apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Allow disabling the login attempts mechanism for disabling users (#6254)

Browse Source 
* Fix: Allow disabling the login attempts mechanism for disabling users

* Refactor
This commit is contained in:
Nicolas Vazquez 2022-04-14 01:11:43 -03:00 committed by GitHub
parent 42a92dcdd3
commit fbf77978e1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 46 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/src/main/java/com/cloud/configuration/Config.java
View File

@ -984,7 +984,7 @@ public enum Config {
Integer.class, Integer.class,
"incorrect.login.attempts.allowed", "incorrect.login.attempts.allowed",
"5", "5",
"Incorrect login attempts allowed before the user is disabled", "Incorrect login attempts allowed before the user is disabled (when value > 0). If value <=0 users are not disabled after failed login attempts",
null), null),
// Ovm // Ovm
OvmPublicNetwork("Hidden", ManagementServer.class, String.class, "ovm.public.network.device", null, "Specify the public bridge on host for public network", null), OvmPublicNetwork("Hidden", ManagementServer.class, String.class, "ovm.public.network.device", null, "Specify the public bridge on host for public network", null),

28
server/src/main/java/com/cloud/user/AccountManagerImpl.java
View File

@ -2547,16 +2547,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
if (userAccount.getState().equalsIgnoreCase(Account.State.enabled.toString())) { if (userAccount.getState().equalsIgnoreCase(Account.State.enabled.toString())) {
if (!isInternalAccount(userAccount.getId())) { if (!isInternalAccount(userAccount.getId())) {
// Internal accounts are not disabled // Internal accounts are not disabled
int attemptsMade = userAccount.getLoginAttempts() + 1; updateLoginAttemptsWhenIncorrectLoginAttemptsEnabled(userAccount, updateIncorrectLoginCount, _allowedLoginAttempts);
if (updateIncorrectLoginCount) {
if (attemptsMade < _allowedLoginAttempts) {
updateLoginAttempts(userAccount.getId(), attemptsMade, false);
s_logger.warn("Login attempt failed. You have " + (_allowedLoginAttempts - attemptsMade) + " attempt(s) remaining");
} else {
updateLoginAttempts(userAccount.getId(), _allowedLoginAttempts, true);
s_logger.warn("User " + userAccount.getUsername() + " has been disabled due to multiple failed login attempts." + " Please contact admin.");
}
}
} }
} else { } else {
s_logger.info("User " + userAccount.getUsername() + " is disabled/locked"); s_logger.info("User " + userAccount.getUsername() + " is disabled/locked");
@ -2565,6 +2556,23 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
} }
} }
protected void updateLoginAttemptsWhenIncorrectLoginAttemptsEnabled(UserAccount account, boolean updateIncorrectLoginCount,
int allowedLoginAttempts) {
int attemptsMade = account.getLoginAttempts() + 1;
if (allowedLoginAttempts <= 0 || !updateIncorrectLoginCount) {
return;
}
if (attemptsMade < allowedLoginAttempts) {
updateLoginAttempts(account.getId(), attemptsMade, false);
s_logger.warn("Login attempt failed. You have " +
(allowedLoginAttempts - attemptsMade) + " attempt(s) remaining");
} else {
updateLoginAttempts(account.getId(), allowedLoginAttempts, true);
s_logger.warn("User " + account.getUsername() +
" has been disabled due to multiple failed login attempts." + " Please contact admin.");
}
}
@Override @Override
public Pair<User, Account> findUserByApiKey(String apiKey) { public Pair<User, Account> findUserByApiKey(String apiKey) {
return _accountDao.findUserAccountByApiKey(apiKey); return _accountDao.findUserAccountByApiKey(apiKey);

27
server/src/test/java/com/cloud/user/AccountManagerImplTest.java
View File

@ -710,4 +710,31 @@ public class AccountManagerImplTest extends AccountManagetImplTestBase {
Mockito.verify(authenticatorMock2, Mockito.times(1)).authenticate(username, currentPassword, domainId, null); Mockito.verify(authenticatorMock2, Mockito.times(1)).authenticate(username, currentPassword, domainId, null);
} }
@Test
public void testUpdateLoginAttemptsDisableMechanism() {
accountManagerImpl.updateLoginAttemptsWhenIncorrectLoginAttemptsEnabled(userAccountVO, true, 0);
Mockito.verify(accountManagerImpl, Mockito.never()).updateLoginAttempts(Mockito.anyLong(), Mockito.anyInt(), Mockito.anyBoolean());
}
@Test
public void testUpdateLoginAttemptsEnableMechanismAttemptsLeft() {
int attempts = 2;
int allowedAttempts = 5;
Long accountId = 1L;
Mockito.when(userAccountVO.getLoginAttempts()).thenReturn(attempts);
Mockito.when(userAccountVO.getId()).thenReturn(accountId);
accountManagerImpl.updateLoginAttemptsWhenIncorrectLoginAttemptsEnabled(userAccountVO, true, allowedAttempts);
Mockito.verify(accountManagerImpl).updateLoginAttempts(Mockito.eq(accountId), Mockito.eq(attempts + 1), Mockito.eq(false));
}
@Test
public void testUpdateLoginAttemptsEnableMechanismNoAttemptsLeft() {
int attempts = 5;
int allowedAttempts = 5;
Long accountId = 1L;
Mockito.when(userAccountVO.getLoginAttempts()).thenReturn(attempts);
Mockito.when(userAccountVO.getId()).thenReturn(accountId);
accountManagerImpl.updateLoginAttemptsWhenIncorrectLoginAttemptsEnabled(userAccountVO, true, allowedAttempts);
Mockito.verify(accountManagerImpl).updateLoginAttempts(Mockito.eq(accountId), Mockito.eq(allowedAttempts), Mockito.eq(true));
}
} }