captcha invalid

验证码登录无效

README.md

@@ -81,7 +81,7 @@
 | --------| :-----  | :----  | :----:  |
 | v 1.3.0 GA | 2020/04/04   |  <a href="https://pan.baidu.com/s/1o7vfBeq21Az_0s0tJvObOw" target="_blank">链接下载</a>  |  **20bj**  |
 | v 1.2.1 GA | 2020/02/29   |  <a href="https://pan.baidu.com/s/1FDkJ4DOMQq8tPAXrIfDeKA" target="_blank">链接下载</a>  |  **yutq**  |
-| v 1.2.0 GA   | 2020/01/18   |  <a href="https://pan.baidu.com/s/1NDeB_g_-6Qbn_bHkTGnFGA" target="_blank">链接下载</a>  |  **6bda**  |
+| v 1.2.0 GA | 2020/01/18   |  <a href="https://pan.baidu.com/s/1NDeB_g_-6Qbn_bHkTGnFGA" target="_blank">链接下载</a>  |  **6bda**  |
 | v 1.0 GA   | 2019/12/06   |  <a href="https://pan.baidu.com/s/15j7RSUQybCVlHx8uyFk2rQ" target="_blank">链接下载</a>  |  **g17z**  |
 
 ------------

docs/authn/social.md

@@ -19,7 +19,7 @@
 
 <h3>认证配置</h3>
 文件
-maxkey/config/applicationLogin.properties
+maxkey/config/applicationConfig.properties
 
 <pre><code class="ini hljs">
 #enable social sign on

maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java

@@ -13,7 +13,6 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -70,12 +69,10 @@ public abstract class AbstractAuthenticationProvider {
             _logger.error("Failed to authenticate user {} via {}: {}",
                     new Object[] { 
                             authentication.getPrincipal(), getProviderName(), e.getMessage() });
-            throw e;
         } catch (Exception e) {
             e.printStackTrace();
             String message = "Unexpected exception in " + getProviderName() + " authentication:";
-            _logger.error(message, e);
-            throw new AuthenticationServiceException(message, e);
+            _logger.error("Login error " + message, e);
         }
         if (!authentication.isAuthenticated()) {
             return authentication;
@@ -143,11 +140,16 @@ public abstract class AbstractAuthenticationProvider {
     }
 
     protected void authTypeValid(String authType) {
-        if (authType == null) {
-            String message = WebContext.getI18nValue("login.error.authtype");
-            _logger.debug("login AuthN type can not been null .");
-            throw new BadCredentialsException(message);
+        final   String message = WebContext.getI18nValue("login.error.authtype");
+        _logger.debug("Login AuthN Type  " + authType);
+        if (authType != null && (
+                authType.equalsIgnoreCase("basic") 
+                || authType.equalsIgnoreCase("tfa"))
+            ) {
+            return;
         }
+        _logger.debug("Login AuthN type must eq basic or tfa .");
+        throw new BadCredentialsException(message);
     }
 
