igor/org.ccalm.jwt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'main' of https://git.istt.kz/locust/org.ccalm.jwt

Browse Source 
# Conflicts:
#	src/main/java/org/ccalm/jwt/MainController.java
This commit is contained in:
Igor I
2024-12-19 17:40:42 +05:00
parent 24bc6de374 987a0924e6
commit 260b3f1d21
1 changed files with 92 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

148
src/main/java/org/ccalm/jwt/MainController.java
View File

@ -645,7 +645,7 @@ public class MainController implements ServletContextAware {
try { try {
EmailUtility.sendEmail(mail_host, mail_port, mail_login, mail_password, newUserModel.getEmail(), trt.trt("Password"), html); EmailUtility.sendEmail(mail_host, mail_port, mail_login, mail_password, newUserModel.getEmail(), trt.trt("Password"), html);
} catch (MessagingException e) { } catch (MessagingException e) {
throw new CustomException(10000, trt.trt("Failed_send_mail_to_s"), newUserModel.getEmail(), (String)null); throw new CustomException(10000, String.format(trt.trt("Failed_send_mail_to_s"), newUserModel.getEmail()),null);
} }
json.put("error_message",trt.trt("The_authorization_password_has_been_sent_to_your_email_address")); json.put("error_message",trt.trt("The_authorization_password_has_been_sent_to_your_email_address"));
@ -753,7 +753,12 @@ public class MainController implements ServletContextAware {
} }
//I check that there are no more than 5 failed authorization errors in 5 minutes //I check that there are no more than 5 failed authorization errors in 5 minutes
String sql = ""; Map<String, Integer> bResult = userIsBlocked(trt, loginModel.getLogin(), ipAddress);
int attempt_count = bResult.get("attempt_count");
int attempt_limit = bResult.get("attempt_limit");
//attempt_duration=0;
/*String sql = "";
int attempt_count=0, attempt_limit=0, attempt_duration=0; int attempt_count=0, attempt_limit=0, attempt_duration=0;
MapSqlParameterSource parameters = null; MapSqlParameterSource parameters = null;
List<String> ret = null; List<String> ret = null;
@ -783,7 +788,12 @@ public class MainController implements ServletContextAware {
String uuid = UUID.randomUUID().toString(); String uuid = UUID.randomUUID().toString();
logger.error("Функция main.user_is_blocked не вернула результата!", uuid, ex); logger.error("Функция main.user_is_blocked не вернула результата!", uuid, ex);
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid); throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid);
} }*/
MapSqlParameterSource parameters = null;
String sql = "";
List<String> ret = null;
//I'm trying to log in //I'm trying to log in
json = null; json = null;
@ -806,17 +816,12 @@ public class MainController implements ServletContextAware {
logger.error(uuid,ex); logger.error(uuid,ex);
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid); throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid);
} }
if(json==null) { if(json==null) {
ArrayList errorMessages = new ArrayList(); String msg = trt.trt("Invalid_username_and_or_password");
ArrayList errorSettings = new ArrayList();
errorMessages.add(trt.trt("Invalid_username_and_or_password"));
errorSettings.add("");
if(attempt_count>0){ if(attempt_count>0){
errorMessages.add(trt.trt("Authorization_attempts_s_out_of_s")); msg = msg + " " + String.format(trt.trt("Authorization_attempts_s_out_of_s"),attempt_count,attempt_limit);
errorSettings.add(attempt_count+";"+attempt_limit+";");
} }
throw new CustomException(10000, errorMessages, errorSettings, (String)null); throw new CustomException(10000, msg, null);
} }
if (json.has("block")) { if (json.has("block")) {
@ -997,6 +1002,44 @@ public class MainController implements ServletContextAware {
return json.toString(); return json.toString();
} }
Map<String, Integer> userIsBlocked(Translation trt, String login,String ip) throws CustomException {
int attempt_count=0, attempt_limit=0;//, attempt_duration=0;
MapSqlParameterSource parameters = null;
List<java.lang.String> ret = null;
try {
java.lang.String sql = "select * from main.user_is_blocked(:login,:ip)";
