Bladeren bron

PasswordPolicy fix

Crystal.Sea 5 jaren geleden
bovenliggende
commit
1f0377e8ec

+ 2 - 2
maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java

@@ -82,12 +82,12 @@ public abstract class AbstractAuthenticationProvider {
         try {
             authentication = doInternalAuthenticate(authentication);
         } catch (AuthenticationException e) {
-            e.printStackTrace();
             _logger.error("Failed to authenticate user {} via {}: {}",
                     new Object[] { 
                             authentication.getPrincipal(), getProviderName(), e.getMessage() });
+            WebContext.setAttribute(
+                    WebConstants.LOGIN_ERROR_SESSION_MESSAGE, e.getMessage());
         } catch (Exception e) {
-            e.printStackTrace();
             String message = "Unexpected exception in " + getProviderName() + " authentication:";
             _logger.error("Login error " + message, e);
         }

+ 4 - 7
maxkey-core/src/main/java/org/maxkey/persistence/db/PasswordPolicyValidator.java

@@ -217,12 +217,10 @@ public class PasswordPolicyValidator {
             _logger.debug("PasswordPolicy : " + passwordPolicy);
             _logger.debug("login Attempts is " + userInfo.getBadPasswordCount());
             lockUser(userInfo);
-
             throw new BadCredentialsException(
-                                userInfo.getUsername() + " " +
-                                WebContext.getI18nValue("login.error.attempts") + " " +
-                                userInfo.getBadPasswordCount()
-                                );
+                    WebContext.getI18nValue("login.error.attempts",
+                            new Object[]{userInfo.getUsername(),userInfo.getBadPasswordCount()}) 
+                    );
         }
         
         //locked
@@ -235,8 +233,7 @@ public class PasswordPolicyValidator {
         // inactive
         if(userInfo.getStatus()!=ConstantsStatus.ACTIVE) {
             throw new BadCredentialsException(
-                                userInfo.getUsername()+ " status "+ 
-                                userInfo.getStatus() +
+                                userInfo.getUsername()+ 
                                 WebContext.getI18nValue("login.error.inactive") 
                                 );
         }

+ 2 - 0
maxkey-core/src/main/java/org/maxkey/web/WebConstants.java

@@ -72,5 +72,7 @@ public class WebConstants {
     public static final String AUTHENTICATION = "current_authentication";
     
     public static final String THEME_COOKIE_NAME = "maxkey_theme";
+    
+    public static final String LOGIN_ERROR_SESSION_MESSAGE = "login_error_session_message_key";
 
 }

+ 14 - 1
maxkey-core/src/main/resources/messages/passwordpolicy_message.properties

@@ -30,4 +30,17 @@ PasswordPolicy.TOO_SHORT=\u5bc6\u7801\u81f3\u5c11{0}\u4f4d\u5b57\u7b26.
 PasswordPolicy.TOO_MANY_OCCURRENCES=\u5bc6\u7801\u5305\u542b{0}\u51fa\u73b0{1}, \u6700\u591a{2} \u6b21.
 PasswordPolicy.OLD_PASSWORD_NOT_MATCH=\u539f\u5bc6\u7801\u4e0d\u5339\u914d.
 PasswordPolicy.CONFIRMPASSWORD_NOT_MATCH=\u65b0\u5bc6\u7801\u4e0e\u786e\u8ba4\u5bc6\u7801\u4e0d\u4e00\u81f4.
-PasswordPolicy.OLD_PASSWORD_MATCH=\u65b0\u5bc6\u7801\u4e0d\u80fd\u4e0e\u65e7\u5bc6\u7801\u4e00\u81f4.
+PasswordPolicy.OLD_PASSWORD_MATCH=\u65b0\u5bc6\u7801\u4e0d\u80fd\u4e0e\u65e7\u5bc6\u7801\u4e00\u81f4.
+
+login.error.attempts={0}\u5c1d\u8bd5\u767b\u9646{1}\u6b21\u6570\u8fbe\u5230\u6700\u5927\u9650\u5236\uff0c\u8bf7\u7a0d\u540e\u518d\u767b\u9646.
+login.error.locked=\u7528\u6237\u88ab\u9501\u5b9a.
+login.error.inactive=\u7528\u6237\u975e\u6d3b\u52a8\u72b6\u6001.
+login.error.password=\u767b\u5f55\u5bc6\u7801\u65e0\u6548.
+login.error.username=\u7528\u6237\u540d\u65e0\u6548.
+login.error.username.null=\u7528\u6237\u540d\u4e0d\u80fd\u4e3a\u7a7a.
+login.error.email.null=\u767b\u5f55\u90ae\u7bb1\u4e0d\u80fd\u4e3a\u7a7a.
+login.error.password.null=\u5bc6\u7801\u4e0d\u80fd\u4e3a\u7a7a.
+login.error.captcha=\u9a8c\u8bc1\u7801\u9519\u8bef\uff0c\u8bf7\u91cd\u65b0\u767b\u9646.
+login.error.authtype=\u767b\u5f55\u8ba4\u8bc1\u7c7b\u578b\u9519\u8bef.
+login.error.session=\u767b\u5f55\u4f1a\u8bdd\u5931\u6548\uff0c\u8bf7\u91cd\u65b0\u767b\u9646.
+