     /**
@@ -157,19 +159,17 @@ public abstract class AbstractAuthenticationProvider {
      * @param captcha String
      */
     protected void captchaValid(String captcha, String authType) {
-        if (applicationConfig.getLoginConfig().isCaptcha()) {
-            // for basic
-            if (authType.equalsIgnoreCase("common")) {
-                _logger.info("captcha : "
-                        + WebContext.getSession().getAttribute(
-                                WebConstants.KAPTCHA_SESSION_KEY).toString());
-                if (captcha == null || !captcha
-                        .equals(WebContext.getSession().getAttribute(
-                                        WebConstants.KAPTCHA_SESSION_KEY).toString())) {
-                    String message = WebContext.getI18nValue("login.error.captcha");
-                    _logger.debug("login captcha valid error.");
-                    throw new BadCredentialsException(message);
-                }
+        // for basic
+        if (applicationConfig.getLoginConfig().isCaptcha() && authType.equalsIgnoreCase("basic")) {
+            _logger.info("captcha : "
+                    + WebContext.getSession().getAttribute(
+                            WebConstants.KAPTCHA_SESSION_KEY).toString());
+            if (captcha == null || !captcha
+                    .equals(WebContext.getSession().getAttribute(
+                                    WebConstants.KAPTCHA_SESSION_KEY).toString())) {
+                String message = WebContext.getI18nValue("login.error.captcha");
+                _logger.debug("login captcha valid error.");
+                throw new BadCredentialsException(message);
             }
         }
     }
@@ -183,22 +183,19 @@ public abstract class AbstractAuthenticationProvider {
      */
     protected void tftcaptchaValid(String otpCaptcha, String authType, UserInfo userInfo) {
         // for one time password 2 factor
-        if (applicationConfig.getLoginConfig().isOneTimePwd()) {
-            if (authType.equalsIgnoreCase("tfa")) {
-                UserInfo validUserInfo = new UserInfo();
-                validUserInfo.setUsername(userInfo.getUsername());
-                String sharedSecret = 
-                        PasswordReciprocal.getInstance().decoder(userInfo.getSharedSecret());
-                validUserInfo.setSharedSecret(sharedSecret);
-                validUserInfo.setSharedCounter(userInfo.getSharedCounter());
-                validUserInfo.setId(userInfo.getId());
-                if (otpCaptcha == null || !tfaOptAuthn.validate(validUserInfo, otpCaptcha)) {
-                    String message = WebContext.getI18nValue("login.error.captcha");
-                    _logger.debug("login captcha valid error.");
-                    throw new BadCredentialsException(message);
-                }
+        if (applicationConfig.getLoginConfig().isOneTimePwd() && authType.equalsIgnoreCase("tfa")) {
+            UserInfo validUserInfo = new UserInfo();
+            validUserInfo.setUsername(userInfo.getUsername());
+            String sharedSecret = 
+                    PasswordReciprocal.getInstance().decoder(userInfo.getSharedSecret());
+            validUserInfo.setSharedSecret(sharedSecret);
+            validUserInfo.setSharedCounter(userInfo.getSharedCounter());
+            validUserInfo.setId(userInfo.getId());
+            if (otpCaptcha == null || !tfaOptAuthn.validate(validUserInfo, otpCaptcha)) {
+                String message = WebContext.getI18nValue("login.error.captcha");
+                _logger.debug("login captcha valid error.");
+                throw new BadCredentialsException(message);
             }
-
         }
     }
 

maxkey-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java

@@ -6,9 +6,7 @@ import java.sql.Types;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
-
 import javax.servlet.http.HttpServletResponse;
-
 import org.joda.time.DateTime;
 import org.joda.time.Duration;
 import org.joda.time.format.DateTimeFormat;
@@ -125,7 +123,7 @@ public abstract class AbstractAuthenticationRealm {
         if (getPasswordPolicy().getExpiration() > 0) {
 
             String passwordLastSetTimeString = userInfo.getPasswordLastSetTime().substring(0, 19);
-            _logger.info("last password set date 锛�" + passwordLastSetTimeString);
+            _logger.info("last password set date " + passwordLastSetTimeString);
 
             DateTime currentdateTime = new DateTime();
             DateTime changePwdDateTime = DateTime.parse(passwordLastSetTimeString,

maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java

@@ -7,17 +7,12 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.maxkey.authn.BasicAuthentication;
 import org.maxkey.authn.RealmAuthenticationProvider;
-import org.maxkey.authn.realm.AbstractAuthenticationRealm;
-import org.maxkey.authn.realm.jdbc.JdbcAuthenticationRealm;
-import org.maxkey.authn.support.jwt.JwtLoginService;
 import org.maxkey.authn.support.kerberos.KerberosService;
 import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService;
 import org.maxkey.authn.support.wsfederation.WsFederationConstants;
-import org.maxkey.authn.support.wsfederation.WsFederationService;
 import org.maxkey.config.ApplicationConfig;
 import org.maxkey.dao.service.UserInfoService;
-import org.maxkey.domain.Registration;
 import org.maxkey.domain.UserInfo;
 import org.maxkey.util.StringUtils;
 import org.maxkey.web.WebConstants;