Examples with UserSecret org.molgenis.security.twofactor.model.UserSecret used on opensource projects

Example 6 with UserSecret

use of org.molgenis.security.twofactor.model.UserSecret in project molgenis by molgenis.

the class TwoFactorAuthenticationServiceImpl method disableForUser.

@Override
public void disableForUser() {
    User user = getUser();
    user.setTwoFactorAuthentication(false);
    userService.update(user);
    UserSecret userSecret = getSecret();
    runAsSystem(() -> dataService.delete(USER_SECRET, userSecret));
}

Example 7 with UserSecret

use of org.molgenis.security.twofactor.model.UserSecret in project molgenis by molgenis.

the class TwoFactorAuthenticationServiceImpl method updateFailedLoginAttempts.

/**
 * Check if user has 3 or more failed login attempts
 * -> then determine if the user is within the 30 seconds of the last failed login attempt
 * -> if the user is not outside the timeframe than the failed login attempts are set to 1 because it is a failed login attempt
 * When the user has less than 3 failed login attempts
 * -> the last failed login attempt is logged
 *
 * @param numberOfAttempts number of failed login attempts
 */
private void updateFailedLoginAttempts(int numberOfAttempts) {
    UserSecret userSecret = getSecret();
    userSecret.setFailedLoginAttempts(numberOfAttempts);
    if (userSecret.getFailedLoginAttempts() >= MAX_FAILED_LOGIN_ATTEMPTS) {
        if (!(userSecret.getLastFailedAuthentication() != null && (Instant.now().toEpochMilli() < userSecret.getLastFailedAuthentication().plus(Duration.ofSeconds(BLOCKED_USER_INTERVAL)).toEpochMilli()))) {
            userSecret.setFailedLoginAttempts(FAILED_LOGIN_ATTEMPT_ITERATION);
        }
    } else {
        userSecret.setLastFailedAuthentication(Instant.now());
    }
    runAsSystem(() -> dataService.update(USER_SECRET, userSecret));
}