def authenticate(self, configurationAttributes, requestParameters, step): authenticationService = CdiUtil.bean(AuthenticationService) if step == 1: print "Basic (lock account). Authenticate for step 1" facesMessages = CdiUtil.bean(FacesMessages) facesMessages.setKeepMessages() identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() cacheService = CdiUtil.bean(CacheService) userService = CdiUtil.bean(UserService) logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): try: logged_in = authenticationService.authenticate(user_name, user_password) except AuthenticationException: print "Basic (lock account). Authenticate. Failed to authenticate user '%s'" % user_name if logged_in: self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(0)) else: countInvalidLoginArributeValue = self.getUserAttributeValue(user_name, self.invalidLoginCountAttribute) userSatus = self.getUserAttributeValue(user_name, "gluuStatus") print "Current user '%s' status is '%s'" % ( user_name, userSatus ) countInvalidLogin = StringHelper.toInteger(countInvalidLoginArributeValue, 0) if countInvalidLogin < self.maximumInvalidLoginAttemps: countInvalidLogin = countInvalidLogin + 1 remainingAttempts = self.maximumInvalidLoginAttemps - countInvalidLogin print "Remaining login count attempts '%s' for user '%s'" % ( remainingAttempts, user_name ) self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(countInvalidLogin)) if remainingAttempts > 0 and userSatus == "active": facesMessages.add(FacesMessage.SEVERITY_INFO, StringHelper.toString(remainingAttempts)+" more attempt(s) before account is LOCKED!") if (countInvalidLogin >= self.maximumInvalidLoginAttemps) and ((userSatus == None) or (userSatus == "active")): print "Basic (lock account). Locking '%s' for '%s' seconds" % ( user_name, self.lockExpirationTime) self.lockUser(user_name) return False if (countInvalidLogin >= self.maximumInvalidLoginAttemps) and userSatus == "inactive": print "Basic (lock account). User '%s' is locked. Checking if we can unlock him" % user_name unlock_and_authenticate = False object_from_store = cacheService.get(None, "lock_user_" + user_name) if object_from_store == None: # Object in cache was expired. We need to unlock user print "Basic (lock account). User locking details for user '%s' not exists" % user_name unlock_and_authenticate = True else: # Analyze object from cache user_lock_details = json.loads(object_from_store) user_lock_details_locked = user_lock_details['locked'] user_lock_details_created = user_lock_details['created'] user_lock_details_created_date = LocalDateTime.parse(user_lock_details_created, DateTimeFormatter.ISO_LOCAL_DATE_TIME) user_lock_details_created_diff = Duration.between(user_lock_details_created_date, LocalDateTime.now()).getSeconds() print "Basic (lock account). Get user '%s' locking details. locked: '%s', Created: '%s', Difference in seconds: '%s'" % ( user_name, user_lock_details_locked, user_lock_details_created, user_lock_details_created_diff ) if user_lock_details_locked and user_lock_details_created_diff >= self.lockExpirationTime: print "Basic (lock account). Unlocking user '%s' after lock expiration" % user_name unlock_and_authenticate = True if unlock_and_authenticate: self.unLockUser(user_name) self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(0)) logged_in = authenticationService.authenticate(user_name, user_password) if not logged_in: # Update number of attempts self.setUserAttributeValue(user_name, self.invalidLoginCountAttribute, StringHelper.toString(1)) if self.maximumInvalidLoginAttemps == 1: # Lock user if maximum count login attempts is 1 self.lockUser(user_name) return False return logged_in else: return False