diff --git a/src/main/java/org/ccalm/jwt/MainController.java b/src/main/java/org/ccalm/jwt/MainController.java index 8806992..687c26b 100644 --- a/src/main/java/org/ccalm/jwt/MainController.java +++ b/src/main/java/org/ccalm/jwt/MainController.java @@ -645,7 +645,7 @@ public class MainController implements ServletContextAware { try { EmailUtility.sendEmail(mail_host, mail_port, mail_login, mail_password, newUserModel.getEmail(), trt.trt("Password"), html); } catch (MessagingException e) { - throw new CustomException(10000, trt.trt("Failed_send_mail_to_s"), newUserModel.getEmail(), (String)null); + throw new CustomException(10000, String.format(trt.trt("Failed_send_mail_to_s"), newUserModel.getEmail()),null); } json.put("error_message",trt.trt("The_authorization_password_has_been_sent_to_your_email_address")); @@ -753,7 +753,12 @@ public class MainController implements ServletContextAware { } //I check that there are no more than 5 failed authorization errors in 5 minutes - String sql = ""; + Map bResult = userIsBlocked(trt, loginModel.getLogin(), ipAddress); + int attempt_count = bResult.get("attempt_count"); + int attempt_limit = bResult.get("attempt_limit"); + //attempt_duration=0; + + /*String sql = ""; int attempt_count=0, attempt_limit=0, attempt_duration=0; MapSqlParameterSource parameters = null; List ret = null; @@ -783,7 +788,12 @@ public class MainController implements ServletContextAware { String uuid = UUID.randomUUID().toString(); logger.error("Функция main.user_is_blocked не вернула результата!", uuid, ex); throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid); - } + }*/ + + + MapSqlParameterSource parameters = null; + String sql = ""; + List ret = null; //I'm trying to log in json = null; @@ -806,17 +816,12 @@ public class MainController implements ServletContextAware { logger.error(uuid,ex); throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid); } - if(json==null) { - ArrayList errorMessages = new ArrayList(); - ArrayList errorSettings = new ArrayList(); - errorMessages.add(trt.trt("Invalid_username_and_or_password")); - errorSettings.add(""); + String msg = trt.trt("Invalid_username_and_or_password"); if(attempt_count>0){ - errorMessages.add(trt.trt("Authorization_attempts_s_out_of_s")); - errorSettings.add(attempt_count+";"+attempt_limit+";"); + msg = msg + " " + String.format(trt.trt("Authorization_attempts_s_out_of_s"),attempt_count,attempt_limit); } - throw new CustomException(10000, errorMessages, errorSettings, (String)null); + throw new CustomException(10000, msg, null); } if (json.has("block")) { @@ -997,6 +1002,44 @@ public class MainController implements ServletContextAware { return json.toString(); } + Map userIsBlocked(Translation trt, String login,String ip) throws CustomException { + int attempt_count=0, attempt_limit=0;//, attempt_duration=0; + MapSqlParameterSource parameters = null; + List ret = null; + try { + java.lang.String sql = "select * from main.user_is_blocked(:login,:ip)"; + parameters = new MapSqlParameterSource(); + parameters.addValue("login", login); + parameters.addValue("ip", ip); + ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper()); + for (int i = 0; i < ret.size(); i++) { + JSONObject json = new JSONObject(ret.get(i)); + if (!json.has("result") || json.getBoolean("result")) { + if(json.getInt("count")==0) + { + throw new CustomException(10000, trt.trt("The_user_account_is_blocked"),null); + }else{ + throw new CustomException(10000, java.lang.String.format(trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), json.getInt("limit_duration")),null); + } + } + if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) { + attempt_count = json.getInt("count"); + attempt_limit = json.getInt("limit_count"); + //attempt_duration = json.getInt("limit_duration"); + } + } + }catch (DataAccessException ex){ + java.lang.String uuid = UUID.randomUUID().toString(); + logger.error("Error executing SQL query", uuid, ex); + throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid); + } + + Map result = new HashMap<>(); + result.put("attempt_count", attempt_count); + result.put("attempt_limit", attempt_limit); + return result; + } + //Функция для генерации нового TOTP ключа (немного похожа на логин, но не логин). //Если это первое получение TOTP, то старый TOTP не нужен если последующее, то нужен! @RequestMapping(value = "/newtotp",method = {RequestMethod.POST},produces = "application/json;charset=utf-8") @@ -1024,7 +1067,12 @@ public class MainController implements ServletContextAware { } //I check that there are no more than 5 failed authorization errors in 5 minutes - String sql = ""; + Map bResult = userIsBlocked(trt, loginModel.getLogin(), ipAddress); + int attempt_count = bResult.get("attempt_count"); + int attempt_limit = bResult.get("attempt_limit"); + //attempt_duration=0; + + /*String sql = ""; int attempt_count=0, attempt_limit=0, attempt_duration=0; MapSqlParameterSource parameters = null; List ret = null; @@ -1052,10 +1100,13 @@ public class MainController implements ServletContextAware { } }catch (DataAccessException ex){ String uuid = UUID.randomUUID().toString(); - logger.error("Функция main.user_is_blocked не вернула результата!", uuid, ex); + logger.error("Error executing SQL query", uuid, ex); throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid); - } + }*/ + String sql = ""; + MapSqlParameterSource parameters = null; + List ret = null; //I'm trying to log in json = null; try { @@ -1076,17 +1127,12 @@ public class MainController implements ServletContextAware { logger.error(uuid,ex); throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid); } - if(json==null) { - ArrayList errorMessages = new ArrayList(); - ArrayList errorSettings = new ArrayList(); - errorMessages.add(trt.trt("Invalid_username_and_or_password")); - errorSettings.add(""); + String msg = trt.trt("Invalid_username_and_or_password"); if(attempt_count>0){ - errorMessages.add(trt.trt("Authorization_attempts_s_out_of_s")); - errorSettings.add(attempt_count+";"+attempt_limit+";"); + msg = msg + " " + String.format(trt.trt("Authorization_attempts_s_out_of_s"),attempt_count,attempt_limit); } - throw new CustomException(10000, errorMessages, errorSettings, (String)null); + throw new CustomException(10000, msg, null); } if(json.has("block")) { @@ -1407,7 +1453,7 @@ public class MainController implements ServletContextAware { } catch (Exception ex) { String uuid = UUID.randomUUID().toString(); logger.error(uuid, ex); - return createStrJSONError(10000,trt.trt("Failed_send_mail_to_s"), token.getString("email"),uuid); + return createStrJSONError(10000,String.format(trt.trt("Failed_send_mail_to_s"), token.getString("email")),uuid); } return createStrJSONError(0, trt.trt("A_recovery_link_has_been_sent_to_your_email"),(String)null,(String)null); } @@ -1449,45 +1495,35 @@ public class MainController implements ServletContextAware { ipAddress = request.getRemoteAddr(); } - //I check that there are no more than 5 failed authorization errors in 5 minutes - String sql = ""; - int attempt_count=0, attempt_limit=0, attempt_duration=0; - MapSqlParameterSource parameters = null; - List ret = null; - try { - sql = "select * from main.user_is_blocked(:login,:ip)"; - parameters = new MapSqlParameterSource(); - parameters.addValue("login", update.getLogin()); - parameters.addValue("ip", ipAddress); - ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper()); - for (int i = 0; i < ret.size(); i++) { - json = new JSONObject(ret.get(i)); - if (!json.has("result") || json.getBoolean("result")) { - if(json.getInt("count")==0) - { - throw new CustomException(10000, trt.trt("The_user_account_is_blocked"),null); - }else{ - throw new CustomException(10000, trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), String.valueOf(json.getInt("limit_duration")),(String)null); - } - } - if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) { - attempt_count = json.getInt("count") + 1; - attempt_limit = json.getInt("limit_count"); - //attempt_duration = json.getInt("limit_duration"); - } + Map bResult = userIsBlocked(trt, update.getLogin(), ipAddress); + int attempt_count = bResult.get("attempt_count"); + int attempt_limit = bResult.get("attempt_limit"); + //attempt_duration=0; + + //String sql = "select main.user_is_blocked(:login,:ip) as block"; + /*String sql = "select * from main.user_is_blocked(:login,:ip)"; + MapSqlParameterSource parameters = new MapSqlParameterSource(); + parameters.addValue("login", update.getLogin()); + parameters.addValue("ip", ipAddress); + List ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper()); + JSONObject rows=null; + for (int i = 0; i < ret.size(); i++) { + rows = new JSONObject(ret.get(i)); + if(rows.getBoolean("result")) { + throw new CustomException(10000, String.format(trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), 5),null); } - }catch (DataAccessException ex){ - String uuid = UUID.randomUUID().toString(); - logger.error("Функция main.user_is_blocked не вернула результата!", uuid, ex); - throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid); } + if(rows==null) { + logger.error("Функция main.user_is_blocked не вернула результата!"); + throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),null); + }*/ //Получаю id пользователя - sql="select id from main._users where del=false and password=crypt(:password, password) and email=:email"; - parameters = new MapSqlParameterSource(); + String sql = "select id from main._users where del=false and password=crypt(:password, password) and email=:email"; + MapSqlParameterSource parameters = new MapSqlParameterSource(); parameters.addValue("email", update.getLogin()); parameters.addValue("password", update.getPassword()); - ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper()); + List ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper()); JSONObject rows=null; for (int i = 0; i < ret.size(); i++) { rows = new JSONObject(ret.get(i));