Add Login since timestamps

49b17430 · ls1947 · 2ef5b6ac · 49b17430 · 49b17430 · 49b17430
Commit 49b17430 authored Jul 02, 2020 by ls1947
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/saml/SamlSpPostServiceImpl.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/saml/SamlSpPostServiceImpl.java
 package edu.kit.scc.webreg.service.saml;

+import java.time.Instant;
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
@@ -21,11 +22,15 @@ import org.slf4j.MDC;
 import edu.kit.scc.webreg.bootstrap.ApplicationConfig;
 import edu.kit.scc.webreg.dao.SamlIdpMetadataDao;
 import edu.kit.scc.webreg.dao.SamlUserDao;
+import edu.kit.scc.webreg.dao.UserLoginInfoDao;
 import edu.kit.scc.webreg.drools.impl.KnowledgeSessionSingleton;
 import edu.kit.scc.webreg.entity.SamlIdpMetadataEntity;
 import edu.kit.scc.webreg.entity.SamlIdpMetadataEntityStatus;
 import edu.kit.scc.webreg.entity.SamlSpConfigurationEntity;
 import edu.kit.scc.webreg.entity.SamlUserEntity;
+import edu.kit.scc.webreg.entity.UserLoginInfoEntity;
+import edu.kit.scc.webreg.entity.UserLoginInfoStatus;
+import edu.kit.scc.webreg.entity.UserLoginMethod;
 import edu.kit.scc.webreg.exc.UserUpdateException;
 import edu.kit.scc.webreg.service.impl.UserUpdater;
 import edu.kit.scc.webreg.service.saml.exc.SamlAuthenticationException;
@@ -44,6 +49,9 @@ public class SamlSpPostServiceImpl implements SamlSpPostService {
 	@Inject
 	private SamlUserDao userDao;
 	
+	@Inject
+	private UserLoginInfoDao userLoginInfoDao;
+
 	@Inject
 	private UserUpdater userUpdater;
 	
@@ -141,9 +149,18 @@ public class SamlSpPostServiceImpl implements SamlSpPostService {
 			}
 			
 			session.setUserId(user.getId());
+			session.setLoginTime(Instant.now());
 			session.setTheme(user.getTheme());
 			session.setLocale(user.getLocale());
 			
+			UserLoginInfoEntity loginInfo = userLoginInfoDao.createNew();
+			loginInfo.setUser(user);
+			loginInfo.setLoginDate(new Date());
+			loginInfo.setLoginMethod(UserLoginMethod.HOME_ORG);
+			loginInfo.setLoginStatus(UserLoginInfoStatus.SUCCESS);
+			loginInfo.setFrom(request.getRemoteAddr());
+			loginInfo = userLoginInfoDao.persist(loginInfo);
+			
 			if (session.getOriginalRequestPath() != null) {
 				String orig = session.getOriginalRequestPath();
 				session.setOriginalRequestPath(null);

--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/session/SessionManager.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/session/SessionManager.java
@@ -11,8 +11,8 @@
 package edu.kit.scc.webreg.session;

 import java.io.Serializable;
+import java.time.Instant;
 import java.util.ArrayList;
-import java.util.Date;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
@@ -68,7 +68,8 @@ public class SessionManager implements Serializable {
 	
 	private String locale;
 	
-	private Date twoFaElevation;
+	private Instant twoFaElevation;
+	private Instant loginTime;
 	
 	@PostConstruct
 	public void init() {
@@ -269,11 +270,19 @@ public class SessionManager implements Serializable {
 		return serviceSshPubKeyApproverList;
 	}

-	public Date getTwoFaElevation() {
+	public Instant getTwoFaElevation() {
 		return twoFaElevation;
 	}

-	public void setTwoFaElevation(Date twoFaElevation) {
+	public void setTwoFaElevation(Instant twoFaElevation) {
 		this.twoFaElevation = twoFaElevation;
 	}
+
+	public Instant getLoginTime() {
+		return loginTime;
+	}
+
+	public void setLoginTime(Instant loginTime) {
+		this.loginTime = loginTime;
+	}
 }
--- a/bwreg-webapp/src/main/java/edu/kit/scc/webreg/bean/TwoFaLoginBean.java
+++ b/bwreg-webapp/src/main/java/edu/kit/scc/webreg/bean/TwoFaLoginBean.java
@@ -12,7 +12,7 @@ package edu.kit.scc.webreg.bean;

 import java.io.IOException;
 import java.io.Serializable;
-import java.util.Date;
+import java.time.Instant;

 import javax.faces.bean.ManagedBean;
 import javax.faces.bean.ViewScoped;
@@ -80,7 +80,7 @@ public class TwoFaLoginBean implements Serializable {

 			if (response.getResult() != null && response.getResult().isStatus() && response.getResult().isValue()) {
 				// Succesfull check
-				sessionManager.setTwoFaElevation(new Date());
+				sessionManager.setTwoFaElevation(Instant.now());
 				userService.addLoginInfo(user.getId(), UserLoginMethod.TWOFA, UserLoginInfoStatus.SUCCESS, 
 						request.getRemoteAddr());
 				

--- a/bwreg-webapp/src/main/java/edu/kit/scc/webreg/sec/AuthorizationBean.java
+++ b/bwreg-webapp/src/main/java/edu/kit/scc/webreg/sec/AuthorizationBean.java
@@ -11,6 +11,8 @@
 package edu.kit.scc.webreg.sec;

 import java.io.Serializable;
+import java.time.Duration;
+import java.time.Instant;
 import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.List;
@@ -229,6 +231,39 @@ public class AuthorizationBean implements Serializable {
 	    }
 	}

+    public Duration getLoggedInSince() {
+    	if (sessionManager.getLoginTime() != null) {
+    		return Duration.between(sessionManager.getLoginTime(), Instant.now());
+    	}
+    	else {
+    		return null;
+    	}
+    }
+    
+    public Duration getTwoFaElevatedSince() {
+    	if (sessionManager.getTwoFaElevation() != null) {
+    		return Duration.between(sessionManager.getTwoFaElevation(), Instant.now());
+    	}
+    	else {
+    		return null;
+    	}
+    }
+
+    public Boolean isTwoFaElevated() {
+		long elevationTime = 5L * 60L * 1000L;
+		if (appConfig.getConfigValue("elevation_time") != null) {
+			elevationTime = Long.parseLong(appConfig.getConfigValue("elevation_time"));
+		}
+
+		if (sessionManager.getTwoFaElevation() != null &&
+				(System.currentTimeMillis() - sessionManager.getTwoFaElevation().toEpochMilli()) < elevationTime) {
+			return true;
+		}
+		else {
+			return false;
+		}
+    }
+    
    public boolean isUserInRole(String roleName) {
    	if (roleName.startsWith("ROLE_"))
    		roleName = roleName.substring(5);

--- a/bwreg-webapp/src/main/java/edu/kit/scc/webreg/sec/SecurityFilter.java
+++ b/bwreg-webapp/src/main/java/edu/kit/scc/webreg/sec/SecurityFilter.java
@@ -151,7 +151,7 @@ public class SecurityFilter implements Filter {
    				}
    				
    				if (session.getTwoFaElevation() != null &&
-							(System.currentTimeMillis() - session.getTwoFaElevation().getTime()) < elevationTime) {
+							(System.currentTimeMillis() - session.getTwoFaElevation().toEpochMilli()) < elevationTime) {
    					// user already elevated
        				chain.doFilter(servletRequest, servletResponse);
 					}
@@ -182,7 +182,7 @@ public class SecurityFilter implements Filter {
    				}

    				if (session.getTwoFaElevation() != null &&
-							(System.currentTimeMillis() - session.getTwoFaElevation().getTime()) < elevationTime) {
+							(System.currentTimeMillis() - session.getTwoFaElevation().toEpochMilli()) < elevationTime) {
    					// user already elevated
        				chain.doFilter(servletRequest, servletResponse);
 					}

