Example 1 with UserPasswordExpiredException
use of org.thingsboard.server.service.security.exception.UserPasswordExpiredException in project thingsboard by thingsboard.
the class DefaultSystemSecurityService method validateUserCredentials.
@Override
public void validateUserCredentials(TenantId tenantId, UserCredentials userCredentials, String username, String password) throws AuthenticationException {
if (!encoder.matches(password, userCredentials.getPassword())) {
int failedLoginAttempts = userService.onUserLoginIncorrectCredentials(tenantId, userCredentials.getUserId());
SecuritySettings securitySettings = getSecuritySettings(tenantId);
if (securitySettings.getMaxFailedLoginAttempts() != null && securitySettings.getMaxFailedLoginAttempts() > 0) {
if (failedLoginAttempts > securitySettings.getMaxFailedLoginAttempts() && userCredentials.isEnabled()) {
userService.setUserCredentialsEnabled(TenantId.SYS_TENANT_ID, userCredentials.getUserId(), false);
if (StringUtils.isNoneBlank(securitySettings.getUserLockoutNotificationEmail())) {
try {
mailService.sendAccountLockoutEmail(username, securitySettings.getUserLockoutNotificationEmail(), securitySettings.getMaxFailedLoginAttempts());
} catch (ThingsboardException e) {
log.warn("Can't send email regarding user account [{}] lockout to provided email [{}]", username, securitySettings.getUserLockoutNotificationEmail(), e);
}
}
throw new LockedException("Authentication Failed. Username was locked due to security policy.");
}
}
throw new BadCredentialsException("Authentication Failed. Username or Password not valid.");
}
if (!userCredentials.isEnabled()) {
throw new DisabledException("User is not active");
}
userService.onUserLoginSuccessful(tenantId, userCredentials.getUserId());
SecuritySettings securitySettings = self.getSecuritySettings(tenantId);
if (isPositiveInteger(securitySettings.getPasswordPolicy().getPasswordExpirationPeriodDays())) {
if ((userCredentials.getCreatedTime() + TimeUnit.DAYS.toMillis(securitySettings.getPasswordPolicy().getPasswordExpirationPeriodDays())) < System.currentTimeMillis()) {
userCredentials = userService.requestExpiredPasswordReset(tenantId, userCredentials.getId());
throw new UserPasswordExpiredException("User password expired!", userCredentials.getResetToken());
}
}
}
Also used :
LockedException(org.springframework.security.authentication.LockedException)
DisabledException(org.springframework.security.authentication.DisabledException)
ThingsboardException(org.thingsboard.server.common.data.exception.ThingsboardException)
UserPasswordExpiredException(org.thingsboard.server.service.security.exception.UserPasswordExpiredException)
SecuritySettings(org.thingsboard.server.common.data.security.model.SecuritySettings)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Aggregations
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1
DisabledException (org.springframework.security.authentication.DisabledException)1
LockedException (org.springframework.security.authentication.LockedException)1
ThingsboardException (org.thingsboard.server.common.data.exception.ThingsboardException)1
SecuritySettings (org.thingsboard.server.common.data.security.model.SecuritySettings)1
UserPasswordExpiredException (org.thingsboard.server.service.security.exception.UserPasswordExpiredException)1
