use of org.keycloak.models.UserLoginFailureModel in project keycloak by keycloak.
the class DefaultBruteForceProtector method isTemporarilyDisabled.
@Override
public boolean isTemporarilyDisabled(KeycloakSession session, RealmModel realm, UserModel user) {
UserLoginFailureModel failure = session.loginFailures().getUserLoginFailure(realm, user.getId());
if (failure != null) {
int currTime = (int) (Time.currentTimeMillis() / 1000);
int failedLoginNotBefore = failure.getFailedLoginNotBefore();
if (currTime < failedLoginNotBefore) {
logger.debugv("Current: {0} notBefore: {1}", currTime, failedLoginNotBefore);
return true;
}
}
return false;
}
use of org.keycloak.models.UserLoginFailureModel in project keycloak by keycloak.
the class DefaultBruteForceProtector method failure.
public void failure(KeycloakSession session, LoginEvent event) {
logger.debug("failure");
RealmModel realm = getRealmModel(session, event);
logFailure(event);
String userId = event.userId;
UserLoginFailureModel userLoginFailure = getUserModel(session, event);
if (userLoginFailure == null) {
userLoginFailure = session.loginFailures().addUserLoginFailure(realm, userId);
}
userLoginFailure.setLastIPFailure(event.ip);
long currentTime = Time.currentTimeMillis();
long last = userLoginFailure.getLastFailure();
long deltaTime = 0;
if (last > 0) {
deltaTime = currentTime - last;
}
userLoginFailure.setLastFailure(currentTime);
if (realm.isPermanentLockout()) {
userLoginFailure.incrementFailures();
logger.debugv("new num failures: {0}", userLoginFailure.getNumFailures());
if (userLoginFailure.getNumFailures() == realm.getFailureFactor()) {
UserModel user = session.users().getUserById(realm, userId);
if (user == null) {
return;
}
logger.debugv("user {0} locked permanently due to too many login attempts", user.getUsername());
user.setEnabled(false);
user.setSingleAttribute(DISABLED_REASON, DISABLED_BY_PERMANENT_LOCKOUT);
return;
}
if (last > 0 && deltaTime < realm.getQuickLoginCheckMilliSeconds()) {
logger.debugv("quick login, set min wait seconds");
int waitSeconds = realm.getMinimumQuickLoginWaitSeconds();
int notBefore = (int) (currentTime / 1000) + waitSeconds;
logger.debugv("set notBefore: {0}", notBefore);
userLoginFailure.setFailedLoginNotBefore(notBefore);
}
return;
}
if (deltaTime > 0) {
// if last failure was more than MAX_DELTA clear failures
if (deltaTime > (long) realm.getMaxDeltaTimeSeconds() * 1000L) {
userLoginFailure.clearFailures();
}
}
userLoginFailure.incrementFailures();
logger.debugv("new num failures: {0}", userLoginFailure.getNumFailures());
int waitSeconds = realm.getWaitIncrementSeconds() * (userLoginFailure.getNumFailures() / realm.getFailureFactor());
logger.debugv("waitSeconds: {0}", waitSeconds);
logger.debugv("deltaTime: {0}", deltaTime);
if (waitSeconds == 0) {
if (last > 0 && deltaTime < realm.getQuickLoginCheckMilliSeconds()) {
logger.debugv("quick login, set min wait seconds");
waitSeconds = realm.getMinimumQuickLoginWaitSeconds();
}
}
if (waitSeconds > 0) {
waitSeconds = Math.min(realm.getMaxFailureWaitSeconds(), waitSeconds);
int notBefore = (int) (currentTime / 1000) + waitSeconds;
logger.debugv("set notBefore: {0}", notBefore);
userLoginFailure.setFailedLoginNotBefore(notBefore);
}
}
use of org.keycloak.models.UserLoginFailureModel in project keycloak by keycloak.
the class UserSessionProviderTest method loginFailures.
@Test
public void loginFailures() {
testingClient.server().run((KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test");
UserLoginFailureModel failure1 = kcSession.loginFailures().addUserLoginFailure(realm, "user1");
failure1.incrementFailures();
UserLoginFailureModel failure2 = kcSession.loginFailures().addUserLoginFailure(realm, "user2");
failure2.incrementFailures();
failure2.incrementFailures();
});
testingClient.server().run((KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test");
UserLoginFailureModel failure1 = kcSession.loginFailures().getUserLoginFailure(realm, "user1");
assertEquals(1, failure1.getNumFailures());
UserLoginFailureModel failure2 = kcSession.loginFailures().getUserLoginFailure(realm, "user2");
assertEquals(2, failure2.getNumFailures());
// Add the failure, which already exists
failure1.incrementFailures();
assertEquals(2, failure1.getNumFailures());
failure1 = kcSession.loginFailures().getUserLoginFailure(realm, "user1");
failure1.clearFailures();
failure1 = kcSession.loginFailures().getUserLoginFailure(realm, "user1");
assertEquals(0, failure1.getNumFailures());
});
testingClient.server().run((KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.loginFailures().removeUserLoginFailure(realm, "user1");
});
testingClient.server().run((KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test");
assertNull(kcSession.loginFailures().getUserLoginFailure(realm, "user1"));
kcSession.loginFailures().removeAllUserLoginFailures(realm);
});
testingClient.server().run((KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test");
assertNull(kcSession.loginFailures().getUserLoginFailure(realm, "user1"));
assertNull(kcSession.loginFailures().getUserLoginFailure(realm, "user2"));
});
}
use of org.keycloak.models.UserLoginFailureModel in project keycloak by keycloak.
the class BruteForceCrossDCTest method addUserLoginFailure.
// resolution on Wildfly: make deployment available on both dc0_1 and dc1_1, see @Deployment methods
private void addUserLoginFailure(KeycloakTestingClient testingClient) throws URISyntaxException, IOException {
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName(REALM_NAME);
UserLoginFailureModel loginFailure = session.loginFailures().addUserLoginFailure(realm, "login-test-1");
loginFailure.incrementFailures();
});
}
use of org.keycloak.models.UserLoginFailureModel in project keycloak by keycloak.
the class DefaultBruteForceProtector method success.
private void success(KeycloakSession session, LoginEvent event) {
String userId = event.userId;
UserLoginFailureModel user = getUserModel(session, event);
if (user == null)
return;
if (logger.isDebugEnabled()) {
UserModel model = session.users().getUserById(getRealmModel(session, event), userId);
logger.debugv("user {0} successfully logged in, clearing all failures", model.getUsername());
}
user.clearFailures();
}
Aggregations