конфликт будет
This commit is contained in:
Igor I
@ -622,7 +622,7 @@ public class MainController implements ServletContextAware {
|
|||||||
try {
|
try {
|
||||||
EmailUtility.sendEmail(mail_host, mail_port, mail_login, mail_password, newUserModel.getEmail(), trt.trt("Password"), html);
|
EmailUtility.sendEmail(mail_host, mail_port, mail_login, mail_password, newUserModel.getEmail(), trt.trt("Password"), html);
|
||||||
} catch (MessagingException e) {
|
} catch (MessagingException e) {
|
||||||
throw new CustomException(10000, String.format(trt.trt("Failed_send_mail_to_s"), newUserModel.getEmail()),null);
|
throw new CustomException(10000, trt.trt("Failed_send_mail_to_s"), newUserModel.getEmail(), (String)null);
|
||||||
}
|
}
|
||||||
|
|
||||||
json.put("error_message",trt.trt("The_authorization_password_has_been_sent_to_your_email_address"));
|
json.put("error_message",trt.trt("The_authorization_password_has_been_sent_to_your_email_address"));
|
||||||
@ -747,7 +747,7 @@ public class MainController implements ServletContextAware {
|
|||||||
{
|
{
|
||||||
throw new CustomException(10000, trt.trt("The_user_account_is_blocked"),null);
|
throw new CustomException(10000, trt.trt("The_user_account_is_blocked"),null);
|
||||||
}else{
|
}else{
|
||||||
throw new CustomException(10000, String.format(trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), json.getInt("limit_duration")),null);
|
throw new CustomException(10000, trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), json.getInt("limit_duration"),(String)null);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) {
|
if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) {
|
||||||
@ -783,12 +783,17 @@ public class MainController implements ServletContextAware {
|
|||||||
logger.error(uuid,ex);
|
logger.error(uuid,ex);
|
||||||
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid);
|
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(json==null) {
|
if(json==null) {
|
||||||
String msg = trt.trt("Invalid_username_and_or_password");
|
ArrayList errorMessages = new ArrayList();
|
||||||
|
ArrayList errorSettings = new ArrayList();
|
||||||
|
errorMessages.add(trt.trt("Invalid_username_and_or_password"));
|
||||||
|
errorSettings.add("");
|
||||||
if(attempt_count>0){
|
if(attempt_count>0){
|
||||||
msg = msg + " " + String.format(trt.trt("Authorization_attempts_s_out_of_s"),attempt_count,attempt_limit);
|
errorMessages.add(trt.trt("Authorization_attempts_s_out_of_s"));
|
||||||
|
errorSettings.add(attempt_count+";"+attempt_limit+";");
|
||||||
}
|
}
|
||||||
throw new CustomException(10000, msg, null);
|
throw new CustomException(10000, errorMessages, errorSettings, (String)null);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (json.has("block")) {
|
if (json.has("block")) {
|
||||||
@ -1013,7 +1018,7 @@ public class MainController implements ServletContextAware {
|
|||||||
{
|
{
|
||||||
throw new CustomException(10000, trt.trt("The_user_account_is_blocked"),null);
|
throw new CustomException(10000, trt.trt("The_user_account_is_blocked"),null);
|
||||||
}else{
|
}else{
|
||||||
throw new CustomException(10000, String.format(trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), json.getInt("limit_duration")),null);
|
throw new CustomException(10000, trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), json.getInt("limit_duration"),(String)null);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) {
|
if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) {
|
||||||
@ -1048,12 +1053,17 @@ public class MainController implements ServletContextAware {
|
|||||||
logger.error(uuid,ex);
|
logger.error(uuid,ex);
|
||||||
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid);
|
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(json==null) {
|
if(json==null) {
|
||||||
String msg = trt.trt("Invalid_username_and_or_password");
|
ArrayList errorMessages = new ArrayList();
|
||||||
|
ArrayList errorSettings = new ArrayList();
|
||||||
|
errorMessages.add(trt.trt("Invalid_username_and_or_password"));
|
||||||
|
errorSettings.add("");
|
||||||
if(attempt_count>0){
|
if(attempt_count>0){
|
||||||
msg = msg + " " + String.format(trt.trt("Authorization_attempts_s_out_of_s"),attempt_count,attempt_limit);
|
errorMessages.add(trt.trt("Authorization_attempts_s_out_of_s"));
|
||||||
|
errorSettings.add(attempt_count+";"+attempt_limit+";");
|
||||||
}
|
}
|
||||||
throw new CustomException(10000, msg, null);
|
throw new CustomException(10000, errorMessages, errorSettings, (String)null);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(json.has("block")) {
|
if(json.has("block")) {
|
||||||
@ -1179,7 +1189,7 @@ public class MainController implements ServletContextAware {
|
|||||||
logout(response,request); //Удаляю куки чтобы эмулировать выход из приложения
|
logout(response,request); //Удаляю куки чтобы эмулировать выход из приложения
|
||||||
return createStrJSONError(10000,trt.trt("Attempt_to_substitution_tokens"),null);
|
return createStrJSONError(10000,trt.trt("Attempt_to_substitution_tokens"),null);
|
||||||
}
|
}
|
||||||
|
+++++++++
|
||||||
//TODO проверить не заблокирован ли пользователь
|
//TODO проверить не заблокирован ли пользователь
|
||||||
//if(json.has("block")) {
|
//if(json.has("block")) {
|
||||||
// if(json.getBoolean("block"))
|
// if(json.getBoolean("block"))
|
||||||
@ -1374,7 +1384,7 @@ public class MainController implements ServletContextAware {
|
|||||||
} catch (Exception ex) {
|
} catch (Exception ex) {
|
||||||
String uuid = UUID.randomUUID().toString();
|
String uuid = UUID.randomUUID().toString();
|
||||||
logger.error(uuid, ex);
|
logger.error(uuid, ex);
|
||||||
return createStrJSONError(10000,String.format(trt.trt("Failed_send_mail_to_s"), token.getString("email")),uuid);
|
return createStrJSONError(10000,trt.trt("Failed_send_mail_to_s"), token.getString("email"),uuid);
|
||||||
}
|
}
|
||||||
return createStrJSONError(0, trt.trt("A_recovery_link_has_been_sent_to_your_email"),(String)null);
|
return createStrJSONError(0, trt.trt("A_recovery_link_has_been_sent_to_your_email"),(String)null);
|
||||||
}
|
}
|
||||||
@ -1415,22 +1425,38 @@ public class MainController implements ServletContextAware {
|
|||||||
if (ipAddress == null) {
|
if (ipAddress == null) {
|
||||||
ipAddress = request.getRemoteAddr();
|
ipAddress = request.getRemoteAddr();
|
||||||
}
|
}
|
||||||
//String sql = "select main.user_is_blocked(:login,:ip) as block";
|
|
||||||
String sql = "select * from main.user_is_blocked(:login,:ip)";
|
//I check that there are no more than 5 failed authorization errors in 5 minutes
|
||||||
MapSqlParameterSource parameters = new MapSqlParameterSource();
|
String sql = "";
|
||||||
|
int attempt_count=0, attempt_limit=0, attempt_duration=0;
|
||||||
|
MapSqlParameterSource parameters = null;
|
||||||
|
List<String> ret = null;
|
||||||
|
try {
|
||||||
|
sql = "select * from main.user_is_blocked(:login,:ip)";
|
||||||
|
parameters = new MapSqlParameterSource();
|
||||||
parameters.addValue("login", update.getLogin());
|
parameters.addValue("login", update.getLogin());
|
||||||
parameters.addValue("ip", ipAddress);
|
parameters.addValue("ip", ipAddress);
|
||||||
List<String> ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper());
|
ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper());
|
||||||
JSONObject rows=null;
|
|
||||||
for (int i = 0; i < ret.size(); i++) {
|
for (int i = 0; i < ret.size(); i++) {
|
||||||
rows = new JSONObject(ret.get(i));
|
json = new JSONObject(ret.get(i));
|
||||||
if(rows.getBoolean("result")) {
|
if (!json.has("result") || json.getBoolean("result")) {
|
||||||
throw new CustomException(10000, String.format(trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), 5),null);
|
if(json.getInt("count")==0)
|
||||||
|
{
|
||||||
|
throw new CustomException(10000, trt.trt("The_user_account_is_blocked"),null);
|
||||||
|
}else{
|
||||||
|
throw new CustomException(10000, trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), String.valueOf(json.getInt("limit_duration")),(String)null);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(rows==null) {
|
if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) {
|
||||||
logger.error("Функция main.user_is_blocked не вернула результата!");
|
attempt_count = json.getInt("count") + 1;
|
||||||
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),null);
|
attempt_limit = json.getInt("limit_count");
|
||||||
|
//attempt_duration = json.getInt("limit_duration");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}catch (DataAccessException ex){
|
||||||
|
String uuid = UUID.randomUUID().toString();
|
||||||
|
logger.error("Функция main.user_is_blocked не вернула результата!", uuid, ex);
|
||||||
|
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid);
|
||||||
}
|
}
|
||||||
|
|
||||||
//Получаю id пользователя
|
//Получаю id пользователя
|
||||||
@ -1439,7 +1465,7 @@ public class MainController implements ServletContextAware {
|
|||||||
parameters.addValue("email", update.getLogin());
|
parameters.addValue("email", update.getLogin());
|
||||||
parameters.addValue("password", update.getPassword());
|
parameters.addValue("password", update.getPassword());
|
||||||
ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper());
|
ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper());
|
||||||
rows = null;
|
JSONObject rows=null;
|
||||||
for (int i = 0; i < ret.size(); i++) {
|
for (int i = 0; i < ret.size(); i++) {
|
||||||
rows = new JSONObject(ret.get(i));
|
rows = new JSONObject(ret.get(i));
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user