Stirling-PDF/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationFailureHandler.java

package stirling.software.SPDF.config.security;

import java.io.IOException;
import java.util.Optional;

import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import stirling.software.SPDF.model.User;

@Slf4j
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {

    private LoginAttemptService loginAttemptService;

    private UserService userService;

    public CustomAuthenticationFailureHandler(
            final LoginAttemptService loginAttemptService, UserService userService) {
        this.loginAttemptService = loginAttemptService;
        this.userService = userService;
    }

    @Override
    public void onAuthenticationFailure(
            HttpServletRequest request,
            HttpServletResponse response,
            AuthenticationException exception)
            throws IOException, ServletException {

        if (exception instanceof DisabledException) {
            log.error("User is deactivated: ", exception);
            getRedirectStrategy().sendRedirect(request, response, "/logout?userIsDisabled=true");
            return;
        }

        String ip = request.getRemoteAddr();
        log.error("Failed login attempt from IP: {}", ip);

        if (exception instanceof LockedException) {
            getRedirectStrategy().sendRedirect(request, response, "/login?error=locked");
            return;
        }

        String username = request.getParameter("username");
        Optional<User> optUser = userService.findByUsernameIgnoreCase(username);

        if (username != null && optUser.isPresent() && !isDemoUser(optUser)) {
            log.info(
                    "Remaining attempts for user {}: {}",
                    username,
                    loginAttemptService.getRemainingAttempts(username));
            loginAttemptService.loginFailed(username);
            if (loginAttemptService.isBlocked(username) || exception instanceof LockedException) {
                getRedirectStrategy().sendRedirect(request, response, "/login?error=locked");
                return;
            }
        }
        if (exception instanceof BadCredentialsException
                || exception instanceof UsernameNotFoundException) {
            getRedirectStrategy().sendRedirect(request, response, "/login?error=badcredentials");
            return;
        }
        if (exception instanceof InternalAuthenticationServiceException
                || "Password must not be null".equalsIgnoreCase(exception.getMessage())) {
            getRedirectStrategy()
                    .sendRedirect(request, response, "/login?error=oauth2AuthenticationError");
            return;
        }

        super.onAuthenticationFailure(request, response, exception);
    }

    private boolean isDemoUser(Optional<User> user) {
        return user.isPresent()
                && user.get().getAuthorities().stream()
                        .anyMatch(authority -> "ROLE_DEMO_USER".equals(authority.getAuthority()));
    }
}
eol 2024-01-03 17:59:04 +00:00			`package stirling.software.SPDF.config.security;`

			`import java.io.IOException;`
Login fixes (#881) * init * user and pass to just pass lang update * session management fixes and avoid demo user locking * Hardening suggestions for Stirling-PDF / loginFixes (#882) Switch order of literals to prevent NullPointerException Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> 2024-03-08 18:06:40 +00:00			`import java.util.Optional;`
eol 2024-01-03 17:59:04 +00:00
			`import org.springframework.security.authentication.BadCredentialsException;`
Admin panel - Enhanced User Management & Fix: #1630 (#1658) * Prevents SSO login due to faulty verification * add translation & fix show error message * Update settings.yml.template --------- Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> 2024-08-16 12:57:37 +02:00			`import org.springframework.security.authentication.DisabledException;`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00			`import org.springframework.security.authentication.InternalAuthenticationServiceException;`
eol 2024-01-03 17:59:04 +00:00			`import org.springframework.security.authentication.LockedException;`
			`import org.springframework.security.core.AuthenticationException;`
extends the functionality of oauth in Stirling PDF 2024-05-12 19:58:34 +02:00			`import org.springframework.security.core.userdetails.UsernameNotFoundException;`
eol 2024-01-03 17:59:04 +00:00			`import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;`

			`import jakarta.servlet.ServletException;`
			`import jakarta.servlet.http.HttpServletRequest;`
			`import jakarta.servlet.http.HttpServletResponse;`
Admin panel - Enhanced User Management & Fix: #1630 (#1658) * Prevents SSO login due to faulty verification * add translation & fix show error message * Update settings.yml.template --------- Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> 2024-08-16 12:57:37 +02:00			`import lombok.extern.slf4j.Slf4j;`
Login fixes (#881) * init * user and pass to just pass lang update * session management fixes and avoid demo user locking * Hardening suggestions for Stirling-PDF / loginFixes (#882) Switch order of literals to prevent NullPointerException Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> 2024-03-08 18:06:40 +00:00			`import stirling.software.SPDF.model.User;`
eol 2024-01-03 17:59:04 +00:00
Admin panel - Enhanced User Management & Fix: #1630 (#1658) * Prevents SSO login due to faulty verification * add translation & fix show error message * Update settings.yml.template --------- Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> 2024-08-16 12:57:37 +02:00			`@Slf4j`
eol 2024-01-03 17:59:04 +00:00			`public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {`

extends the functionality of oauth in Stirling PDF 2024-05-12 19:58:34 +02:00			`private LoginAttemptService loginAttemptService;`
eol 2024-01-03 17:59:04 +00:00
extends the functionality of oauth in Stirling PDF 2024-05-12 19:58:34 +02:00			`private UserService userService;`

Login fixes (#881) * init * user and pass to just pass lang update * session management fixes and avoid demo user locking * Hardening suggestions for Stirling-PDF / loginFixes (#882) Switch order of literals to prevent NullPointerException Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> 2024-03-08 18:06:40 +00:00			`public CustomAuthenticationFailureHandler(`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00			`final LoginAttemptService loginAttemptService, UserService userService) {`
eol 2024-01-03 17:59:04 +00:00			`this.loginAttemptService = loginAttemptService;`
Login fixes (#881) * init * user and pass to just pass lang update * session management fixes and avoid demo user locking * Hardening suggestions for Stirling-PDF / loginFixes (#882) Switch order of literals to prevent NullPointerException Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> 2024-03-08 18:06:40 +00:00			`this.userService = userService;`
eol 2024-01-03 17:59:04 +00:00			`}`

