mirror of
https://github.com/Stirling-Tools/Stirling-PDF.git
synced 2025-06-23 07:55:07 +00:00
552f2ced4d
# Description of Changes This pull request introduces a comprehensive auditing system to the application, along with minor updates to existing utilities and dependencies. The most significant changes include the addition of audit-related classes and enums, updates to the `ApplicationProperties` model to support auditing configuration, and enhancements to utility methods for handling static and trackable resources. ### Audit System Implementation: * **Audit Aspect for Method Annotations**: Added `AuditAspect` to process the new `@Audited` annotation, enabling detailed logging of method execution, HTTP requests, and operation results based on configurable audit levels. (`proprietary/src/main/java/stirling/software/proprietary/audit/AuditAspect.java`) * **Audit Event Types**: Introduced `AuditEventType` enum to define standardized event types for auditing, such as authentication events, file operations, and HTTP requests. (`proprietary/src/main/java/stirling/software/proprietary/audit/AuditEventType.java`) * **Audit Levels**: Added `AuditLevel` enum to define different levels of audit logging (OFF, BASIC, STANDARD, VERBOSE), providing granular control over the amount of data logged. (`proprietary/src/main/java/stirling/software/proprietary/audit/AuditLevel.java`) ### Application Properties Update: * **Audit Configuration in `ProFeatures`**: Updated the `ProFeatures` class in `ApplicationProperties` to include support for auditing with configurable retention days, levels, and enablement flags. (`common/src/main/java/stirling/software/common/model/ApplicationProperties.java`) ### Utility Enhancements: * **Static and Trackable Resource Handling**: Extended `RequestUriUtils` methods (`isStaticResource` and `isTrackableResource`) to recognize `.txt` files as valid static and trackable resources. (`common/src/main/java/stirling/software/common/util/RequestUriUtils.java`) [[1]](diffhunk://#diff-de3599037908683f2cd8f170939547612c6fc2203e9207eb4d7966508f92bbcbR22) [[2]](diffhunk://#diff-de3599037908683f2cd8f170939547612c6fc2203e9207eb4d7966508f92bbcbR39) ### Dependency Update: * **Spring Validation Starter**: Added `spring-boot-starter-validation` to project dependencies to support validation mechanisms required for auditing features. (`proprietary/build.gradle`) Dashboard WIP    --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing) for more details. --------- Co-authored-by: a <a> Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
102 lines
4.2 KiB
Java
102 lines
4.2 KiB
Java
package stirling.software.proprietary.security;
|
|
|
|
import jakarta.servlet.ServletException;
|
|
import jakarta.servlet.http.HttpServletRequest;
|
|
import jakarta.servlet.http.HttpServletResponse;
|
|
import java.io.IOException;
|
|
import java.util.HashMap;
|
|
import java.util.Map;
|
|
import java.util.Optional;
|
|
import lombok.extern.slf4j.Slf4j;
|
|
import org.springframework.security.authentication.BadCredentialsException;
|
|
import org.springframework.security.authentication.DisabledException;
|
|
import org.springframework.security.authentication.InternalAuthenticationServiceException;
|
|
import org.springframework.security.authentication.LockedException;
|
|
import org.springframework.security.core.AuthenticationException;
|
|
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
|
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
|
|
|
|
import jakarta.servlet.ServletException;
|
|
import jakarta.servlet.http.HttpServletRequest;
|
|
import jakarta.servlet.http.HttpServletResponse;
|
|
|
|
import lombok.extern.slf4j.Slf4j;
|
|
|
|
import stirling.software.proprietary.audit.AuditEventType;
|
|
import stirling.software.proprietary.audit.AuditLevel;
|
|
import stirling.software.proprietary.audit.Audited;
|
|
import stirling.software.proprietary.security.model.User;
|
|
import stirling.software.proprietary.security.service.LoginAttemptService;
|
|
import stirling.software.proprietary.security.service.UserService;
|
|
|
|
@Slf4j
|
|
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
|
|
|
|
private LoginAttemptService loginAttemptService;
|
|
|
|
private UserService userService;
|
|
|
|
public CustomAuthenticationFailureHandler(
|
|
final LoginAttemptService loginAttemptService, UserService userService) {
|
|
this.loginAttemptService = loginAttemptService;
|
|
this.userService = userService;
|
|
}
|
|
|
|
@Override
|
|
@Audited(type = AuditEventType.USER_FAILED_LOGIN, level = AuditLevel.BASIC)
|
|
public void onAuthenticationFailure(
|
|
HttpServletRequest request,
|
|
HttpServletResponse response,
|
|
AuthenticationException exception)
|
|
throws IOException, ServletException {
|
|
|
|
if (exception instanceof DisabledException) {
|
|
log.error("User is deactivated: ", exception);
|
|
getRedirectStrategy().sendRedirect(request, response, "/logout?userIsDisabled=true");
|
|
return;
|
|
}
|
|
|
|
String ip = request.getRemoteAddr();
|
|
log.error("Failed login attempt from IP: {}", ip);
|
|
|
|
if (exception instanceof LockedException) {
|
|
getRedirectStrategy().sendRedirect(request, response, "/login?error=locked");
|
|
return;
|
|
}
|
|
|
|
String username = request.getParameter("username");
|
|
Optional<User> optUser = userService.findByUsernameIgnoreCase(username);
|
|
|
|
if (username != null && optUser.isPresent() && !isDemoUser(optUser)) {
|
|
log.info(
|
|
"Remaining attempts for user {}: {}",
|
|
username,
|
|
loginAttemptService.getRemainingAttempts(username));
|
|
loginAttemptService.loginFailed(username);
|
|
if (loginAttemptService.isBlocked(username) || exception instanceof LockedException) {
|
|
getRedirectStrategy().sendRedirect(request, response, "/login?error=locked");
|
|
return;
|
|
}
|
|
}
|
|
if (exception instanceof BadCredentialsException
|
|
|| exception instanceof UsernameNotFoundException) {
|
|
getRedirectStrategy().sendRedirect(request, response, "/login?error=badCredentials");
|
|
return;
|
|
}
|
|
if (exception instanceof InternalAuthenticationServiceException
|
|
|| "Password must not be null".equalsIgnoreCase(exception.getMessage())) {
|
|
getRedirectStrategy()
|
|
.sendRedirect(request, response, "/login?error=oauth2AuthenticationError");
|
|
return;
|
|
}
|
|
|
|
super.onAuthenticationFailure(request, response, exception);
|
|
}
|
|
|
|
private boolean isDemoUser(Optional<User> user) {
|
|
return user.isPresent()
|
|
&& user.get().getAuthorities().stream()
|
|
.anyMatch(authority -> "ROLE_DEMO_USER".equals(authority.getAuthority()));
|
|
}
|
|
}
|