2024-01-03 17:59:04 +00:00
|
|
|
package stirling.software.SPDF.config.security;
|
|
|
|
|
|
|
|
|
|
import java.io.IOException;
|
2024-03-08 18:06:40 +00:00
|
|
|
import java.util.Optional;
|
2024-01-03 17:59:04 +00:00
|
|
|
|
2024-05-12 19:58:34 +02:00
|
|
|
import org.slf4j.Logger;
|
|
|
|
|
import org.slf4j.LoggerFactory;
|
2024-01-03 17:59:04 +00:00
|
|
|
import org.springframework.security.authentication.BadCredentialsException;
|
|
|
|
|
import org.springframework.security.authentication.LockedException;
|
|
|
|
|
import org.springframework.security.core.AuthenticationException;
|
2024-05-12 19:58:34 +02:00
|
|
|
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
2024-01-03 17:59:04 +00:00
|
|
|
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
|
|
|
|
|
import org.springframework.stereotype.Component;
|
|
|
|
|
|
|
|
|
|
import jakarta.servlet.ServletException;
|
|
|
|
|
import jakarta.servlet.http.HttpServletRequest;
|
|
|
|
|
import jakarta.servlet.http.HttpServletResponse;
|
2024-03-08 18:06:40 +00:00
|
|
|
import stirling.software.SPDF.model.User;
|
2024-01-03 17:59:04 +00:00
|
|
|
|
|
|
|
|
@Component
|
|
|
|
|
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
|
|
|
|
|
|
2024-05-12 19:58:34 +02:00
|
|
|
private LoginAttemptService loginAttemptService;
|
2024-01-03 17:59:04 +00:00
|
|
|
|
2024-05-12 19:58:34 +02:00
|
|
|
private UserService userService;
|
|
|
|
|
|
|
|
|
|
private static final Logger logger =
|
|
|
|
|
LoggerFactory.getLogger(CustomAuthenticationFailureHandler.class);
|
2024-03-08 18:06:40 +00:00
|
|
|
|
|
|
|
|
public CustomAuthenticationFailureHandler(
|
|
|
|
|
LoginAttemptService loginAttemptService, UserService userService) {
|
2024-01-03 17:59:04 +00:00
|
|
|
this.loginAttemptService = loginAttemptService;
|
2024-03-08 18:06:40 +00:00
|
|
|
this.userService = userService;
|
2024-01-03 17:59:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public void onAuthenticationFailure(
|
|
|
|
|
HttpServletRequest request,
|
|
|
|
|
HttpServletResponse response,
|
|
|
|
|
AuthenticationException exception)
|
|
|
|
|
throws IOException, ServletException {
|
2024-05-12 19:58:34 +02:00
|
|
|
|
2024-01-03 17:59:04 +00:00
|
|
|
String ip = request.getRemoteAddr();
|
|
|
|
|
logger.error("Failed login attempt from IP: " + ip);
|
|
|
|
|
|
|
|
|
|
String username = request.getParameter("username");
|
2024-03-08 18:06:40 +00:00
|
|
|
if (!isDemoUser(username)) {
|
|
|
|
|
if (loginAttemptService.loginAttemptCheck(username)) {
|
2024-05-12 19:58:34 +02:00
|
|
|
response.sendRedirect("/login?error=locked");
|
|
|
|
|
return;
|
2024-03-08 18:06:40 +00:00
|
|
|
} else {
|
|
|
|
|
if (exception.getClass().isAssignableFrom(LockedException.class)) {
|
2024-05-12 19:58:34 +02:00
|
|
|
response.sendRedirect("/login?error=locked");
|
|
|
|
|
return;
|
|
|
|
|
} else if (exception instanceof UsernameNotFoundException) {
|
|
|
|
|
response.sendRedirect("/login?error=oauth2AuthenticationError");
|
|
|
|
|
return;
|
2024-03-08 18:06:40 +00:00
|
|
|
}
|
2024-01-03 17:59:04 +00:00
|
|
|
}
|
|
|
|
|
}
|
2024-03-08 18:06:40 +00:00
|
|
|
if (exception.getClass().isAssignableFrom(BadCredentialsException.class)) {
|
2024-05-12 19:58:34 +02:00
|
|
|
response.sendRedirect("/login?error=badcredentials");
|
|
|
|
|
return;
|
2024-03-08 18:06:40 +00:00
|
|
|
}
|
2024-01-03 17:59:04 +00:00
|
|
|
|
|
|
|
|
super.onAuthenticationFailure(request, response, exception);
|
|
|
|
|
}
|
2024-03-08 18:06:40 +00:00
|
|
|
|
|
|
|
|
private boolean isDemoUser(String username) {
|
2024-04-14 23:07:03 +02:00
|
|
|
Optional<User> user = userService.findByUsernameIgnoreCase(username);
|
2024-03-08 18:06:40 +00:00
|
|
|
return user.isPresent()
|
|
|
|
|
&& user.get().getAuthorities().stream()
|
|
|
|
|
.anyMatch(authority -> "ROLE_DEMO_USER".equals(authority.getAuthority()));
|
|
|
|
|
}
|
2024-01-03 17:59:04 +00:00
|
|
|
}
|
