use of io.gravitee.am.repository.management.api.search.LoginAttemptCriteria in project gravitee-access-management by gravitee-io.
the class LoginAttemptServiceTest method shouldCreateUser_accountLockFirstConnection.
@Test
public void shouldCreateUser_accountLockFirstConnection() {
final LoginAttemptCriteria loginAttemptCriteria = new LoginAttemptCriteria.Builder().client("client-1").domain("domain-1").username("user-1").identityProvider("idp-1").build();
final LoginAttempt loginAttempt = new LoginAttempt();
loginAttempt.setAttempts(1);
final AccountSettings accountSettings = new AccountSettings();
accountSettings.setLoginAttemptsDetectionEnabled(true);
accountSettings.setMaxLoginAttempts(1);
accountSettings.setAccountBlockedDuration(24 * 60 * 60 * 1000);
when(loginAttemptRepository.findByCriteria(loginAttemptCriteria)).thenReturn(Maybe.just(loginAttempt));
when(loginAttemptRepository.update(loginAttempt)).thenReturn(Single.just(loginAttempt));
TestObserver testObserver = loginAttemptService.loginFailed(loginAttemptCriteria, accountSettings).test();
testObserver.awaitTerminalEvent();
testObserver.assertNoErrors();
}
use of io.gravitee.am.repository.management.api.search.LoginAttemptCriteria in project gravitee-access-management by gravitee-io.
the class LoginAttemptServiceTest method shouldUpdateUser_accountLockAlreadyRegistered.
@Test
public void shouldUpdateUser_accountLockAlreadyRegistered() {
final LoginAttemptCriteria loginAttemptCriteria = new LoginAttemptCriteria.Builder().client("client-1").domain("domain-1").username("user-1").identityProvider("idp-1").build();
final LoginAttempt loginAttempt = new LoginAttempt();
loginAttempt.setAttempts(1);
final AccountSettings accountSettings = new AccountSettings();
accountSettings.setLoginAttemptsDetectionEnabled(true);
accountSettings.setMaxLoginAttempts(1);
accountSettings.setAccountBlockedDuration(24 * 60 * 60 * 1000);
when(loginAttemptRepository.findByCriteria(loginAttemptCriteria)).thenReturn(Maybe.just(loginAttempt));
when(loginAttemptRepository.update(loginAttempt)).thenReturn(Single.just(loginAttempt));
TestObserver testObserver = loginAttemptService.loginFailed(loginAttemptCriteria, accountSettings).test();
testObserver.awaitTerminalEvent();
testObserver.assertNoErrors();
}
use of io.gravitee.am.repository.management.api.search.LoginAttemptCriteria in project gravitee-access-management by gravitee-io.
the class UserAuthenticationManagerImpl method preAuthentication.
private Completable preAuthentication(Client client, String username, String source) {
final AccountSettings accountSettings = AccountSettings.getInstance(domain, client);
if (accountSettings != null && accountSettings.isLoginAttemptsDetectionEnabled()) {
LoginAttemptCriteria criteria = new LoginAttemptCriteria.Builder().domain(domain.getId()).client(client.getId()).identityProvider(source).username(username).build();
return loginAttemptService.checkAccount(criteria, accountSettings).map(Optional::of).defaultIfEmpty(Optional.empty()).flatMapCompletable(optLoginAttempt -> {
if (optLoginAttempt.isPresent() && optLoginAttempt.get().isAccountLocked(accountSettings.getMaxLoginAttempts())) {
Map<String, String> details = new HashMap<>();
details.put("attempt_id", optLoginAttempt.get().getId());
return Completable.error(new AccountLockedException("User " + username + " is locked", details));
}
return Completable.complete();
});
}
return Completable.complete();
}
use of io.gravitee.am.repository.management.api.search.LoginAttemptCriteria in project gravitee-access-management by gravitee-io.
the class UserAuthenticationServiceImpl method lockAccount.
@Override
public Completable lockAccount(LoginAttemptCriteria criteria, AccountSettings accountSettings, Client client, User user) {
if (user == null) {
return Completable.complete();
}
// update user status
user.setAccountNonLocked(false);
user.setAccountLockedAt(new Date());
user.setAccountLockedUntil(new Date(System.currentTimeMillis() + (accountSettings.getAccountBlockedDuration() * 1000)));
return userService.update(user).flatMap(user1 -> {
// send an email if option is enabled
if (user1.getEmail() != null && accountSettings.isSendRecoverAccountEmail()) {
new Thread(() -> emailService.send(Template.BLOCKED_ACCOUNT, user1, client)).start();
}
return Single.just(user);
}).doOnSuccess(user1 -> auditService.report(AuditBuilder.builder(UserAuditBuilder.class).type(EventType.USER_LOCKED).domain(criteria.domain()).client(criteria.client()).principal(null).user(user1))).ignoreElement();
}
use of io.gravitee.am.repository.management.api.search.LoginAttemptCriteria in project gravitee-access-management by gravitee-io.
the class JdbcLoginAttemptRepository method delete.
@Override
public Completable delete(LoginAttemptCriteria criteria) {
LOGGER.debug("delete({})", criteria);
Criteria whereClause = buildWhereClause(criteria);
if (!whereClause.isEmpty()) {
return monoToCompletable(template.delete(JdbcLoginAttempt.class).matching(Query.query(whereClause)).all());
}
throw new RepositoryIllegalQueryException("Unable to delete from LoginAttempt without criteria");
}
Aggregations