StephanRichter/LightOidc
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

improved error message display on login papge

Browse Source 
Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
This commit is contained in:
Stephan Richter
2024-10-18 21:04:00 +02:00
parent 951c65c121
commit 5458e6d015
16 changed files with 109 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/FileStore.java
View File

@@ -10,7 +10,10 @@ import static java.util.Optional.empty;
import de.srsoftware.oidc.api.*;
import de.srsoftware.oidc.api.data.*;
import de.srsoftware.utils.Error;
import de.srsoftware.utils.PasswordHasher;
import de.srsoftware.utils.Payload;
import de.srsoftware.utils.Result;
import jakarta.mail.Authenticator;
import jakarta.mail.PasswordAuthentication;
import java.io.File;
@@ -176,31 +179,32 @@ public class FileStore implements AuthorizationService, ClientService, SessionSe
}
@Override
public Optional<User> login(String user, String password) {
if (!json.has(USERS)) return empty();
var optLock = getLock(user);
public Result<User> login(String username, String password) {
if (!json.has(USERS)) return Error.message(ERROR_LOGIN_FAILED);
if (username == null || username.isBlank()) return Error.message(ERROR_NO_USERNAME);
var optLock = getLock(username);
if (optLock.isPresent()) {
var lock = optLock.get();
LOG.log(WARNING, "{} is locked after {} failed logins. Lock will be released at {}", user, lock.attempts(), lock.releaseTime());
return empty();
LOG.log(WARNING, "{0} is locked after {1} failed logins. Lock will be released at {2}", username, lock.attempts(), lock.releaseTime());
return Error.message(ERROR_LOCKED, ATTEMPTS, lock.attempts(), RELEASE, lock.releaseTime());
}
try {
var users = json.getJSONObject(USERS);
for (String userId : users.keySet()) {
var userData = users.getJSONObject(userId);
if (KEYS.stream().map(userData::getString).noneMatch(val -> val.equals(user))) continue;
if (KEYS.stream().map(userData::getString).noneMatch(val -> val.equals(username))) continue;
var loadedUser = User.of(userData, userId).filter(u -> passwordMatches(password, u));
if (loadedUser.isPresent()) {
unlock(user);
return loadedUser;
unlock(username);
return Payload.of(loadedUser.get());
}
lock(userId);
}
lock(user);
return empty();
var lock = lock(username);
LOG.log(WARNING, "Login failed for {0} → locking account until {1}", username, lock.releaseTime());
return Error.message(ERROR_LOGIN_FAILED, RELEASE, lock.releaseTime());
} catch (Exception e) {
return empty();
return Error.message(ERROR_LOGIN_FAILED);
}
}