Examples with UserLoginFailureModel org.keycloak.models.UserLoginFailureModel used on opensource projects

Search in sources :

Example 1 with UserLoginFailureModel

use of org.keycloak.models.UserLoginFailureModel in project keycloak by keycloak.

the class DefaultBruteForceProtector method isTemporarilyDisabled.

@Override
public boolean isTemporarilyDisabled(KeycloakSession session, RealmModel realm, UserModel user) {
    UserLoginFailureModel failure = session.loginFailures().getUserLoginFailure(realm, user.getId());
    if (failure != null) {
        int currTime = (int) (Time.currentTimeMillis() / 1000);
        int failedLoginNotBefore = failure.getFailedLoginNotBefore();
        if (currTime < failedLoginNotBefore) {
            logger.debugv("Current: {0} notBefore: {1}", currTime, failedLoginNotBefore);
            return true;
        }
    }
    return false;
}
Also used : UserLoginFailureModel(org.keycloak.models.UserLoginFailureModel)

Example 2 with UserLoginFailureModel

use of org.keycloak.models.UserLoginFailureModel in project keycloak by keycloak.

the class DefaultBruteForceProtector method failure.

public void failure(KeycloakSession session, LoginEvent event) {
    logger.debug("failure");
    RealmModel realm = getRealmModel(session, event);
    logFailure(event);
    String userId = event.userId;
    UserLoginFailureModel userLoginFailure = getUserModel(session, event);
    if (userLoginFailure == null) {
        userLoginFailure = session.loginFailures().addUserLoginFailure(realm, userId);
    }
    userLoginFailure.setLastIPFailure(event.ip);
    long currentTime = Time.currentTimeMillis();
    long last = userLoginFailure.getLastFailure();
    long deltaTime = 0;
    if (last > 0) {
        deltaTime = currentTime - last;
    }
    userLoginFailure.setLastFailure(currentTime);
    if (realm.isPermanentLockout()) {
        userLoginFailure.incrementFailures();
        logger.debugv("new num failures: {0}", userLoginFailure.getNumFailures());
        if (userLoginFailure.getNumFailures() == realm.getFailureFactor()) {
            UserModel user = session.users().getUserById(realm, userId);
            if (user == null) {
                return;
            }
            logger.debugv("user {0} locked permanently due to too many login attempts", user.getUsername());
            user.setEnabled(false);
            user.setSingleAttribute(DISABLED_REASON, DISABLED_BY_PERMANENT_LOCKOUT);
            return;
        }
        if (last > 0 && deltaTime < realm.getQuickLoginCheckMilliSeconds()) {
            logger.debugv("quick login, set min wait seconds");
            int waitSeconds = realm.getMinimumQuickLoginWaitSeconds();
            int notBefore = (int) (currentTime / 1000) + waitSeconds;
            logger.debugv("set notBefore: {0}", notBefore);
            userLoginFailure.setFailedLoginNotBefore(notBefore);
        }
        return;
    }
    if (deltaTime > 0) {
        // if last failure was more than MAX_DELTA clear failures
        if (deltaTime > (long) realm.getMaxDeltaTimeSeconds() * 1000L) {
            userLoginFailure.clearFailures();
        }
    }
    userLoginFailure.incrementFailures();
    logger.debugv("new num failures: {0}", userLoginFailure.getNumFailures());
    int waitSeconds = realm.getWaitIncrementSeconds() * (userLoginFailure.getNumFailures() / realm.getFailureFactor());
    logger.debugv("waitSeconds: {0}", waitSeconds);
    logger.debugv("deltaTime: {0}", deltaTime);
    if (waitSeconds == 0) {
        if (last > 0 && deltaTime < realm.getQuickLoginCheckMilliSeconds()) {
            logger.debugv("quick login, set min wait seconds");
            waitSeconds = realm.getMinimumQuickLoginWaitSeconds();
        }
    }
    if (waitSeconds > 0) {
        waitSeconds = Math.min(realm.getMaxFailureWaitSeconds(), waitSeconds);
        int notBefore = (int) (currentTime / 1000) + waitSeconds;
        logger.debugv("set notBefore: {0}", notBefore);
        userLoginFailure.setFailedLoginNotBefore(notBefore);
    }
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) UserLoginFailureModel(org.keycloak.models.UserLoginFailureModel)

Example 3 with UserLoginFailureModel

use of org.keycloak.models.UserLoginFailureModel in project keycloak by keycloak.

the class UserSessionProviderTest method loginFailures.

