Merge pull request #80 from Kitzanos/fixed-bug-login-attempt
Logged Login Attempts for SAML-Based Authentication
This commit is contained in:
rbonazzo-KZ
@@ -140,8 +140,8 @@ public class ApplicationAmendmentRequestServiceImpl implements ApplicationAmendm
|
||||
return applicationAmendmentRequestDao.getAmendmentByApplicationId(request,applicationId);
|
||||
}
|
||||
@Override
|
||||
public ApplicationAmendmentRequestResponse updateApplicationStatus(HttpServletRequest request, Long applicationId, ApplicationAmendmentRequestEnum status) {
|
||||
return applicationAmendmentRequestDao.updateApplicationAmendmentStatus(applicationId, status);
|
||||
public ApplicationAmendmentRequestResponse updateApplicationAmendmentStatus(HttpServletRequest request, Long applicationAmendmentId, ApplicationAmendmentRequestEnum status) {
|
||||
return applicationAmendmentRequestDao.updateApplicationAmendmentStatus(applicationAmendmentId, status);
|
||||
|
||||
}
|
||||
@Override
|
||||
|
||||
@@ -79,6 +79,7 @@ public class AuthenticationService {
|
||||
UserEntity user=null;
|
||||
|
||||
LoginAttemptEntity loginAttemptEntity = prepareLoginAttemptEntity(loginReq, request);
|
||||
try {
|
||||
log.info("Attempting login for email: {}", loginReq.getEmail());
|
||||
String emailWithHubId = loginReq.getEmail()+":"+loginReq.getHubUuid();
|
||||
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
|
||||
@@ -94,11 +95,18 @@ public class AuthenticationService {
|
||||
throw new ResourceNotFoundException(Status.NOT_FOUND,
|
||||
Translator.toLocale(GepafinConstant.USER_NOT_FOUND_MSG));
|
||||
}
|
||||
loginAttemptEntity.setUserId(user.getId());
|
||||
createSuccessLoginAttempt(loginAttemptEntity);
|
||||
} catch (Exception e) {
|
||||
log.info("Authentication failed for email: {}", loginReq.getEmail());
|
||||
loginAttemptEntity.setUserId(user.getId());
|
||||
createFailedLoginAttempt(loginAttemptEntity, e.getMessage());
|
||||
throw e;
|
||||
}
|
||||
return getJWTTokenBean(user, loginReq.getRememberMe());
|
||||
}
|
||||
|
||||
private LoginAttemptEntity prepareLoginAttemptEntity(LoginReq loginUserReq, HttpServletRequest request) {
|
||||
public LoginAttemptEntity prepareLoginAttemptEntity(LoginReq loginUserReq, HttpServletRequest request) {
|
||||
String ipAddress = Utils.getClientIpAddress(request);
|
||||
String userAgent = request.getHeader("user-agent");
|
||||
LoginAttemptEntity loginAttemptEntity = new LoginAttemptEntity();
|
||||
@@ -109,11 +117,11 @@ public class AuthenticationService {
|
||||
return loginAttemptEntity;
|
||||
}
|
||||
|
||||
private void createSuccessLoginAttempt(LoginAttemptEntity loginAttemptEntity) {
|
||||
public void createSuccessLoginAttempt(LoginAttemptEntity loginAttemptEntity) {
|
||||
loginAttemptEntity.setResult(LoginAttemptResultEnum.SUCCESS.getValue());
|
||||
loginAttemptDao.createLoginAttempt(loginAttemptEntity);
|
||||
}
|
||||
private void createFailedLoginAttempt(LoginAttemptEntity loginAttemptEntity, String errorMsg) {
|
||||
public void createFailedLoginAttempt(LoginAttemptEntity loginAttemptEntity, String errorMsg) {
|
||||
loginAttemptEntity.setResult(LoginAttemptResultEnum.FAILED.getValue());
|
||||
loginAttemptEntity.setErrorMsg(errorMsg);
|
||||
loginAttemptDao.createLoginAttempt(loginAttemptEntity);
|
||||
@@ -184,13 +192,17 @@ public class AuthenticationService {
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
public JWTToken validateExistingUserToken(String token) {
|
||||
public JWTToken validateExistingUserToken(HttpServletRequest request,String token) {
|
||||
SamlResponseEntity samlResponseLogEntity = samlResponseLogRepository.findByToken(token);
|
||||
if (samlResponseLogEntity == null) {
|
||||
log.info("Invalid spid login token : {}", token);
|
||||
throw new CustomValidationException(Status.VALIDATION_ERROR,
|
||||
Translator.toLocale(GepafinConstant.INVALID_TOKEN_MSG));
|
||||
}
|
||||
LoginReq loginReq=new LoginReq();
|
||||
Long userId=null;
|
||||
LoginAttemptEntity loginAttemptEntity =new LoginAttemptEntity();
|
||||
try {
|
||||
HubEntity hub = hubService.getHubByUuid(samlResponseLogEntity.getHubUuid());
|
||||
Map<String, List<Object>> userAttributes = Utils
|
||||
.convertStringIntoMap(samlResponseLogEntity.getAuthenticationObject());
|
||||
@@ -198,9 +210,18 @@ public class AuthenticationService {
|
||||
UserEntity userEntity = userRepository.findByBeneficiaryCodiceFiscaleAndHubId(cf, hub.getId())
|
||||
.orElseThrow(() -> new ResourceNotFoundException(Status.NOT_FOUND,
|
||||
Translator.toLocale(GepafinConstant.USER_NOT_FOUND_MSG)));
|
||||
userId=userEntity.getId();
|
||||
//samlResponseLogRepository.delete(samlResponseLogEntity);
|
||||
|
||||
return getJWTTokenBean(userEntity, Boolean.TRUE);
|
||||
loginReq.setEmail(userEntity.getEmail());
|
||||
loginAttemptEntity = prepareLoginAttemptEntity(loginReq, request);
|
||||
loginAttemptEntity.setUserId(userEntity.getId());
|
||||
return getJWTTokenBean(userEntity, Boolean.TRUE);
|
||||
} catch (Exception e) {
|
||||
log.info("Authentication login failed for email: {}",e.getMessage());
|
||||
loginAttemptEntity.setUserId(userId);
|
||||
createFailedLoginAttempt(loginAttemptEntity, e.getMessage());
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -103,7 +103,7 @@ public class UserServiceImpl implements UserService {
|
||||
@Override
|
||||
@Transactional(rollbackFor = Exception.class)
|
||||
public JWTToken validateExistingUserToken(HttpServletRequest request, String token) {
|
||||
return userDao.validateExistingUserToken(token);
|
||||
return userDao.validateExistingUserToken(request,token);
|
||||
}
|
||||
@Override
|
||||
public UserSamlResponse validateNewUserToken(HttpServletRequest request, String token) {
|
||||
|
||||
Reference in New Issue
Block a user