+ 13 - 1
maxkey-core/src/main/resources/messages/passwordpolicy_message_en.properties

@@ -30,4 +30,16 @@ PasswordPolicy.TOO_SHORT=Password must be {0} or more characters in length .
 PasswordPolicy.TOO_MANY_OCCURRENCES=Password contains {1} occurrences of the character '{0}', but at most {2} are allowed.
 PasswordPolicy.OLD_PASSWORD_NOT_MATCH=old password not match.
 PasswordPolicy.CONFIRMPASSWORD_NOT_MATCH=new password not match confirm password.
-PasswordPolicy.OLD_PASSWORD_MATCH=new password  match old password.
+PasswordPolicy.OLD_PASSWORD_MATCH=new password  match old password.
+
+login.error.attempts={0} login attempts the maximum number of {1} times, please login later.
+login.error.locked=The user is locked.
+login.error.inactive=User inactive state.
+login.error.password=Invalid password.
+login.error.username=Invalid username.
+login.error.username.null=username cannot be empty.
+login.error.email.null=email cannot be empty.
+login.error.password.null=Password cannot be empty.
+login.error.captcha=Verification code error, please login again.
+login.error.authtype=Login authentication type error.
+login.error.session=Login session failed. Please login again.

+ 13 - 1
maxkey-core/src/main/resources/messages/passwordpolicy_message_zh_CN.properties

@@ -30,4 +30,16 @@ PasswordPolicy.TOO_SHORT=\u5bc6\u7801\u81f3\u5c11{0}\u4f4d\u5b57\u7b26.
 PasswordPolicy.TOO_MANY_OCCURRENCES=\u5bc6\u7801\u5305\u542b{0}\u51fa\u73b0{1}, \u6700\u591a{2} \u6b21.
 PasswordPolicy.OLD_PASSWORD_NOT_MATCH=\u539f\u5bc6\u7801\u4e0d\u5339\u914d.
 PasswordPolicy.CONFIRMPASSWORD_NOT_MATCH=\u65b0\u5bc6\u7801\u4e0e\u786e\u8ba4\u5bc6\u7801\u4e0d\u4e00\u81f4.
-PasswordPolicy.OLD_PASSWORD_MATCH=\u65b0\u5bc6\u7801\u4e0d\u80fd\u4e0e\u65e7\u5bc6\u7801\u4e00\u81f4.
+PasswordPolicy.OLD_PASSWORD_MATCH=\u65b0\u5bc6\u7801\u4e0d\u80fd\u4e0e\u65e7\u5bc6\u7801\u4e00\u81f4.
+
+login.error.attempts={0}\u5c1d\u8bd5\u767b\u9646{1}\u6b21\u6570\u8fbe\u5230\u6700\u5927\u9650\u5236\uff0c\u8bf7\u7a0d\u540e\u518d\u767b\u9646.
+login.error.locked=\u7528\u6237\u88ab\u9501\u5b9a.
+login.error.inactive=\u7528\u6237\u975e\u6d3b\u52a8\u72b6\u6001.
+login.error.password=\u767b\u5f55\u5bc6\u7801\u65e0\u6548.
+login.error.username=\u7528\u6237\u540d\u65e0\u6548.
+login.error.username.null=\u7528\u6237\u540d\u4e0d\u80fd\u4e3a\u7a7a.
+login.error.email.null=\u767b\u5f55\u90ae\u7bb1\u4e0d\u80fd\u4e3a\u7a7a.
+login.error.password.null=\u5bc6\u7801\u4e0d\u80fd\u4e3a\u7a7a.
+login.error.captcha=\u9a8c\u8bc1\u7801\u9519\u8bef\uff0c\u8bf7\u91cd\u65b0\u767b\u9646.
+login.error.authtype=\u767b\u5f55\u8ba4\u8bc1\u7c7b\u578b\u9519\u8bef.
+login.error.session=\u767b\u5f55\u4f1a\u8bdd\u5931\u6548\uff0c\u8bf7\u91cd\u65b0\u767b\u9646.

+ 13 - 7
maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java

@@ -59,6 +59,8 @@ import org.springframework.web.servlet.ModelAndView;
 public class LoginEndpoint {
 	private static Logger _logger = LoggerFactory.getLogger(LoginEndpoint.class);
 	
+	
+	
 	@Autowired
   	@Qualifier("applicationConfig")
   	ApplicationConfig applicationConfig;
@@ -170,6 +172,9 @@ public class LoginEndpoint {
 			return  WebContext.redirect("/forwardindex");
 		}
 		
+		Object loginErrorMessage=WebContext.getAttribute(WebConstants.LOGIN_ERROR_SESSION_MESSAGE);
+        modelAndView.addObject("loginErrorMessage", loginErrorMessage==null?"":loginErrorMessage);
+        WebContext.removeAttribute(WebConstants.LOGIN_ERROR_SESSION_MESSAGE);
 		return modelAndView;
 	}
  	
@@ -178,14 +183,15 @@ public class LoginEndpoint {
 	                    HttpServletRequest request,
 	                    HttpServletResponse response,
 	                    @ModelAttribute("authentication") BasicAuthentication authentication) throws ServletException, IOException {
+
+        authenticationProvider.authenticate(authentication);
+
+        if (WebContext.isAuthenticated()) {
+            return WebContext.redirect("/forwardindex");
+        } else {
+            return WebContext.redirect("/login");
+        }
  		
- 		authenticationProvider.authenticate(authentication);
- 
- 		if(WebContext.isAuthenticated()){
- 		   return WebContext.redirect("/forwardindex");
-		}else{
-			return WebContext.redirect("/login");
-		}
  	}
 	
  	

+ 10 - 0
maxkey-web-maxkey/src/main/resources/templates/views/login.ftl

@@ -204,6 +204,11 @@ $(function(){
 								<form id="loginForm" name="loginForm" action="<@base />/logon.do" method="post" class="needs-validation" novalidate>
 									<input type="hidden" name="authType" value="basic"/>
 									<table  class="table login_form_table">
+										<tr  class="loginErrorMessage"  <#if ''==loginErrorMessage>style="display:none;"</#if>>
+											<td  colspan="2" style="color:red;">
+												${loginErrorMessage!}
+											</td>
+										</tr>
 										<tr>
 											<td><@locale code="login.text.username"/>:</td>
 											<td><input required="" class="form-control" type='text' id='j_username'  name='username' value="admin" tabindex="1"/></td>
@@ -257,6 +262,11 @@ $(function(){
 								<form id="tfaLoginForm" name="tfaLoginForm" action="<@base />/logon.do" method="post"  class="needs-validation" novalidate>
 									<input type="hidden" name="authType" value="tfa"/>
 									<table  class="login_form_table">
+										<tr class="loginErrorMessage" <#if ''==loginErrorMessage>style="display:none;"</#if>>
+											<td  colspan="2" style="color:red;">
+												${loginErrorMessage!}
+											</td>
+										</tr>
 										<tr>
 											<td><@locale code="login.text.username"/>:</td>
 											<td><input required="" class="form-control"  type='text' id='tfa_j_username'  name='username' value="" tabindex="1"/></td>