=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditService.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditService.java 2010-03-08 07:37:39 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditService.java 2010-03-30 23:08:42 +0000 @@ -32,12 +32,20 @@ */ public interface UserAuditService { - final int TIMEFRAME_NUMBER_OF_HOURS = 1; - final int MAX_NUMBER_OF_ATTEMPTS = 3; + final int TIMEFRAME_MINUTES = 10; //TODO: through System Settings + final int MAX_NUMBER_OF_ATTEMPTS = 5; //TODO: through System Settings void registerLoginSuccess( String username ); void registerLogout( String username ); void registerLoginFailure( String username ); + + void resetLockoutTimeframe( String username ); + + int getLoginFailures( String username ); + + int getMaxAttempts(); + + int getLockoutTimeframe(); } === modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditStore.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditStore.java 2010-03-08 07:37:39 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditStore.java 2010-03-30 23:08:42 +0000 @@ -43,5 +43,7 @@ void deleteLoginFailures( String username ); + void resetLoginFailures( String username, Date date ); + int getLoginFailures( String username, Date date ); } === modified file 'dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/DefaultUserAuditService.java' --- dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/DefaultUserAuditService.java 2010-03-08 07:37:39 +0000 +++ dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/DefaultUserAuditService.java 2010-03-30 23:08:42 +0000 @@ -40,48 +40,76 @@ public class DefaultUserAuditService implements UserAuditService { + private static final Log log = LogFactory.getLog( DefaultUserAuditService.class ); - + private UserAuditStore userAuditStore; - + public void setUserAuditStore( UserAuditStore userAuditStore ) { this.userAuditStore = userAuditStore; } + @Override public void registerLoginSuccess( String username ) { - log.info( "User login success: '" + username + "'" ); + log.info( "User login success: '" + username + "'" ); + + resetLockoutTimeframe( username ); } + @Override public void registerLogout( String username ) { log.info( "User logout: '" + username + "'" ); } @Transactional + @Override public void registerLoginFailure( String username ) { log.info( "User login failure: '" + username + "'" ); - + userAuditStore.saveLoginFailure( new LoginFailure( username, new Date() ) ); - + int no = userAuditStore.getLoginFailures( username, getDate() ); - + if ( no >= MAX_NUMBER_OF_ATTEMPTS ) { log.info( "Max number of login attempts exceeded: '" + username + "'" ); - - userAuditStore.deleteLoginFailures( username ); } } - + private Date getDate() { - Calendar cal = Calendar.getInstance(); - cal.clear(); - cal.add( Calendar.HOUR, TIMEFRAME_NUMBER_OF_HOURS * -1 ); - + Calendar cal = Calendar.getInstance(); + cal.add( Calendar.MINUTE, TIMEFRAME_MINUTES * -1 ); return cal.getTime(); } + + @Transactional + @Override + public int getLoginFailures( String username ) + { + int no = userAuditStore.getLoginFailures( username, getDate() ); + return no; + } + + @Override + public int getMaxAttempts() + { + return MAX_NUMBER_OF_ATTEMPTS; + } + + @Override + public int getLockoutTimeframe() + { + return TIMEFRAME_MINUTES; + } + + @Override + public void resetLockoutTimeframe( String username ) + { + userAuditStore.resetLoginFailures( username, getDate() ); + } } === modified file 'dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/hibernate/HibernateUserAuditStore.java' --- dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/hibernate/HibernateUserAuditStore.java 2010-03-08 07:37:39 +0000 +++ dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/hibernate/HibernateUserAuditStore.java 2010-03-30 23:08:42 +0000 @@ -29,6 +29,7 @@ import java.util.Collection; import java.util.Date; +import org.hibernate.Query; import org.hibernate.Session; import org.hibernate.SessionFactory; @@ -41,43 +42,67 @@ public class HibernateUserAuditStore implements UserAuditStore { + private SessionFactory sessionFactory; - + public void setSessionFactory( SessionFactory sessionFactory ) { this.sessionFactory = sessionFactory; } + @Override public void saveLoginFailure( LoginFailure login ) { sessionFactory.getCurrentSession().save( login ); } - - @SuppressWarnings( "unchecked" ) + + @SuppressWarnings("unchecked") + @Override public Collection getAllLoginFailures() { return sessionFactory.getCurrentSession().createCriteria( LoginFailure.class ).list(); } - + + @Override public void deleteLoginFailures( String username ) { String hql = "delete from LoginFailure where username = :username"; - + sessionFactory.getCurrentSession().createQuery( hql ).setString( "username", username ).executeUpdate(); } - + + @Override public int getLoginFailures( String username, Date date ) { Session session = sessionFactory.getCurrentSession(); - - String hql = "delete from LoginFailure where date < :date"; - - session.createQuery( hql ).setDate( "date", date ).executeUpdate(); - - hql = "select count(*) from LoginFailure where username = :username"; - - Long no = (Long) session.createQuery( hql ).setString( "username", username ).uniqueResult(); - + + String hql = "select count(*) from LoginFailure where username = :username and date > :date"; + + Query q = session.createQuery( hql ); + + q.setString( "username", username ); + + q.setTimestamp( "date", date ); + + Long no = (Long) q.list().get( 0 ); + return no.intValue(); } + + //TODO: create GUI for reset and accurate logging + @Override + public void resetLoginFailures( String username, Date date ) + { + Session session = sessionFactory.getCurrentSession(); + + String hql = "delete from LoginFailure where username = :username and date > :date"; + + Query q = session.createQuery( hql ); + + q.setString( "username", username ); + + q.setTimestamp( "date", date ); + + q.executeUpdate(); + } } === removed file 'dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.html' --- dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.html 2010-03-12 16:38:18 +0000 +++ dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.html 1970-01-01 00:00:00 +0000 @@ -1,39 +0,0 @@ - - - - DHIS 2 - - - - - - -
-

-
- - - - - - - - - - - - - - - - -
-
-
-
- - === added file 'dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.jsp' --- dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.jsp 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.jsp 2010-03-30 23:08:42 +0000 @@ -0,0 +1,59 @@ + + + + + + + DHIS 2 + + + + + + +
+

+ <% + Object obj = session.getAttribute( "SPRING_SECURITY_LAST_USERNAME" ); + boolean formVisible = true; + if( obj != null ) + { + String username = obj.toString(); + if( userAuditService.getLoginFailures(username) >= userAuditService.getMaxAttempts() ) + { + formVisible = false; + %> + Maximum Tries exceeded... Please try after <%=userAuditService.getLockoutTimeframe() %> mins + <% + } + } + %> + <% if(formVisible){%> +
+ + + + + + + + + + + + + + + + +
+
+
+ <% } %> +
+ + === removed file 'dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.html' --- dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.html 2009-12-10 22:00:36 +0000 +++ dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.html 1970-01-01 00:00:00 +0000 @@ -1,42 +0,0 @@ - - - - DHIS 2 - - - - - - -
-

-
- - - - - - - - - - - - - - - - - - -
-
-
-
- Wrong username or password. Please try again.
- - === added file 'dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.jsp' --- dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.jsp 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.jsp 2010-03-30 23:08:42 +0000 @@ -0,0 +1,63 @@ + + + + + + + DHIS 2 + + + + + + +
+

+ <% + Object obj = session.getAttribute( "SPRING_SECURITY_LAST_USERNAME" ); + boolean formVisible = true; + if( obj != null ) + { + String username = obj.toString(); + if( userAuditService.getLoginFailures(username) >= userAuditService.getMaxAttempts() ) + { + formVisible = false; + %> + Maximum Tries exceeded... Please try after <%=userAuditService.getLockoutTimeframe() %> mins + <% + } + } + %> + <% if( formVisible ){%> +
+ + + + + + + + + + + + + + + + + + +
+
+
+
+ Wrong username or password. Please try again. + <% } %> +
+ + === modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/beans.xml' --- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/beans.xml 2010-03-25 04:15:30 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/beans.xml 2010-03-30 23:08:42 +0000 @@ -278,7 +278,7 @@ - + @@ -296,7 +296,7 @@ - + @@ -314,7 +314,20 @@ - + + + + + + + + + + + + + +