Stirling-PDF/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationFailureHandler.java

package stirling.software.SPDF.config.security;

import java.io.IOException;
import java.util.Optional;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import stirling.software.SPDF.model.User;

public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {

    private LoginAttemptService loginAttemptService;

    private UserService userService;

    private static final Logger logger =
            LoggerFactory.getLogger(CustomAuthenticationFailureHandler.class);

    public CustomAuthenticationFailureHandler(
            final LoginAttemptService loginAttemptService, UserService userService) {
        this.loginAttemptService = loginAttemptService;
        this.userService = userService;
    }

    @Override
    public void onAuthenticationFailure(
            HttpServletRequest request,
            HttpServletResponse response,
            AuthenticationException exception)
            throws IOException, ServletException {

        String ip = request.getRemoteAddr();
        logger.error("Failed login attempt from IP: {}", ip);

        String contextPath = request.getContextPath();

        if (exception.getClass().isAssignableFrom(InternalAuthenticationServiceException.class)
                || "Password must not be null".equalsIgnoreCase(exception.getMessage())) {
            response.sendRedirect(contextPath + "/login?error=oauth2AuthenticationError");
            return;
        }

        String username = request.getParameter("username");
        Optional<User> optUser = userService.findByUsernameIgnoreCase(username);

        if (username != null && optUser.isPresent() && !isDemoUser(optUser)) {
            logger.info(
                    "Remaining attempts for user {}: {}",
                    optUser.get().getUsername(),
                    loginAttemptService.getRemainingAttempts(username));
            loginAttemptService.loginFailed(username);
            if (loginAttemptService.isBlocked(username)
                    || exception.getClass().isAssignableFrom(LockedException.class)) {
                response.sendRedirect(contextPath + "/login?error=locked");
                return;
            }
        }
        if (exception.getClass().isAssignableFrom(BadCredentialsException.class)
                || exception.getClass().isAssignableFrom(UsernameNotFoundException.class)) {
            response.sendRedirect(contextPath + "/login?error=badcredentials");
            return;
        }

        super.onAuthenticationFailure(request, response, exception);
    }

    private boolean isDemoUser(Optional<User> user) {
        return user.isPresent()
                && user.get().getAuthorities().stream()
                        .anyMatch(authority -> "ROLE_DEMO_USER".equals(authority.getAuthority()));
    }
}
eol 2024-01-03 17:59:04 +00:00			`package stirling.software.SPDF.config.security;`

			`import java.io.IOException;`
Login fixes (#881) * init * user and pass to just pass lang update * session management fixes and avoid demo user locking * Hardening suggestions for Stirling-PDF / loginFixes (#882) Switch order of literals to prevent NullPointerException Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> 2024-03-08 18:06:40 +00:00			`import java.util.Optional;`
eol 2024-01-03 17:59:04 +00:00
extends the functionality of oauth in Stirling PDF 2024-05-12 19:58:34 +02:00			`import org.slf4j.Logger;`
			`import org.slf4j.LoggerFactory;`
eol 2024-01-03 17:59:04 +00:00			`import org.springframework.security.authentication.BadCredentialsException;`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00			`import org.springframework.security.authentication.InternalAuthenticationServiceException;`
eol 2024-01-03 17:59:04 +00:00			`import org.springframework.security.authentication.LockedException;`
			`import org.springframework.security.core.AuthenticationException;`
extends the functionality of oauth in Stirling PDF 2024-05-12 19:58:34 +02:00			`import org.springframework.security.core.userdetails.UsernameNotFoundException;`
eol 2024-01-03 17:59:04 +00:00			`import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;`

			`import jakarta.servlet.ServletException;`
			`import jakarta.servlet.http.HttpServletRequest;`
			`import jakarta.servlet.http.HttpServletResponse;`
Login fixes (#881) * init * user and pass to just pass lang update * session management fixes and avoid demo user locking * Hardening suggestions for Stirling-PDF / loginFixes (#882) Switch order of literals to prevent NullPointerException Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> 2024-03-08 18:06:40 +00:00			`import stirling.software.SPDF.model.User;`
eol 2024-01-03 17:59:04 +00:00
			`public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {`

extends the functionality of oauth in Stirling PDF 2024-05-12 19:58:34 +02:00			`private LoginAttemptService loginAttemptService;`
eol 2024-01-03 17:59:04 +00:00
extends the functionality of oauth in Stirling PDF 2024-05-12 19:58:34 +02:00			`private UserService userService;`

