From 5a85203ea2d78303512be05579f7901884c84788 Mon Sep 17 00:00:00 2001 From: mozzy11 Date: Fri, 13 Jul 2018 04:26:31 -0600 Subject: [PATCH] LUI-83 : Displaying meaningful info when user is locked out Displaying meaningful infowen user is locked made the variable local displaying use ful info when user is locked out LUI-83 : modified the method to use global property LUI-83 : modified the method to use global property LUI-83: Correcting the Variable Naming --- api/src/main/resources/messages.properties | 2 ++ .../org/openmrs/web/servlet/LoginServlet.java | 21 ++++++++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/api/src/main/resources/messages.properties b/api/src/main/resources/messages.properties index f8c23d3f..0a869d8f 100644 --- a/api/src/main/resources/messages.properties +++ b/api/src/main/resources/messages.properties @@ -10,3 +10,5 @@ legacyui.manageuser.noProviderIdentifier=No Identifier Specified ${project.parent.artifactId}.Location.purgeLocation=Permanently Delete Location ${project.parent.artifactId}.Location.confirmDelete=Are you sure you want to delete this Location? It will be permanently removed from the system. ${project.parent.artifactId}.Location.purgedSuccessfully=Location deleted successfully + +legacyui.lockedOutMessage=You have attempted to log in too many times and have been Locked out. Please try again later in 5 minutes diff --git a/omod/src/main/java/org/openmrs/web/servlet/LoginServlet.java b/omod/src/main/java/org/openmrs/web/servlet/LoginServlet.java index 31882f31..186eca10 100644 --- a/omod/src/main/java/org/openmrs/web/servlet/LoginServlet.java +++ b/omod/src/main/java/org/openmrs/web/servlet/LoginServlet.java @@ -49,8 +49,11 @@ public class LoginServlet extends HttpServlet { public static final long serialVersionUID = 134231247523L; + public static final String GP_MAXIMUM_ALLOWED_LOGINS = "security.allowedFailedLoginsBeforeLockout"; + protected static final Log log = LogFactory.getLog(LoginServlet.class); + /** * The mapping from user's IP address to the number of attempts at logging in from that IP */ @@ -65,10 +68,11 @@ public class LoginServlet extends HttpServlet { * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, * javax.servlet.http.HttpServletResponse) */ + @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { HttpSession httpSession = request.getSession(); - + Integer loginAttemptsByUserName; String ipAddress = request.getRemoteAddr(); Integer loginAttempts = loginAttemptsByIP.get(ipAddress); if (loginAttempts == null) { @@ -76,7 +80,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) } loginAttempts++; - + loginAttemptsByUserName = loginAttempts - 1; boolean lockedOut = false; // look up the allowed # of attempts per IP Integer allowedLockoutAttempts = 100; @@ -178,7 +182,18 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) catch (ContextAuthenticationException e) { // set the error message for the user telling them // to try again - httpSession.setAttribute(WebConstants.OPENMRS_ERROR_ATTR, "auth.password.invalid"); + + String maximumAttempts = Context.getAdministrationService().getGlobalProperty(GP_MAXIMUM_ALLOWED_LOGINS, "7"); + Integer maximumAlowedAttempts = Integer.valueOf(maximumAttempts); + + if (loginAttemptsByUserName <= maximumAlowedAttempts) { + httpSession.setAttribute(WebConstants.OPENMRS_ERROR_ATTR, "auth.password.invalid"); + + } + + if (loginAttemptsByUserName > maximumAlowedAttempts) { + httpSession.setAttribute(WebConstants.OPENMRS_ERROR_ATTR, "legacyui.lockedOutMessage"); + } } }