diff --git a/src/main/java/org/ccalm/jwt/MainController.java b/src/main/java/org/ccalm/jwt/MainController.java index b9cfe30..c980c48 100644 --- a/src/main/java/org/ccalm/jwt/MainController.java +++ b/src/main/java/org/ccalm/jwt/MainController.java @@ -622,7 +622,7 @@ public class MainController implements ServletContextAware { try { EmailUtility.sendEmail(mail_host, mail_port, mail_login, mail_password, newUserModel.getEmail(), trt.trt("Password"), html); } catch (MessagingException e) { - throw new CustomException(10000, String.format(trt.trt("Failed_send_mail_to_s"), newUserModel.getEmail()),null); + throw new CustomException(10000, trt.trt("Failed_send_mail_to_s"), newUserModel.getEmail(), (String)null); } json.put("error_message",trt.trt("The_authorization_password_has_been_sent_to_your_email_address")); @@ -747,7 +747,7 @@ public class MainController implements ServletContextAware { { throw new CustomException(10000, trt.trt("The_user_account_is_blocked"),null); }else{ - throw new CustomException(10000, String.format(trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), json.getInt("limit_duration")),null); + throw new CustomException(10000, trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), json.getInt("limit_duration"),(String)null); } } if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) { @@ -783,12 +783,17 @@ public class MainController implements ServletContextAware { logger.error(uuid,ex); throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid); } + if(json==null) { - String msg = trt.trt("Invalid_username_and_or_password"); + ArrayList errorMessages = new ArrayList(); + ArrayList errorSettings = new ArrayList(); + errorMessages.add(trt.trt("Invalid_username_and_or_password")); + errorSettings.add(""); if(attempt_count>0){ - msg = msg + " " + String.format(trt.trt("Authorization_attempts_s_out_of_s"),attempt_count,attempt_limit); + errorMessages.add(trt.trt("Authorization_attempts_s_out_of_s")); + errorSettings.add(attempt_count+";"+attempt_limit+";"); } - throw new CustomException(10000, msg, null); + throw new CustomException(10000, errorMessages, errorSettings, (String)null); } if (json.has("block")) { @@ -1013,7 +1018,7 @@ public class MainController implements ServletContextAware { { throw new CustomException(10000, trt.trt("The_user_account_is_blocked"),null); }else{ - throw new CustomException(10000, String.format(trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), json.getInt("limit_duration")),null); + throw new CustomException(10000, trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), json.getInt("limit_duration"),(String)null); } } if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) { @@ -1048,12 +1053,17 @@ public class MainController implements ServletContextAware { logger.error(uuid,ex); throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid); } + if(json==null) { - String msg = trt.trt("Invalid_username_and_or_password"); + ArrayList errorMessages = new ArrayList(); + ArrayList errorSettings = new ArrayList(); + errorMessages.add(trt.trt("Invalid_username_and_or_password")); + errorSettings.add(""); if(attempt_count>0){ - msg = msg + " " + String.format(trt.trt("Authorization_attempts_s_out_of_s"),attempt_count,attempt_limit); + errorMessages.add(trt.trt("Authorization_attempts_s_out_of_s")); + errorSettings.add(attempt_count+";"+attempt_limit+";"); } - throw new CustomException(10000, msg, null); + throw new CustomException(10000, errorMessages, errorSettings, (String)null); } if(json.has("block")) { @@ -1179,7 +1189,7 @@ public class MainController implements ServletContextAware { logout(response,request); //Удаляю куки чтобы эмулировать выход из приложения return createStrJSONError(10000,trt.trt("Attempt_to_substitution_tokens"),null); } - ++++++++++ //TODO проверить не заблокирован ли пользователь //if(json.has("block")) { // if(json.getBoolean("block")) @@ -1374,7 +1384,7 @@ public class MainController implements ServletContextAware { } catch (Exception ex) { String uuid = UUID.randomUUID().toString(); logger.error(uuid, ex); - return createStrJSONError(10000,String.format(trt.trt("Failed_send_mail_to_s"), token.getString("email")),uuid); + return createStrJSONError(10000,trt.trt("Failed_send_mail_to_s"), token.getString("email"),uuid); } return createStrJSONError(0, trt.trt("A_recovery_link_has_been_sent_to_your_email"),(String)null); } @@ -1415,22 +1425,38 @@ public class MainController implements ServletContextAware { if (ipAddress == null) { ipAddress = request.getRemoteAddr(); } - //String sql = "select main.user_is_blocked(:login,:ip) as block"; - String sql = "select * from main.user_is_blocked(:login,:ip)"; - MapSqlParameterSource parameters = new MapSqlParameterSource(); - parameters.addValue("login", update.getLogin()); - parameters.addValue("ip", ipAddress); - List ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper()); - JSONObject rows=null; - for (int i = 0; i < ret.size(); i++) { - rows = new JSONObject(ret.get(i)); - if(rows.getBoolean("result")) { - throw new CustomException(10000, String.format(trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), 5),null); + + //I check that there are no more than 5 failed authorization errors in 5 minutes + String sql = ""; + int attempt_count=0, attempt_limit=0, attempt_duration=0; + MapSqlParameterSource parameters = null; + List ret = null; + try { + sql = "select * from main.user_is_blocked(:login,:ip)"; + parameters = new MapSqlParameterSource(); + parameters.addValue("login", update.getLogin()); + parameters.addValue("ip", ipAddress); + ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper()); + for (int i = 0; i < ret.size(); i++) { + json = new JSONObject(ret.get(i)); + if (!json.has("result") || json.getBoolean("result")) { + if(json.getInt("count")==0) + { + throw new CustomException(10000, trt.trt("The_user_account_is_blocked"),null); + }else{ + throw new CustomException(10000, trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), String.valueOf(json.getInt("limit_duration")),(String)null); + } + } + if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) { + attempt_count = json.getInt("count") + 1; + attempt_limit = json.getInt("limit_count"); + //attempt_duration = json.getInt("limit_duration"); + } } - } - if(rows==null) { - logger.error("Функция main.user_is_blocked не вернула результата!"); - throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),null); + }catch (DataAccessException ex){ + String uuid = UUID.randomUUID().toString(); + logger.error("Функция main.user_is_blocked не вернула результата!", uuid, ex); + throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid); } //Получаю id пользователя @@ -1439,7 +1465,7 @@ public class MainController implements ServletContextAware { parameters.addValue("email", update.getLogin()); parameters.addValue("password", update.getPassword()); ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper()); - rows = null; + JSONObject rows=null; for (int i = 0; i < ret.size(); i++) { rows = new JSONObject(ret.get(i)); }