			`private static final Logger logger =`
			`LoggerFactory.getLogger(CustomAuthenticationFailureHandler.class);`
Login fixes (#881) * init * user and pass to just pass lang update * session management fixes and avoid demo user locking * Hardening suggestions for Stirling-PDF / loginFixes (#882) Switch order of literals to prevent NullPointerException Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> 2024-03-08 18:06:40 +00:00
			`public CustomAuthenticationFailureHandler(`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00			`final LoginAttemptService loginAttemptService, UserService userService) {`
eol 2024-01-03 17:59:04 +00:00			`this.loginAttemptService = loginAttemptService;`
Login fixes (#881) * init * user and pass to just pass lang update * session management fixes and avoid demo user locking * Hardening suggestions for Stirling-PDF / loginFixes (#882) Switch order of literals to prevent NullPointerException Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> 2024-03-08 18:06:40 +00:00			`this.userService = userService;`
eol 2024-01-03 17:59:04 +00:00			`}`

			`@Override`
			`public void onAuthenticationFailure(`
			`HttpServletRequest request,`
			`HttpServletResponse response,`
			`AuthenticationException exception)`
			`throws IOException, ServletException {`
extends the functionality of oauth in Stirling PDF 2024-05-12 19:58:34 +02:00
eol 2024-01-03 17:59:04 +00:00			`String ip = request.getRemoteAddr();`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00			`logger.error("Failed login attempt from IP: {}", ip);`

Images and login context (#1417) * init * revert 2024-06-08 16:07:23 +01:00			`String contextPath = request.getContextPath();`
Pipeline fixes for json lists + delete func (#1425) * init * revert * pipelines fixes for lists * pipeline fixes to allow json lists * formatting * pipeline changes * langs --------- Co-authored-by: a <a> 2024-06-09 13:56:55 +01:00
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00			`if (exception.getClass().isAssignableFrom(InternalAuthenticationServiceException.class)`
			`\|\| "Password must not be null".equalsIgnoreCase(exception.getMessage())) {`
Images and login context (#1417) * init * revert 2024-06-08 16:07:23 +01:00			`response.sendRedirect(contextPath + "/login?error=oauth2AuthenticationError");`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00			`return;`
			`}`
logging and try catch 2024-06-02 11:59:43 +01:00
eol 2024-01-03 17:59:04 +00:00			`String username = request.getParameter("username");`
init sonar 2024-06-02 11:42:30 +01:00			`Optional<User> optUser = userService.findByUsernameIgnoreCase(username);`
logging and try catch 2024-06-02 11:59:43 +01:00
			`if (username != null && optUser.isPresent() && !isDemoUser(optUser)) {`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00			`logger.info(`
			`"Remaining attempts for user {}: {}",`
init sonar 2024-06-02 11:42:30 +01:00			`optUser.get().getUsername(),`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00			`loginAttemptService.getRemainingAttempts(username));`
			`loginAttemptService.loginFailed(username);`
			`if (loginAttemptService.isBlocked(username)`
			`\|\| exception.getClass().isAssignableFrom(LockedException.class)) {`
Images and login context (#1417) * init * revert 2024-06-08 16:07:23 +01:00			`response.sendRedirect(contextPath + "/login?error=locked");`
extends the functionality of oauth in Stirling PDF 2024-05-12 19:58:34 +02:00			`return;`
eol 2024-01-03 17:59:04 +00:00			`}`
			`}`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00			`if (exception.getClass().isAssignableFrom(BadCredentialsException.class)`
			`\|\| exception.getClass().isAssignableFrom(UsernameNotFoundException.class)) {`
Images and login context (#1417) * init * revert 2024-06-08 16:07:23 +01:00			`response.sendRedirect(contextPath + "/login?error=badcredentials");`
extends the functionality of oauth in Stirling PDF 2024-05-12 19:58:34 +02:00			`return;`
Login fixes (#881) * init * user and pass to just pass lang update * session management fixes and avoid demo user locking * Hardening suggestions for Stirling-PDF / loginFixes (#882) Switch order of literals to prevent NullPointerException Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> 2024-03-08 18:06:40 +00:00			`}`
eol 2024-01-03 17:59:04 +00:00
			`super.onAuthenticationFailure(request, response, exception);`
			`}`
Login fixes (#881) * init * user and pass to just pass lang update * session management fixes and avoid demo user locking * Hardening suggestions for Stirling-PDF / loginFixes (#882) Switch order of literals to prevent NullPointerException Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> 2024-03-08 18:06:40 +00:00
init sonar 2024-06-02 11:42:30 +01:00			`private boolean isDemoUser(Optional<User> user) {`
Login fixes (#881) * init * user and pass to just pass lang update * session management fixes and avoid demo user locking * Hardening suggestions for Stirling-PDF / loginFixes (#882) Switch order of literals to prevent NullPointerException Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> 2024-03-08 18:06:40 +00:00			`return user.isPresent()`
			`&& user.get().getAuthorities().stream()`
			`.anyMatch(authority -> "ROLE_DEMO_USER".equals(authority.getAuthority()));`
			`}`
eol 2024-01-03 17:59:04 +00:00			`}`