Search in sources :

Example 21 with UserAccount

use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.

the class AccountManagerImpl method getUserAccount.

private UserAccount getUserAccount(final String username, final String password, final Long domainId, final Map<String, Object[]> requestParameters) {
    if (s_logger.isDebugEnabled()) {
        s_logger.debug("Attempting to log in user: " + username + " in domain " + domainId);
    }
    UserAccount userAccount = _userAccountDao.getUserAccount(username, domainId);
    boolean authenticated = false;
    final HashSet<ActionOnFailedAuthentication> actionsOnFailedAuthenticaion = new HashSet<>();
    final User.Source userSource = userAccount != null ? userAccount.getSource() : User.Source.UNKNOWN;
    for (final UserAuthenticator authenticator : _userAuthenticators) {
        if (userSource != User.Source.UNKNOWN) {
            if (!authenticator.getName().equalsIgnoreCase(userSource.name())) {
                continue;
            }
        }
        final Pair<Boolean, ActionOnFailedAuthentication> result = authenticator.authenticate(username, password, domainId, requestParameters);
        if (result.first()) {
            authenticated = true;
            break;
        } else if (result.second() != null) {
            actionsOnFailedAuthenticaion.add(result.second());
        }
    }
    final boolean updateIncorrectLoginCount = actionsOnFailedAuthenticaion.contains(ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT);
    if (authenticated) {
        final Domain domain = _domainMgr.getDomain(domainId);
        String domainName = null;
        if (domain != null) {
            domainName = domain.getName();
        }
        userAccount = _userAccountDao.getUserAccount(username, domainId);
        if (!userAccount.getState().equalsIgnoreCase(Account.State.enabled.toString()) || !userAccount.getAccountState().equalsIgnoreCase(Account.State.enabled.toString())) {
            if (s_logger.isInfoEnabled()) {
                s_logger.info("User " + username + " in domain " + domainName + " is disabled/locked (or account is disabled/locked)");
            }
            throw new CloudAuthenticationException("User " + username + " (or their account) in domain " + domainName + " is disabled/locked. Please contact the " + "administrator.");
        }
        // Whenever the user is able to log in successfully, reset the login attempts to zero
        if (!isInternalAccount(userAccount.getId())) {
            updateLoginAttempts(userAccount.getId(), 0, false);
        }
        return userAccount;
    } else {
        if (s_logger.isDebugEnabled()) {
            s_logger.debug("Unable to authenticate user with username " + username + " in domain " + domainId);
        }
        if (userAccount == null) {
            s_logger.warn("Unable to find an user with username " + username + " in domain " + domainId);
            return null;
        }
        if (userAccount.getState().equalsIgnoreCase(Account.State.enabled.toString())) {
            if (!isInternalAccount(userAccount.getId())) {
                // Internal accounts are not disabled
                final int attemptsMade = userAccount.getLoginAttempts() + 1;
                if (updateIncorrectLoginCount) {
                    if (attemptsMade < _allowedLoginAttempts) {
                        updateLoginAttempts(userAccount.getId(), attemptsMade, false);
                        s_logger.warn("Login attempt failed. You have " + (_allowedLoginAttempts - attemptsMade) + " attempt(s) remaining");
                    } else {
                        updateLoginAttempts(userAccount.getId(), _allowedLoginAttempts, true);
                        s_logger.warn("User " + userAccount.getUsername() + " has been disabled due to multiple failed login attempts." + " Please contact admin.");
                    }
                }
            }
        } else {
            s_logger.info("User " + userAccount.getUsername() + " is disabled/locked");
        }
        return null;
    }
}
Also used : User(com.cloud.legacymodel.user.User) CloudAuthenticationException(com.cloud.legacymodel.exceptions.CloudAuthenticationException) UserAuthenticator(com.cloud.server.auth.UserAuthenticator) ActionOnFailedAuthentication(com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication) Domain(com.cloud.legacymodel.domain.Domain) UserAccount(com.cloud.legacymodel.user.UserAccount) HashSet(java.util.HashSet)

Aggregations

UserAccount (com.cloud.legacymodel.user.UserAccount)21 Account (com.cloud.legacymodel.user.Account)10 InvalidParameterValueException (com.cloud.legacymodel.exceptions.InvalidParameterValueException)8 ServerApiException (com.cloud.api.ServerApiException)7 UserResponse (com.cloud.api.response.UserResponse)5 CloudRuntimeException (com.cloud.legacymodel.exceptions.CloudRuntimeException)5 User (com.cloud.legacymodel.user.User)5 ActionEvent (com.cloud.event.ActionEvent)4 Domain (com.cloud.legacymodel.domain.Domain)4 Pair (com.cloud.legacymodel.utils.Pair)4 CloudAuthenticationException (com.cloud.legacymodel.exceptions.CloudAuthenticationException)3 PermissionDeniedException (com.cloud.legacymodel.exceptions.PermissionDeniedException)3 VpnUserVO (com.cloud.network.VpnUserVO)3 AccountResponse (com.cloud.api.response.AccountResponse)2 DomainVO (com.cloud.domain.DomainVO)2 LdapUser (com.cloud.ldap.LdapUser)2 NoLdapUserMatchingQueryException (com.cloud.ldap.NoLdapUserMatchingQueryException)2 UserAuthenticator (com.cloud.server.auth.UserAuthenticator)2 DB (com.cloud.utils.db.DB)2 TransactionStatus (com.cloud.utils.db.TransactionStatus)2