstance().getExternalContext().getFlash().setKeepMessages(True) faces_messages.addFromResourceBundle( FacesMessage.SEVERITY_ERROR, "login.accountLocked") return False if (StringHelper.isNotEmptyString(keyValue) and StringHelper.isNotEmptyString(userPassword)): authenticationService = Component.getInstance( AuthenticationService) logged_in = False for ldapExtendedEntryManager in self.ldapExtendedEntryManagers: if logged_in: break ldapConfiguration = ldapExtendedEntryManager["ldapConfiguration"] ldapEntryManager = ldapExtendedEntryManager["ldapEntryManager"] loginAttributes = ldapExtendedEntryManager["loginAttributes"] localLoginAttributes = ldapExtendedEntryManager["localLoginAttributes"] print("Basic (multi auth conf & lock account). Authenticate for step 1. Using configuration: " + ldapConfiguration.getConfigId()) idx = 0 count = len(loginAttributes) while (idx < count): primaryKey = loginAttributes[idx] localPrimaryKey = localLoginAttributes[idx] loggedIn = authenticationService.authenticate( ldapConfiguration, ldapEntryManager, keyValue, userPassword, primaryKey, localPrimaryKey) if (loggedIn): logged_in = True break idx += 1 if logged_in: self.setUserAttributeValue( keyValue, self.invalidLoginCountAttribute, StringHelper.toString(0)) return True countInvalidLoginArributeValue = self.getUserAttributeValue( keyValue, self.invalidLoginCountAttribute) countInvalidLogin = StringHelper.toInteger( countInvalidLoginArributeValue, 0) if countInvalidLogin < self.maximumInvalidLoginAttemps: countInvalidLogin = countInvalidLogin + 1 self.setUserAttributeValue( keyValue, self.invalidLoginCountAttribute, StringHelper.toString(countInvalidLogin)) if countInvalidLogin >= self.maximumInvalidLoginAttemps: self.lockUser(keyValue) self.setUserAttributeValue( keyValue, self.invalidLoginCountAttribute, StringHelper.toString(0)) return False else: return False