Skip to content

Commit

Permalink
Displaying meaningful infowen user is locked
Browse files Browse the repository at this point in the history
Displaying meaningful infowen user is locked

made the variable local

displaying use ful info when user is locked out
  • Loading branch information
mozzy11 committed Jan 3, 2019
1 parent 521d14f commit 3b808da
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 2 deletions.
2 changes: 2 additions & 0 deletions api/src/main/resources/messages.properties
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,5 @@ legacyui.manageuser.noProviderIdentifier=No Identifier Specified
${project.parent.artifactId}.Location.purgeLocation=Permanently Delete Location
${project.parent.artifactId}.Location.confirmDelete=Are you sure you want to delete this Location? It will be permanently removed from the system.
${project.parent.artifactId}.Location.purgedSuccessfully=Location deleted successfully
legacyui.lockedOutMessage=You have attempted to log in too many times and have been Locked out. Please try again later in 5 minutes
13 changes: 11 additions & 2 deletions omod/src/main/java/org/openmrs/web/servlet/LoginServlet.java
Original file line number Diff line number Diff line change
Expand Up @@ -65,18 +65,20 @@ public class LoginServlet extends HttpServlet {
* @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest,
* javax.servlet.http.HttpServletResponse)
*/

@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession httpSession = request.getSession();

Integer loginAttemptsByUser;
String ipAddress = request.getRemoteAddr();
Integer loginAttempts = loginAttemptsByIP.get(ipAddress);
if (loginAttempts == null) {
loginAttempts = 1;
}

loginAttempts++;

loginAttemptsByUser = loginAttempts - 1;
boolean lockedOut = false;
// look up the allowed # of attempts per IP
Integer allowedLockoutAttempts = 100;
Expand Down Expand Up @@ -178,7 +180,14 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
catch (ContextAuthenticationException e) {
// set the error message for the user telling them
// to try again
httpSession.setAttribute(WebConstants.OPENMRS_ERROR_ATTR, "auth.password.invalid");
Integer maximumAlowedAttempts = 7;
if (loginAttemptsByUser <= maximumAlowedAttempts) {
httpSession.setAttribute(WebConstants.OPENMRS_ERROR_ATTR, "auth.password.invalid");
}

if (loginAttemptsByUser > maximumAlowedAttempts) {
httpSession.setAttribute(WebConstants.OPENMRS_ERROR_ATTR, "legacyui.lockedOutMessage");
}
}

}
Expand Down

0 comments on commit 3b808da

Please sign in to comment.