Commit 87ca0951 authored by Matija Obreza's avatar Matija Obreza

Merge branch 'genesys-server-507' into 'master'

Handle successful login only for users

See merge request genesys-pgr/application-blocks!67
parents cd99afd5 2b84c84c
......@@ -23,7 +23,6 @@ import java.util.Map;
import javax.annotation.Resource;
import org.genesys.blocks.security.NoUserFoundException;
import org.genesys.blocks.security.model.BasicUser;
import org.genesys.blocks.security.service.BasicUserService;
import org.slf4j.Logger;
......@@ -96,8 +95,8 @@ public class AccountLockoutManager {
try {
userService.updateLastLogin(userName);
} catch (final NoUserFoundException e) {
LOG.warn(e.getMessage());
} catch (final Throwable e) {
LOG.warn("Could not update last login for {}: {}", userName, e.getMessage());
}
}
......@@ -113,15 +112,15 @@ public class AccountLockoutManager {
if (loginAttempts.containsKey(userName)) {
stats = loginAttempts.get(userName);
} else {
final BasicUser<?> user = userService.getUserByEmail(userName);
if (user != null) {
stats = new AttemptStatistics();
stats.id = user.getId();
loginAttempts.put(userName, stats);
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("No such user username=" + userName);
try {
final BasicUser<?> user = userService.getUserByEmail(userName);
if (user != null) {
stats = new AttemptStatistics();
stats.id = user.getId();
loginAttempts.put(userName, stats);
}
} catch (final Throwable e) {
LOG.warn("Could not load user data for {}: {}", userName, e.getMessage());
}
}
......@@ -136,8 +135,8 @@ public class AccountLockoutManager {
LOG.warn("Too many failed login attempts. Locking account for username=" + userName);
try {
userService.setAccountLockLocal(stats.id, true);
} catch (final NoUserFoundException e) {
LOG.warn(e.getMessage());
} catch (final Throwable e) {
LOG.warn("Could not lock account {}: {}", userName, e.getMessage());
}
throw new LockedException("Too many failed login attempts.");
}
......
......@@ -65,6 +65,8 @@ public class AuthenticationSuccessListener implements ApplicationListener<Authen
LOG.info("Successful login attempt for username={} from IP={}", userName, wad.getRemoteAddress());
}
lockoutManager.handleSuccessfulLogin(userName);
if (principal instanceof BasicUser<?>) {
lockoutManager.handleSuccessfulLogin(userName);
}
}
}
......@@ -359,6 +359,10 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends
@Transactional
public void updateLastLogin(String userName) throws NoUserFoundException {
T u = getUserByEmail(userName);
if (u == null) {
throw new NoUserFoundException("No such user.");
}
u.setLastLogin(new Date());
// Set account to expire 1 year after last login
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment