StephanRichter/LightOidc
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

Merge branch 'main' into sqlite

Browse Source
This commit is contained in:
Stephan Richter
2024-10-18 21:05:34 +02:00
parent f232c01460 5458e6d015
commit 893f6f418c
19 changed files with 271 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
de.srsoftware.oidc.datastore.encrypted/src/main/java/de/srsoftware/oidc/datastore/encrypted/EncryptedUserService.java
View File

@@ -1,20 +1,23 @@
/* © SRSoftware 2024 */
package de.srsoftware.oidc.datastore.encrypted;
import static de.srsoftware.oidc.api.Constants.*;
import static java.lang.System.Logger.Level.WARNING;
import static java.util.Optional.empty;
import de.srsoftware.oidc.api.UserService;
import de.srsoftware.oidc.api.data.AccessToken;
import de.srsoftware.oidc.api.data.User;
import de.srsoftware.utils.Error;
import de.srsoftware.utils.PasswordHasher;
import java.util.HashMap;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import de.srsoftware.utils.Payload;
import de.srsoftware.utils.Result;
import java.util.*;
public class EncryptedUserService extends EncryptedConfig implements UserService {
private final UserService backend;
private final PasswordHasher hasher;
private static final System.Logger LOG = System.getLogger(EncryptedUserService.class.getSimpleName());
private final UserService backend;
private final PasswordHasher hasher;
public EncryptedUserService(UserService backend, String key, String salt, PasswordHasher passHasher) {
super(key, salt);
@@ -94,13 +97,26 @@ public class EncryptedUserService extends EncryptedConfig implements UserService
}
@Override
public Optional<User> load(String username, String password) {
if (username == null || username.isBlank()) return empty();
public Result<User> login(String username, String password) {
if (username == null || username.isBlank()) return Error.message(ERROR_NO_USERNAME);
var optLock = getLock(username);
if (optLock.isPresent()) {
var lock = optLock.get();
LOG.log(WARNING, "{0} is locked after {1} failed logins. Lock will be released at {2}", username, lock.attempts(), lock.releaseTime());
return Error.message(ERROR_LOCKED, ATTEMPTS, lock.attempts(), RELEASE, lock.releaseTime());
}
for (var encryptedUser : backend.list()) {
var decryptedUser = decrypt(encryptedUser);
if (username.equals(decryptedUser.username()) && hasher.matches(password, decryptedUser.hashedPassword())) return Optional.of(decryptedUser);
if (!username.equals(decryptedUser.username())) continue;
if (hasher.matches(password, decryptedUser.hashedPassword())) {
this.unlock(username);
return Payload.of(decryptedUser);
}
}
return empty();
var lock = lock(username);
LOG.log(WARNING, "Login failed for {0} → locking account until {1}", username, lock.releaseTime());
return Error.message(ERROR_LOGIN_FAILED, RELEASE, lock.releaseTime());
}
@Override

29
de.srsoftware.oidc.datastore.encrypted/src/test/java/EncryptedUserServiceTest.java
View File

@@ -1,13 +1,17 @@
/* © SRSoftware 2024 */
import static de.srsoftware.oidc.api.Constants.*;
import static de.srsoftware.utils.Optionals.nullable;
import static de.srsoftware.utils.Strings.uuid;
import static java.lang.System.Logger.Level.WARNING;
import de.srsoftware.oidc.api.UserService;
import de.srsoftware.oidc.api.UserServiceTest;
import de.srsoftware.oidc.api.*;
import de.srsoftware.oidc.api.data.AccessToken;
import de.srsoftware.oidc.api.data.User;
import de.srsoftware.oidc.datastore.encrypted.EncryptedUserService;
import de.srsoftware.utils.Error;
import de.srsoftware.utils.PasswordHasher;
import de.srsoftware.utils.Payload;
import de.srsoftware.utils.Result;
import java.io.File;
import java.util.*;
import java.util.stream.Collectors;
@@ -15,6 +19,7 @@ import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
public class EncryptedUserServiceTest extends UserServiceTest {
private static final System.Logger LOG = System.getLogger(EncryptedUserServiceTest.class.getSimpleName());
private class InMemoryUserService implements UserService {
private final PasswordHasher<String> hasher;
private HashMap<String, User> users = new HashMap<>();
@@ -66,8 +71,24 @@ public class EncryptedUserServiceTest extends UserServiceTest {
}
@Override
public Optional<User> load(String username, String password) {
return users.values().stream().filter(user -> user.username().equals(username) && passwordMatches(password, user)).findAny();
public Result<User> login(String username, String password) {
var optLock = getLock(username);
if (optLock.isPresent()) {
var lock = optLock.get();
LOG.log(WARNING, "{} is locked after {} failed logins. Lock will be released at {}", username, lock.attempts(), lock.releaseTime());
return Error.message(ERROR_LOCKED, ATTEMPTS, lock.attempts(), RELEASE, lock.releaseTime());
}
for (var entry : users.entrySet()) {
var user = entry.getValue();
if (user.username().equals(username) && passwordMatches(password, user)) {
unlock(username);
return Payload.of(user);
}
}
var lock = lock(username);
LOG.log(WARNING, "Login failed for {0} → locking account until {1}", username, lock.releaseTime());
return Error.message(ERROR_LOGIN_FAILED, RELEASE, lock.releaseTime());
}
@Override