			`@Override`
			`public void onAuthenticationFailure(`
			`HttpServletRequest request,`
			`HttpServletResponse response,`
			`AuthenticationException exception)`
			`throws IOException, ServletException {`
extends the functionality of oauth in Stirling PDF 2024-05-12 19:58:34 +02:00
Admin panel - Enhanced User Management & Fix: #1630 (#1658) * Prevents SSO login due to faulty verification * add translation & fix show error message * Update settings.yml.template --------- Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> 2024-08-16 12:57:37 +02:00			`if (exception instanceof DisabledException) {`
			`log.error("User is deactivated: ", exception);`
			`getRedirectStrategy().sendRedirect(request, response, "/logout?userIsDisabled=true");`
			`return;`
			`}`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00
Admin panel - Enhanced User Management & Fix: #1630 (#1658) * Prevents SSO login due to faulty verification * add translation & fix show error message * Update settings.yml.template --------- Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> 2024-08-16 12:57:37 +02:00			`String ip = request.getRemoteAddr();`
			`log.error("Failed login attempt from IP: {}", ip);`
Pipeline fixes for json lists + delete func (#1425) * init * revert * pipelines fixes for lists * pipeline fixes to allow json lists * formatting * pipeline changes * langs --------- Co-authored-by: a <a> 2024-06-09 13:56:55 +01:00
Admin panel - Enhanced User Management & Fix: #1630 (#1658) * Prevents SSO login due to faulty verification * add translation & fix show error message * Update settings.yml.template --------- Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> 2024-08-16 12:57:37 +02:00			`if (exception instanceof LockedException) {`
			`getRedirectStrategy().sendRedirect(request, response, "/login?error=locked");`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00			`return;`
			`}`
logging and try catch 2024-06-02 11:59:43 +01:00
eol 2024-01-03 17:59:04 +00:00			`String username = request.getParameter("username");`
init sonar 2024-06-02 11:42:30 +01:00			`Optional<User> optUser = userService.findByUsernameIgnoreCase(username);`
logging and try catch 2024-06-02 11:59:43 +01:00
			`if (username != null && optUser.isPresent() && !isDemoUser(optUser)) {`
Admin panel - Enhanced User Management & Fix: #1630 (#1658) * Prevents SSO login due to faulty verification * add translation & fix show error message * Update settings.yml.template --------- Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> 2024-08-16 12:57:37 +02:00			`log.info(`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00			`"Remaining attempts for user {}: {}",`
Admin panel - Enhanced User Management & Fix: #1630 (#1658) * Prevents SSO login due to faulty verification * add translation & fix show error message * Update settings.yml.template --------- Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> 2024-08-16 12:57:37 +02:00			`username,`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00			`loginAttemptService.getRemainingAttempts(username));`
			`loginAttemptService.loginFailed(username);`
Admin panel - Enhanced User Management & Fix: #1630 (#1658) * Prevents SSO login due to faulty verification * add translation & fix show error message * Update settings.yml.template --------- Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> 2024-08-16 12:57:37 +02:00			`if (loginAttemptService.isBlocked(username) \|\| exception instanceof LockedException) {`
			`getRedirectStrategy().sendRedirect(request, response, "/login?error=locked");`
extends the functionality of oauth in Stirling PDF 2024-05-12 19:58:34 +02:00			`return;`
eol 2024-01-03 17:59:04 +00:00			`}`
			`}`
Admin panel - Enhanced User Management & Fix: #1630 (#1658) * Prevents SSO login due to faulty verification * add translation & fix show error message * Update settings.yml.template --------- Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> 2024-08-16 12:57:37 +02:00			`if (exception instanceof BadCredentialsException`
			`\|\| exception instanceof UsernameNotFoundException) {`
			`getRedirectStrategy().sendRedirect(request, response, "/login?error=badcredentials");`
			`return;`
			`}`
			`if (exception instanceof InternalAuthenticationServiceException`
			`\|\| "Password must not be null".equalsIgnoreCase(exception.getMessage())) {`
			`getRedirectStrategy()`
			`.sendRedirect(request, response, "/login?error=oauth2AuthenticationError");`
extends the functionality of oauth in Stirling PDF 2024-05-12 19:58:34 +02:00			`return;`
Login fixes (#881) * init * user and pass to just pass lang update * session management fixes and avoid demo user locking * Hardening suggestions for Stirling-PDF / loginFixes (#882) Switch order of literals to prevent NullPointerException Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> 2024-03-08 18:06:40 +00:00			`}`
eol 2024-01-03 17:59:04 +00:00
			`super.onAuthenticationFailure(request, response, exception);`
			`}`
Login fixes (#881) * init * user and pass to just pass lang update * session management fixes and avoid demo user locking * Hardening suggestions for Stirling-PDF / loginFixes (#882) Switch order of literals to prevent NullPointerException Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> 2024-03-08 18:06:40 +00:00
init sonar 2024-06-02 11:42:30 +01:00			`private boolean isDemoUser(Optional<User> user) {`
Login fixes (#881) * init * user and pass to just pass lang update * session management fixes and avoid demo user locking * Hardening suggestions for Stirling-PDF / loginFixes (#882) Switch order of literals to prevent NullPointerException Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> 2024-03-08 18:06:40 +00:00			`return user.isPresent()`
			`&& user.get().getAuthorities().stream()`
			`.anyMatch(authority -> "ROLE_DEMO_USER".equals(authority.getAuthority()));`
			`}`
eol 2024-01-03 17:59:04 +00:00			`}`