Commit 180cb14f authored by michael.simon's avatar michael.simon
Browse files

Add reset failcounter to token admin interface

parent 65c96d83
......@@ -53,5 +53,6 @@ public enum EventType {
TWOFA_ENABLED,
TWOFA_DISABLED,
TWOFA_DELETED,
TWOFA_RESET_FAILCOUNTER,
}
......@@ -36,4 +36,7 @@ public interface TwoFaService {
Boolean hasActiveTokenById(Long identityId) throws TwoFaException;
LinotpSimpleResponse resetFailcounter(IdentityEntity identity, String serial, String executor)
throws TwoFaException;
}
......@@ -418,6 +418,40 @@ public class TwoFaServiceImpl implements TwoFaService {
return response;
}
@Override
public LinotpSimpleResponse resetFailcounter(IdentityEntity identity, String serial, String executor) throws TwoFaException {
identity = identityDao.merge(identity);
TokenAuditor auditor = new TokenAuditor(auditEntryDao, auditDetailDao, appConfig);
auditor.startAuditTrail(executor, true);
auditor.setName(this.getClass().getName() + "-ResetFailcounter-Audit");
auditor.setIdentity(identity);
auditor.setDetail("Reset failcounter token " + serial + " for user " + identity.getId());
Map<String, String> configMap = configResolver.resolveConfig(identity);
LinotpConnection linotpConnection = new LinotpConnection(configMap);
linotpConnection.requestAdminSession();
LinotpSimpleResponse response = linotpConnection.resetFailcounter(serial);
auditor.logAction("" + identity.getId(), "RESET FAILCOUNTER", "serial-" + serial, "", AuditStatus.SUCCESS);
HashMap<String, Object> eventMap = new HashMap<String, Object>();
eventMap.put("identity", identity);
eventMap.put("respone", response);
eventMap.put("serial", serial);
TokenEvent event = new TokenEvent(eventMap);
try {
eventSubmitter.submit(event, EventType.TWOFA_RESET_FAILCOUNTER, executor);
} catch (EventSubmitException e) {
logger.warn("Could not submit event", e);
}
auditor.finishAuditTrail();
return response;
}
@Override
public LinotpSimpleResponse deleteToken(IdentityEntity identity, String serial, String executor) throws TwoFaException {
......
......@@ -411,6 +411,32 @@ public class LinotpConnection {
throw new TwoFaException(e);
}
}
public LinotpSimpleResponse resetFailcounter(String serial) throws TwoFaException {
try {
HttpPost httpPost = new HttpPost(configMap.get("url") + "/admin/reset");
List<NameValuePair> nvps = new ArrayList <NameValuePair>();
if (configMap.containsKey("realm"))
nvps.add(new BasicNameValuePair("realm", configMap.get("realm")));
nvps.add(new BasicNameValuePair("session", adminSession));
nvps.add(new BasicNameValuePair("serial", serial));
httpPost.setEntity(new UrlEncodedFormEntity(nvps));
CloseableHttpResponse response = httpClient.execute(targetHost, httpPost, context);
try {
HttpEntity entity = response.getEntity();
String responseString = EntityUtils.toString(entity);
logger.trace(responseString);
return resultParser.parseSimpleResponse(responseString);
} finally {
response.close();
}
} catch (ParseException | IOException e) {
throw new TwoFaException(e);
}
}
public LinotpShowUserResponse getTokenList() throws TwoFaException {
......
......@@ -138,6 +138,25 @@ public class TokenAdminIndexBean implements Serializable {
}
}
public void resetFailcounter(String serial) {
if (! getReadOnly()) {
try {
LinotpSimpleResponse response = twoFaService.resetFailcounter(selectedUser.getIdentity(), serial, "identity-" + session.getIdentityId());
userTokenList = twoFaService.findByIdentity(selectedUser.getIdentity());
if ((response.getResult() != null) && response.getResult().isStatus() &&
response.getResult().isValue()) {
messageGenerator.addInfoMessage("Info", "Token " + serial + " failcounter reset");
}
else {
messageGenerator.addWarningMessage("Warn", "Token " + serial + " failcounter could not be resetted");
}
} catch (TwoFaException e) {
logger.warn("TwoFaException", e);
messageGenerator.addErrorMessage("Error", e.toString());
}
}
}
public Boolean getReadOnly() {
if (userTokenList != null)
return userTokenList.getReadOnly();
......
......@@ -82,6 +82,9 @@
<h:outputText value="#{messages.twofa_tokentype_tanlist}" rendered="#{token.tokenType == 'HMAC'}"/>
<h:outputText value="#{messages.twofa_tokentype_yubikey}" rendered="#{token.tokenType == 'yubico'}"/>
</h:panelGroup>
<p:outputLabel for="@next" value="#{messages.twofa_fail_count}:" />
<h:outputText value="#{token.failCount}" />
<p:outputLabel for="@next" value="#{messages.twofa_active}:" />
<h:outputText value="#{token.isactive ? messages.yes : messages.no}" />
......@@ -90,9 +93,12 @@
<h:outputText value="#{messages.twofa_token_not_init}" style="color:red;" />
</p:panel>
<p:commandButton action="#{tokenAdminIndexBean.disableToken(token.serial)}" value="#{messages.disable}"
update="@form" rendered="#{token.isactive}"/>
update="@form" rendered="#{token.isactive}" style="font-size:75%;"/>
<p:commandButton action="#{tokenAdminIndexBean.enableToken(token.serial)}" value="#{messages.enable}"
update="@form" rendered="#{! token.isactive and (! token.tokenDesc.contains('INIT'))}"/>
update="@form" rendered="#{! token.isactive and (! token.tokenDesc.contains('INIT'))}" style="font-size:75%;"/>
<p:commandButton action="#{tokenAdminIndexBean.resetFailcounter(token.serial)}" value="#{messages.reset_failcounter}"
update="@form" style="font-size:75%;"/>
</p:outputPanel>
</p:panelGrid>
</p:panel>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment