Example 21 with UserAccount
use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.
the class AccountManagerImpl method getUserAccount.
private UserAccount getUserAccount(final String username, final String password, final Long domainId, final Map<String, Object[]> requestParameters) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Attempting to log in user: " + username + " in domain " + domainId);
}
UserAccount userAccount = _userAccountDao.getUserAccount(username, domainId);
boolean authenticated = false;
final HashSet<ActionOnFailedAuthentication> actionsOnFailedAuthenticaion = new HashSet<>();
final User.Source userSource = userAccount != null ? userAccount.getSource() : User.Source.UNKNOWN;
for (final UserAuthenticator authenticator : _userAuthenticators) {
if (userSource != User.Source.UNKNOWN) {
if (!authenticator.getName().equalsIgnoreCase(userSource.name())) {
continue;
}
}
final Pair<Boolean, ActionOnFailedAuthentication> result = authenticator.authenticate(username, password, domainId, requestParameters);
if (result.first()) {
authenticated = true;
break;
} else if (result.second() != null) {
actionsOnFailedAuthenticaion.add(result.second());
}
}
final boolean updateIncorrectLoginCount = actionsOnFailedAuthenticaion.contains(ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT);
if (authenticated) {
final Domain domain = _domainMgr.getDomain(domainId);
String domainName = null;
if (domain != null) {
domainName = domain.getName();
}
userAccount = _userAccountDao.getUserAccount(username, domainId);
if (!userAccount.getState().equalsIgnoreCase(Account.State.enabled.toString()) || !userAccount.getAccountState().equalsIgnoreCase(Account.State.enabled.toString())) {
if (s_logger.isInfoEnabled()) {
s_logger.info("User " + username + " in domain " + domainName + " is disabled/locked (or account is disabled/locked)");
}
throw new CloudAuthenticationException("User " + username + " (or their account) in domain " + domainName + " is disabled/locked. Please contact the " + "administrator.");
}
// Whenever the user is able to log in successfully, reset the login attempts to zero
if (!isInternalAccount(userAccount.getId())) {
updateLoginAttempts(userAccount.getId(), 0, false);
}
return userAccount;
} else {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Unable to authenticate user with username " + username + " in domain " + domainId);
}
if (userAccount == null) {
s_logger.warn("Unable to find an user with username " + username + " in domain " + domainId);
return null;
}
if (userAccount.getState().equalsIgnoreCase(Account.State.enabled.toString())) {
if (!isInternalAccount(userAccount.getId())) {
// Internal accounts are not disabled
final int attemptsMade = userAccount.getLoginAttempts() + 1;
if (updateIncorrectLoginCount) {
if (attemptsMade < _allowedLoginAttempts) {
updateLoginAttempts(userAccount.getId(), attemptsMade, false);
s_logger.warn("Login attempt failed. You have " + (_allowedLoginAttempts - attemptsMade) + " attempt(s) remaining");
} else {
updateLoginAttempts(userAccount.getId(), _allowedLoginAttempts, true);
s_logger.warn("User " + userAccount.getUsername() + " has been disabled due to multiple failed login attempts." + " Please contact admin.");
}
}
}
} else {
s_logger.info("User " + userAccount.getUsername() + " is disabled/locked");
}
return null;
}
}
Also used :
User(com.cloud.legacymodel.user.User)
CloudAuthenticationException(com.cloud.legacymodel.exceptions.CloudAuthenticationException)
UserAuthenticator(com.cloud.server.auth.UserAuthenticator)
ActionOnFailedAuthentication(com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication)
Domain(com.cloud.legacymodel.domain.Domain)
UserAccount(com.cloud.legacymodel.user.UserAccount)
HashSet(java.util.HashSet)
Aggregations
UserAccount (com.cloud.legacymodel.user.UserAccount)21
Account (com.cloud.legacymodel.user.Account)10
InvalidParameterValueException (com.cloud.legacymodel.exceptions.InvalidParameterValueException)8
ServerApiException (com.cloud.api.ServerApiException)7
UserResponse (com.cloud.api.response.UserResponse)5
CloudRuntimeException (com.cloud.legacymodel.exceptions.CloudRuntimeException)5
User (com.cloud.legacymodel.user.User)5
ActionEvent (com.cloud.event.ActionEvent)4
Domain (com.cloud.legacymodel.domain.Domain)4
Pair (com.cloud.legacymodel.utils.Pair)4
CloudAuthenticationException (com.cloud.legacymodel.exceptions.CloudAuthenticationException)3
PermissionDeniedException (com.cloud.legacymodel.exceptions.PermissionDeniedException)3
VpnUserVO (com.cloud.network.VpnUserVO)3
AccountResponse (com.cloud.api.response.AccountResponse)2
DomainVO (com.cloud.domain.DomainVO)2
LdapUser (com.cloud.ldap.LdapUser)2
NoLdapUserMatchingQueryException (com.cloud.ldap.NoLdapUserMatchingQueryException)2
UserAuthenticator (com.cloud.server.auth.UserAuthenticator)2
DB (com.cloud.utils.db.DB)2
TransactionStatus (com.cloud.utils.db.TransactionStatus)2