parameters = new MapSqlParameterSource();
parameters.addValue("login", login);
parameters.addValue("ip", ip);
ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper());
for (int i = 0; i < ret.size(); i++) {
JSONObject json = new JSONObject(ret.get(i));
if (!json.has("result") || json.getBoolean("result")) {
if(json.getInt("count")==0)
{
throw new CustomException(10000, trt.trt("The_user_account_is_blocked"),null);
}else{
throw new CustomException(10000, java.lang.String.format(trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), json.getInt("limit_duration")),null);
}
}
if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) {
attempt_count = json.getInt("count");
attempt_limit = json.getInt("limit_count");
//attempt_duration = json.getInt("limit_duration");
}
}
}catch (DataAccessException ex){
java.lang.String uuid = UUID.randomUUID().toString();
logger.error("Error executing SQL query", uuid, ex);
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid);
}
Map<String, Integer> result = new HashMap<>();
result.put("attempt_count", attempt_count);
result.put("attempt_limit", attempt_limit);
return result;
}
//Функция для генерации нового TOTP ключа (немного похожа на логин, но не логин). //Функция для генерации нового TOTP ключа (немного похожа на логин, но не логин).
//Если это первое получение TOTP, то старый TOTP не нужен если последующее, то нужен! //Если это первое получение TOTP, то старый TOTP не нужен если последующее, то нужен!
@RequestMapping(value = "/newtotp",method = {RequestMethod.POST},produces = "application/json;charset=utf-8") @RequestMapping(value = "/newtotp",method = {RequestMethod.POST},produces = "application/json;charset=utf-8")
@ -1024,7 +1067,12 @@ public class MainController implements ServletContextAware {
} }
//I check that there are no more than 5 failed authorization errors in 5 minutes //I check that there are no more than 5 failed authorization errors in 5 minutes
String sql = ""; Map<String, Integer> bResult = userIsBlocked(trt, loginModel.getLogin(), ipAddress);
int attempt_count = bResult.get("attempt_count");
int attempt_limit = bResult.get("attempt_limit");
//attempt_duration=0;
/*String sql = "";
int attempt_count=0, attempt_limit=0, attempt_duration=0; int attempt_count=0, attempt_limit=0, attempt_duration=0;
MapSqlParameterSource parameters = null; MapSqlParameterSource parameters = null;
List<String> ret = null; List<String> ret = null;
@ -1052,10 +1100,13 @@ public class MainController implements ServletContextAware {
} }
}catch (DataAccessException ex){ }catch (DataAccessException ex){
String uuid = UUID.randomUUID().toString(); String uuid = UUID.randomUUID().toString();
logger.error("Функция main.user_is_blocked не вернула результата!", uuid, ex); logger.error("Error executing SQL query", uuid, ex);
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid); throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid);
} }*/
String sql = "";
MapSqlParameterSource parameters = null;
List<String> ret = null;
//I'm trying to log in //I'm trying to log in
json = null; json = null;
try { try {
@ -1076,17 +1127,12 @@ public class MainController implements ServletContextAware {
logger.error(uuid,ex); logger.error(uuid,ex);
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid); throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid);
} }
if(json==null) { if(json==null) {
ArrayList errorMessages = new ArrayList(); String msg = trt.trt("Invalid_username_and_or_password");
ArrayList errorSettings = new ArrayList();
errorMessages.add(trt.trt("Invalid_username_and_or_password"));
errorSettings.add("");
if(attempt_count>0){ if(attempt_count>0){
errorMessages.add(trt.trt("Authorization_attempts_s_out_of_s")); msg = msg + " " + String.format(trt.trt("Authorization_attempts_s_out_of_s"),attempt_count,attempt_limit);
errorSettings.add(attempt_count+";"+attempt_limit+";");
} }
throw new CustomException(10000, errorMessages, errorSettings, (String)null); throw new CustomException(10000, msg, null);
} }
if(json.has("block")) { if(json.has("block")) {