@Test
public void loginFailures() {
    testingClient.server().run((KeycloakSession kcSession) -> {
        RealmModel realm = kcSession.realms().getRealmByName("test");
        UserLoginFailureModel failure1 = kcSession.loginFailures().addUserLoginFailure(realm, "user1");
        failure1.incrementFailures();
        UserLoginFailureModel failure2 = kcSession.loginFailures().addUserLoginFailure(realm, "user2");
        failure2.incrementFailures();
        failure2.incrementFailures();
    });
    testingClient.server().run((KeycloakSession kcSession) -> {
        RealmModel realm = kcSession.realms().getRealmByName("test");
        UserLoginFailureModel failure1 = kcSession.loginFailures().getUserLoginFailure(realm, "user1");
        assertEquals(1, failure1.getNumFailures());
        UserLoginFailureModel failure2 = kcSession.loginFailures().getUserLoginFailure(realm, "user2");
        assertEquals(2, failure2.getNumFailures());
        // Add the failure, which already exists
        failure1.incrementFailures();
        assertEquals(2, failure1.getNumFailures());
        failure1 = kcSession.loginFailures().getUserLoginFailure(realm, "user1");
        failure1.clearFailures();
        failure1 = kcSession.loginFailures().getUserLoginFailure(realm, "user1");
        assertEquals(0, failure1.getNumFailures());
    });
    testingClient.server().run((KeycloakSession kcSession) -> {
        RealmModel realm = kcSession.realms().getRealmByName("test");
        kcSession.loginFailures().removeUserLoginFailure(realm, "user1");
    });
    testingClient.server().run((KeycloakSession kcSession) -> {
        RealmModel realm = kcSession.realms().getRealmByName("test");
        assertNull(kcSession.loginFailures().getUserLoginFailure(realm, "user1"));
        kcSession.loginFailures().removeAllUserLoginFailures(realm);
    });
    testingClient.server().run((KeycloakSession kcSession) -> {
        RealmModel realm = kcSession.realms().getRealmByName("test");
        assertNull(kcSession.loginFailures().getUserLoginFailure(realm, "user1"));
        assertNull(kcSession.loginFailures().getUserLoginFailure(realm, "user2"));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserLoginFailureModel(org.keycloak.models.UserLoginFailureModel) KeycloakSession(org.keycloak.models.KeycloakSession) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 4 with UserLoginFailureModel

use of org.keycloak.models.UserLoginFailureModel in project keycloak by keycloak.

the class BruteForceCrossDCTest method addUserLoginFailure.

// resolution on Wildfly: make deployment available on both dc0_1 and dc1_1, see @Deployment methods
private void addUserLoginFailure(KeycloakTestingClient testingClient) throws URISyntaxException, IOException {
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealmByName(REALM_NAME);
        UserLoginFailureModel loginFailure = session.loginFailures().addUserLoginFailure(realm, "login-test-1");
        loginFailure.incrementFailures();
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserLoginFailureModel(org.keycloak.models.UserLoginFailureModel)

Example 5 with UserLoginFailureModel

use of org.keycloak.models.UserLoginFailureModel in project keycloak by keycloak.

the class DefaultBruteForceProtector method success.

private void success(KeycloakSession session, LoginEvent event) {
    String userId = event.userId;
    UserLoginFailureModel user = getUserModel(session, event);
    if (user == null)
        return;
    if (logger.isDebugEnabled()) {
        UserModel model = session.users().getUserById(getRealmModel(session, event), userId);
        logger.debugv("user {0} successfully logged in, clearing all failures", model.getUsername());
    }
    user.clearFailures();
}
Also used : UserModel(org.keycloak.models.UserModel) UserLoginFailureModel(org.keycloak.models.UserLoginFailureModel)

Aggregations

UserLoginFailureModel (org.keycloak.models.UserLoginFailureModel)9 RealmModel (org.keycloak.models.RealmModel)4 UserModel (org.keycloak.models.UserModel)4 Path (javax.ws.rs.Path)2 HashMap (java.util.HashMap)1 BadRequestException (javax.ws.rs.BadRequestException)1 Consumes (javax.ws.rs.Consumes)1 DELETE (javax.ws.rs.DELETE)1 GET (javax.ws.rs.GET)1 NotFoundException (javax.ws.rs.NotFoundException)1 PUT (javax.ws.rs.PUT)1 Produces (javax.ws.rs.Produces)1 WebApplicationException (javax.ws.rs.WebApplicationException)1 Response (javax.ws.rs.core.Response)1 NoCache (org.jboss.resteasy.annotations.cache.NoCache)1 Test (org.junit.Test)1 EmailException (org.keycloak.email.EmailException)1 KeycloakSession (org.keycloak.models.KeycloakSession)1 ModelDuplicateException (org.keycloak.models.ModelDuplicateException)1 ModelException (org.keycloak.models.ModelException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial