From 43a09702ca63d226f4fb385bd667671f2df7d4ca Mon Sep 17 00:00:00 2001 From: dewniMW Date: Mon, 3 Jun 2024 14:03:52 +0530 Subject: [PATCH] Improve code --- .../smsotp/common/SMSOTPServiceImpl.java | 86 ++++++++++++------- .../smsotp/common/constant/Constants.java | 4 - .../identity/smsotp/common/util/Utils.java | 10 ++- 3 files changed, 62 insertions(+), 38 deletions(-) diff --git a/component/common/src/main/java/org/wso2/carbon/identity/smsotp/common/SMSOTPServiceImpl.java b/component/common/src/main/java/org/wso2/carbon/identity/smsotp/common/SMSOTPServiceImpl.java index ab3cf19..9c227b6 100644 --- a/component/common/src/main/java/org/wso2/carbon/identity/smsotp/common/SMSOTPServiceImpl.java +++ b/component/common/src/main/java/org/wso2/carbon/identity/smsotp/common/SMSOTPServiceImpl.java @@ -56,6 +56,11 @@ import java.util.Map; import java.util.UUID; +import static org.wso2.carbon.identity.handler.event.account.lock.constants.AccountConstants.ACCOUNT_LOCKED_PROPERTY; +import static org.wso2.carbon.identity.handler.event.account.lock.constants.AccountConstants.ACCOUNT_UNLOCK_TIME_PROPERTY; +import static org.wso2.carbon.identity.handler.event.account.lock.constants.AccountConstants.FAILED_LOGIN_ATTEMPTS_PROPERTY; +import static org.wso2.carbon.identity.handler.event.account.lock.constants.AccountConstants.LOGIN_FAIL_TIMEOUT_RATIO_PROPERTY; + /** * This class implements the SMSOTPService interface. */ @@ -412,10 +417,7 @@ private ValidationResponseDTO handleAccountLock(String userId, boolean showFailu User user = getUserById(userId); if (Utils.isAccountLocked(user)) { - FailureReasonDTO error = showFailureReason - ? new FailureReasonDTO(Constants.ErrorMessage.CLIENT_ACCOUNT_LOCKED, userId) - : null; - return new ValidationResponseDTO(userId, false, error); + return createAccountLockedResponse(userId, showFailureReason); } int maxAttempts = 0; @@ -425,21 +427,21 @@ private ValidationResponseDTO handleAccountLock(String userId, boolean showFailu Property[] connectorConfigs = Utils.getAccountLockConnectorConfigs(user.getTenantDomain()); for (Property connectorConfig : connectorConfigs) { switch (connectorConfig.getName()) { - case Constants.PROPERTY_ACCOUNT_LOCK_ON_FAILURE: + case ACCOUNT_LOCKED_PROPERTY: if (!Boolean.parseBoolean(connectorConfig.getValue())) { return null; } - case Constants.PROPERTY_ACCOUNT_LOCK_ON_FAILURE_MAX: + case FAILED_LOGIN_ATTEMPTS_PROPERTY: if (NumberUtils.isNumber(connectorConfig.getValue())) { maxAttempts = Integer.parseInt(connectorConfig.getValue()); } break; - case Constants.PROPERTY_ACCOUNT_LOCK_TIME: + case ACCOUNT_UNLOCK_TIME_PROPERTY: if (NumberUtils.isNumber(connectorConfig.getValue())) { unlockTimePropertyValue = Integer.parseInt(connectorConfig.getValue()); } break; - case Constants.PROPERTY_LOGIN_FAIL_TIMEOUT_RATIO: + case LOGIN_FAIL_TIMEOUT_RATIO_PROPERTY: if (NumberUtils.isNumber(connectorConfig.getValue())) { double value = Double.parseDouble(connectorConfig.getValue()); if (value > 0) { @@ -454,31 +456,12 @@ private ValidationResponseDTO handleAccountLock(String userId, boolean showFailu if (claimValues == null) { claimValues = new HashMap<>(); } - int currentAttempts = 0; - if (NumberUtils.isNumber(claimValues.get(Constants.SMS_OTP_FAILED_ATTEMPTS_CLAIM))) { - currentAttempts = Integer.parseInt(claimValues.get(Constants.SMS_OTP_FAILED_ATTEMPTS_CLAIM)); - } - int failedLoginLockoutCountValue = 0; - if (NumberUtils.isNumber(claimValues.get(Constants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM))) { - failedLoginLockoutCountValue = - Integer.parseInt(claimValues.get(Constants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM)); - } + int currentAttempts = getCurrentAttempts(claimValues); + int failedLoginLockoutCountValue = getFailedLoginLockoutCount(claimValues); Map updatedClaims = new HashMap<>(); if ((currentAttempts + 1) >= maxAttempts) { - // Calculate the incremental unlock time interval in milli seconds. - unlockTimePropertyValue = (long) (unlockTimePropertyValue * 1000 * 60 * Math.pow(unlockTimeRatio, - failedLoginLockoutCountValue)); - // Calculate unlock time by adding current time and unlock time interval in milli seconds. - long unlockTime = System.currentTimeMillis() + unlockTimePropertyValue; - updatedClaims.put(Constants.ACCOUNT_LOCKED_CLAIM, Boolean.TRUE.toString()); - updatedClaims.put(Constants.SMS_OTP_FAILED_ATTEMPTS_CLAIM, "0"); - updatedClaims.put(Constants.ACCOUNT_UNLOCK_TIME_CLAIM, String.valueOf(unlockTime)); - updatedClaims.put(Constants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM, - String.valueOf(failedLoginLockoutCountValue + 1)); - updatedClaims.put(Constants.ACCOUNT_LOCKED_REASON_CLAIM_URI, - Constants.MAX_SMS_OTP_ATTEMPTS_EXCEEDED); - IdentityUtil.threadLocalProperties.get().put(Constants.ADMIN_INITIATED, false); + populateAccountLockClaims(unlockTimePropertyValue, unlockTimeRatio, failedLoginLockoutCountValue, updatedClaims); setUserClaimValues(user, updatedClaims); FailureReasonDTO error = showFailureReason ? new FailureReasonDTO(Constants.ErrorMessage.CLIENT_ACCOUNT_LOCKED, userId) @@ -491,6 +474,47 @@ private ValidationResponseDTO handleAccountLock(String userId, boolean showFailu } } + private ValidationResponseDTO createAccountLockedResponse(String userId, boolean showFailureReason) { + + FailureReasonDTO error = showFailureReason ? + new FailureReasonDTO(Constants.ErrorMessage.CLIENT_ACCOUNT_LOCKED, userId) : null; + return new ValidationResponseDTO(userId, false, error); + } + + private void populateAccountLockClaims(long unlockTimePropertyValue, double unlockTimeRatio, + int failedLoginLockoutCountValue, Map updatedClaims) { + + // Calculate the incremental unlock time interval in milli seconds. + unlockTimePropertyValue = (long) (unlockTimePropertyValue * 1000 * 60 * Math.pow(unlockTimeRatio, + failedLoginLockoutCountValue)); + // Calculate unlock time by adding current time and unlock time interval in milli seconds. + long unlockTime = System.currentTimeMillis() + unlockTimePropertyValue; + updatedClaims.put(Constants.ACCOUNT_LOCKED_CLAIM, Boolean.TRUE.toString()); + updatedClaims.put(Constants.SMS_OTP_FAILED_ATTEMPTS_CLAIM, "0"); + updatedClaims.put(Constants.ACCOUNT_UNLOCK_TIME_CLAIM, String.valueOf(unlockTime)); + updatedClaims.put(Constants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM, + String.valueOf(failedLoginLockoutCountValue + 1)); + updatedClaims.put(Constants.ACCOUNT_LOCKED_REASON_CLAIM_URI, + Constants.MAX_SMS_OTP_ATTEMPTS_EXCEEDED); + IdentityUtil.threadLocalProperties.get().put(Constants.ADMIN_INITIATED, false); + } + + private int getCurrentAttempts(Map claimValues) { + + if (NumberUtils.isNumber(claimValues.get(Constants.SMS_OTP_FAILED_ATTEMPTS_CLAIM))) { + return Integer.parseInt(claimValues.get(Constants.SMS_OTP_FAILED_ATTEMPTS_CLAIM)); + } + return 0; + } + + private int getFailedLoginLockoutCount(Map claimValues) { + + if (NumberUtils.isNumber(claimValues.get(Constants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM))) { + return Integer.parseInt(claimValues.get(Constants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM)); + } + return 0; + } + private User getUserById(String userId) throws SMSOTPException { try { @@ -552,7 +576,7 @@ private void resetOtpFailedAttempts(String userId) throws SMSOTPException { Property[] connectorConfigs = Utils.getAccountLockConnectorConfigs(user.getTenantDomain()); // Return if account lock handler is not enabled. for (Property connectorConfig : connectorConfigs) { - if ((Constants.PROPERTY_ACCOUNT_LOCK_ON_FAILURE.equals(connectorConfig.getName())) && + if ((ACCOUNT_LOCKED_PROPERTY.equals(connectorConfig.getName())) && !Boolean.parseBoolean(connectorConfig.getValue())) { return; } diff --git a/component/common/src/main/java/org/wso2/carbon/identity/smsotp/common/constant/Constants.java b/component/common/src/main/java/org/wso2/carbon/identity/smsotp/common/constant/Constants.java index 63e4130..5e419aa 100644 --- a/component/common/src/main/java/org/wso2/carbon/identity/smsotp/common/constant/Constants.java +++ b/component/common/src/main/java/org/wso2/carbon/identity/smsotp/common/constant/Constants.java @@ -51,10 +51,6 @@ public class Constants { public static final String SMS_OTP_SHOW_FAILURE_REASON = "smsOtp.showValidationFailureReason"; public static final String SMS_OTP_LOCK_ACCOUNT_ON_FAILED_ATTEMPTS = "smsOtp.lockAccountOnFailedAttempts"; - public static final String PROPERTY_LOGIN_FAIL_TIMEOUT_RATIO = "account.lock.handler.login.fail.timeout.ratio"; - public static final String PROPERTY_ACCOUNT_LOCK_ON_FAILURE = "account.lock.handler.enable"; - public static final String PROPERTY_ACCOUNT_LOCK_ON_FAILURE_MAX = "account.lock.handler.On.Failure.Max.Attempts"; - public static final String PROPERTY_ACCOUNT_LOCK_TIME = "account.lock.handler.Time"; public static final String SMS_OTP_FAILED_ATTEMPTS_CLAIM = "http://wso2.org/claims/identity/failedSmsOtpAttempts"; public static final String FAILED_LOGIN_LOCKOUT_COUNT_CLAIM = "http://wso2.org/claims/identity/failedLoginLockoutCount"; diff --git a/component/common/src/main/java/org/wso2/carbon/identity/smsotp/common/util/Utils.java b/component/common/src/main/java/org/wso2/carbon/identity/smsotp/common/util/Utils.java index 879ec3b..c58b99a 100644 --- a/component/common/src/main/java/org/wso2/carbon/identity/smsotp/common/util/Utils.java +++ b/component/common/src/main/java/org/wso2/carbon/identity/smsotp/common/util/Utils.java @@ -38,6 +38,11 @@ import java.util.Properties; import java.util.UUID; +import static org.wso2.carbon.identity.handler.event.account.lock.constants.AccountConstants.ACCOUNT_LOCKED_PROPERTY; +import static org.wso2.carbon.identity.handler.event.account.lock.constants.AccountConstants.ACCOUNT_UNLOCK_TIME_PROPERTY; +import static org.wso2.carbon.identity.handler.event.account.lock.constants.AccountConstants.FAILED_LOGIN_ATTEMPTS_PROPERTY; +import static org.wso2.carbon.identity.handler.event.account.lock.constants.AccountConstants.LOGIN_FAIL_TIMEOUT_RATIO_PROPERTY; + /** * Util functions for SMS OTP service. */ @@ -236,9 +241,8 @@ public static Property[] getAccountLockConnectorConfigs(String tenantDomain) thr try { return SMSOTPServiceDataHolder.getInstance().getIdentityGovernanceService().getConfiguration - (new String[]{Constants.PROPERTY_ACCOUNT_LOCK_ON_FAILURE, - Constants.PROPERTY_ACCOUNT_LOCK_ON_FAILURE_MAX, Constants.PROPERTY_ACCOUNT_LOCK_TIME, - Constants.PROPERTY_LOGIN_FAIL_TIMEOUT_RATIO}, tenantDomain); + (new String[]{ACCOUNT_LOCKED_PROPERTY, FAILED_LOGIN_ATTEMPTS_PROPERTY, ACCOUNT_UNLOCK_TIME_PROPERTY, + LOGIN_FAIL_TIMEOUT_RATIO_PROPERTY}, tenantDomain); } catch (IdentityGovernanceException e) { throw Utils.handleServerException(Constants.ErrorMessage.SERVER_ERROR_RETRIEVING_ACCOUNT_LOCK_CONFIGS, null, e);