конфликт будет
This commit is contained in:
Igor I
@ -622,7 +622,7 @@ public class MainController implements ServletContextAware {
|
||||
try {
|
||||
EmailUtility.sendEmail(mail_host, mail_port, mail_login, mail_password, newUserModel.getEmail(), trt.trt("Password"), html);
|
||||
} catch (MessagingException e) {
|
||||
throw new CustomException(10000, String.format(trt.trt("Failed_send_mail_to_s"), newUserModel.getEmail()),null);
|
||||
throw new CustomException(10000, trt.trt("Failed_send_mail_to_s"), newUserModel.getEmail(), (String)null);
|
||||
}
|
||||
|
||||
json.put("error_message",trt.trt("The_authorization_password_has_been_sent_to_your_email_address"));
|
||||
@ -747,7 +747,7 @@ public class MainController implements ServletContextAware {
|
||||
{
|
||||
throw new CustomException(10000, trt.trt("The_user_account_is_blocked"),null);
|
||||
}else{
|
||||
throw new CustomException(10000, String.format(trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), json.getInt("limit_duration")),null);
|
||||
throw new CustomException(10000, trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), json.getInt("limit_duration"),(String)null);
|
||||
}
|
||||
}
|
||||
if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) {
|
||||
@ -783,12 +783,17 @@ public class MainController implements ServletContextAware {
|
||||
logger.error(uuid,ex);
|
||||
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid);
|
||||
}
|
||||
|
||||
if(json==null) {
|
||||
String msg = trt.trt("Invalid_username_and_or_password");
|
||||
ArrayList errorMessages = new ArrayList();
|
||||
ArrayList errorSettings = new ArrayList();
|
||||
errorMessages.add(trt.trt("Invalid_username_and_or_password"));
|
||||
errorSettings.add("");
|
||||
if(attempt_count>0){
|
||||
msg = msg + " " + String.format(trt.trt("Authorization_attempts_s_out_of_s"),attempt_count,attempt_limit);
|
||||
errorMessages.add(trt.trt("Authorization_attempts_s_out_of_s"));
|
||||
errorSettings.add(attempt_count+";"+attempt_limit+";");
|
||||
}
|
||||
throw new CustomException(10000, msg, null);
|
||||
throw new CustomException(10000, errorMessages, errorSettings, (String)null);
|
||||
}
|
||||
|
||||
if (json.has("block")) {
|
||||
@ -1013,7 +1018,7 @@ public class MainController implements ServletContextAware {
|
||||
{
|
||||
throw new CustomException(10000, trt.trt("The_user_account_is_blocked"),null);
|
||||
}else{
|
||||
throw new CustomException(10000, String.format(trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), json.getInt("limit_duration")),null);
|
||||
throw new CustomException(10000, trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), json.getInt("limit_duration"),(String)null);
|
||||
}
|
||||
}
|
||||
if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) {
|
||||
@ -1048,12 +1053,17 @@ public class MainController implements ServletContextAware {
|
||||
logger.error(uuid,ex);
|
||||
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid);
|
||||
}
|
||||
|
||||
if(json==null) {
|
||||
String msg = trt.trt("Invalid_username_and_or_password");
|
||||
ArrayList errorMessages = new ArrayList();
|
||||
ArrayList errorSettings = new ArrayList();
|
||||
errorMessages.add(trt.trt("Invalid_username_and_or_password"));
|
||||
errorSettings.add("");
|
||||
if(attempt_count>0){
|
||||
msg = msg + " " + String.format(trt.trt("Authorization_attempts_s_out_of_s"),attempt_count,attempt_limit);
|
||||
errorMessages.add(trt.trt("Authorization_attempts_s_out_of_s"));
|
||||
errorSettings.add(attempt_count+";"+attempt_limit+";");
|
||||
}
|
||||
throw new CustomException(10000, msg, null);
|
||||
throw new CustomException(10000, errorMessages, errorSettings, (String)null);
|
||||
}
|
||||
|
||||
if(json.has("block")) {
|
||||
@ -1179,7 +1189,7 @@ public class MainController implements ServletContextAware {
|
||||
logout(response,request); //Удаляю куки чтобы эмулировать выход из приложения
|
||||
return createStrJSONError(10000,trt.trt("Attempt_to_substitution_tokens"),null);
|
||||
}
|
||||
|
||||
+++++++++
|
||||
//TODO проверить не заблокирован ли пользователь
|
||||
//if(json.has("block")) {
|
||||
// if(json.getBoolean("block"))
|
||||
@ -1374,7 +1384,7 @@ public class MainController implements ServletContextAware {
|
||||
} catch (Exception ex) {
|
||||
String uuid = UUID.randomUUID().toString();
|
||||
logger.error(uuid, ex);
|
||||
return createStrJSONError(10000,String.format(trt.trt("Failed_send_mail_to_s"), token.getString("email")),uuid);
|
||||
return createStrJSONError(10000,trt.trt("Failed_send_mail_to_s"), token.getString("email"),uuid);
|
||||
}
|
||||
return createStrJSONError(0, trt.trt("A_recovery_link_has_been_sent_to_your_email"),(String)null);
|
||||
}
|
||||
@ -1415,22 +1425,38 @@ public class MainController implements ServletContextAware {
|
||||
if (ipAddress == null) {
|
||||
ipAddress = request.getRemoteAddr();
|
||||
}
|
||||
//String sql = "select main.user_is_blocked(:login,:ip) as block";
|
||||
String sql = "select * from main.user_is_blocked(:login,:ip)";
|
||||
MapSqlParameterSource parameters = new MapSqlParameterSource();
|
||||
|
||||
//I check that there are no more than 5 failed authorization errors in 5 minutes
|
||||
String sql = "";
|
||||
int attempt_count=0, attempt_limit=0, attempt_duration=0;
|
||||
MapSqlParameterSource parameters = null;
|
||||
List<String> ret = null;
|
||||
try {
|
||||
sql = "select * from main.user_is_blocked(:login,:ip)";
|
||||
parameters = new MapSqlParameterSource();
|
||||
parameters.addValue("login", update.getLogin());
|
||||
parameters.addValue("ip", ipAddress);
|
||||
List<String> ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper());
|
||||
JSONObject rows=null;
|
||||
ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper());
|
||||
for (int i = 0; i < ret.size(); i++) {
|
||||
rows = new JSONObject(ret.get(i));
|
||||
if(rows.getBoolean("result")) {
|
||||
throw new CustomException(10000, String.format(trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), 5),null);
|
||||
json = new JSONObject(ret.get(i));
|
||||
if (!json.has("result") || json.getBoolean("result")) {
|
||||
if(json.getInt("count")==0)
|
||||
{
|
||||
throw new CustomException(10000, trt.trt("The_user_account_is_blocked"),null);
|
||||
}else{
|
||||
throw new CustomException(10000, trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), String.valueOf(json.getInt("limit_duration")),(String)null);
|
||||
}
|
||||
}
|
||||
if(rows==null) {
|
||||
logger.error("Функция main.user_is_blocked не вернула результата!");
|
||||
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),null);
|
||||
if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) {
|
||||
attempt_count = json.getInt("count") + 1;
|
||||
attempt_limit = json.getInt("limit_count");
|
||||
//attempt_duration = json.getInt("limit_duration");
|
||||
}
|
||||
}
|
||||
}catch (DataAccessException ex){
|
||||
String uuid = UUID.randomUUID().toString();
|
||||
logger.error("Функция main.user_is_blocked не вернула результата!", uuid, ex);
|
||||
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid);
|
||||
}
|
||||
|
||||
//Получаю id пользователя
|
||||
@ -1439,7 +1465,7 @@ public class MainController implements ServletContextAware {
|
||||
parameters.addValue("email", update.getLogin());
|
||||
parameters.addValue("password", update.getPassword());
|
||||
ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper());
|
||||
rows = null;
|
||||
JSONObject rows=null;
|
||||
for (int i = 0; i < ret.size(); i++) {
|
||||
rows = new JSONObject(ret.get(i));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user