@ -1407,7 +1453,7 @@ public class MainController implements ServletContextAware {
} catch (Exception ex) { } catch (Exception ex) {
String uuid = UUID.randomUUID().toString(); String uuid = UUID.randomUUID().toString();
logger.error(uuid, ex); logger.error(uuid, ex);
return createStrJSONError(10000,trt.trt("Failed_send_mail_to_s"), token.getString("email"),uuid); return createStrJSONError(10000,String.format(trt.trt("Failed_send_mail_to_s"), token.getString("email")),uuid);
} }
return createStrJSONError(0, trt.trt("A_recovery_link_has_been_sent_to_your_email"),(String)null,(String)null); return createStrJSONError(0, trt.trt("A_recovery_link_has_been_sent_to_your_email"),(String)null,(String)null);
} }
@ -1449,45 +1495,35 @@ public class MainController implements ServletContextAware {
ipAddress = request.getRemoteAddr(); ipAddress = request.getRemoteAddr();
} }
//I check that there are no more than 5 failed authorization errors in 5 minutes Map<String, Integer> bResult = userIsBlocked(trt, update.getLogin(), ipAddress);
String sql = ""; int attempt_count = bResult.get("attempt_count");
int attempt_count=0, attempt_limit=0, attempt_duration=0; int attempt_limit = bResult.get("attempt_limit");
MapSqlParameterSource parameters = null; //attempt_duration=0;
List<String> ret = null;
try { //String sql = "select main.user_is_blocked(:login,:ip) as block";
sql = "select * from main.user_is_blocked(:login,:ip)"; /*String sql = "select * from main.user_is_blocked(:login,:ip)";
parameters = new MapSqlParameterSource(); MapSqlParameterSource parameters = new MapSqlParameterSource();
parameters.addValue("login", update.getLogin()); parameters.addValue("login", update.getLogin());
parameters.addValue("ip", ipAddress); parameters.addValue("ip", ipAddress);
ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper()); List<String> ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper());
for (int i = 0; i < ret.size(); i++) { JSONObject rows=null;
json = new JSONObject(ret.get(i)); for (int i = 0; i < ret.size(); i++) {
if (!json.has("result") || json.getBoolean("result")) { rows = new JSONObject(ret.get(i));
if(json.getInt("count")==0) if(rows.getBoolean("result")) {
{ throw new CustomException(10000, String.format(trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), 5),null);
throw new CustomException(10000, trt.trt("The_user_account_is_blocked"),null);
}else{
throw new CustomException(10000, trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), String.valueOf(json.getInt("limit_duration")),(String)null);
}
}
if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) {
attempt_count = json.getInt("count") + 1;
attempt_limit = json.getInt("limit_count");
//attempt_duration = json.getInt("limit_duration");
}
} }
}catch (DataAccessException ex){
String uuid = UUID.randomUUID().toString();
logger.error("Функция main.user_is_blocked не вернула результата!", uuid, ex);
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid);
} }
if(rows==null) {
logger.error("Функция main.user_is_blocked не вернула результата!");
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),null);
}*/
//Получаю id пользователя //Получаю id пользователя
sql="select id from main._users where del=false and password=crypt(:password, password) and email=:email"; String sql = "select id from main._users where del=false and password=crypt(:password, password) and email=:email";
parameters = new MapSqlParameterSource(); MapSqlParameterSource parameters = new MapSqlParameterSource();
parameters.addValue("email", update.getLogin()); parameters.addValue("email", update.getLogin());
parameters.addValue("password", update.getPassword()); parameters.addValue("password", update.getPassword());
ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper()); List<String> ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper());
JSONObject rows=null; JSONObject rows=null;
for (int i = 0; i < ret.size(); i++) { for (int i = 0; i < ret.size(); i++) {
rows = new JSONObject(ret.get(i)); rows = new JSONObject(ret.get(i));