--- a/bwreg-webapp/src/main/resources/msg/messages_de.properties
+++ b/bwreg-webapp/src/main/resources/msg/messages_de.properties
 my_twofa=Zweite Faktoren
+check=Pr\u00FCfen
+twofa_elevated_since_recently=Mit 2FA eben
+logged_in_since_recently=Eingeloggt seit eben
+twofa_login_text=Um die angeforderte Aktion durchzuf\u00FChren, muss ein zweiter Faktor eingegeben werden. Bitte geben Sie einen beliebigen zweiten Faktor aus der unten stehenden Liste ein um fortzufahren.
+twofa_login=Login mit zweiten Faktor
+twofa_code=Aktueller code
+login_status=Loginstatus
+logged_in_since_not_set=Keine Loginzeit
+logged_in_since=Eingeloggt seit
+minutes=Minuten
+twofa_elevated_since=Mit 2FA seit
+unknown=Unbekannt
 twofa_list=Liste zweiter Faktor
 accept_tou=Ich habe die Nutzungsbedingungen gelesen und bin einverstanden.
 set_ssh_pub_key=SSH Key setzen

--- a/bwreg-webapp/src/main/resources/msg/messages_en.properties
+++ b/bwreg-webapp/src/main/resources/msg/messages_en.properties
 my_twofa=Second factors
+twofa_login_text=To perform the requested action, a second factor must be entered. Please enter any second factor from the list below to continue.
+twofa_login=Login with second factor
+twofa_code=Current code
+check=Check
+twofa_elevated_since_recently=With 2FA recently
+logged_in_since_recently=Logged in recently
+login_status=Login status
+logged_in_since_not_set=No login time
+logged_in_since=Logged in for
+minutes=minutes
+twofa_elevated_since=With 2FA for
+unknown=Unknown
 twofa_list=List of second factors
 aa_entities=Attribute authorities
 set_ssh_pub_key=Set SSH Key

--- a/bwreg-webapp/src/main/webapp/template/left-side-bar-kit.xhtml
+++ b/bwreg-webapp/src/main/webapp/template/left-side-bar-kit.xhtml
@@ -6,7 +6,8 @@
 		xmlns:f="http://java.sun.com/jsf/core"
 		xmlns:h="http://java.sun.com/jsf/html"
 		xmlns:ui="http://java.sun.com/jsf/facelets"
-		xmlns:p="http://primefaces.org/ui">
+		xmlns:p="http://primefaces.org/ui"
+		xmlns:of="http://omnifaces.org/functions">
 <head>
 	<title>Left side bar</title>
 </head>
@@ -17,9 +18,40 @@
 	</h:panelGroup>
      
    <h:panelGroup rendered="#{sessionManager.isLoggedIn()}">
+    
      <div class="submenu">
 	    <div class="submenu-title">#{messages.user}</div>
 		<div class="submenu-content">
+          <div style="padding: 8px;">
+	      	#{messages.login_status}:<br/> 
+	      	<h:panelGroup rendered="#{empty authorizationBean.loggedInSince}">
+	      	  <div>
+		      	#{messages.logged_in_since_not_set} 
+		      </div>
+	      	</h:panelGroup>
+	      	<h:panelGroup rendered="#{not empty authorizationBean.loggedInSince and (authorizationBean.loggedInSince.toMinutes() gt 2)}">
+	      	  <div>
+		      	#{messages.logged_in_since} #{authorizationBean.loggedInSince.toMinutes()} #{messages.minutes}
+		      </div>
+	      	</h:panelGroup>
+	      	<h:panelGroup rendered="#{not empty authorizationBean.loggedInSince and (authorizationBean.loggedInSince.toMinutes() lt 2)}">
+	      	  <div>
+		      	#{messages.logged_in_since_recently}
+		      </div>
+	      	</h:panelGroup>
+	      	<h:panelGroup rendered="#{authorizationBean.isTwoFaElevated() and (authorizationBean.twoFaElevatedSince.toMinutes() gt 2)}">
+	      	  <div>
+		      	#{messages.twofa_elevated_since} #{authorizationBean.twoFaElevatedSince.toMinutes()} #{messages.minutes}
+		      </div>
+	      	</h:panelGroup>
+	      	<h:panelGroup rendered="#{authorizationBean.isTwoFaElevated() and (authorizationBean.twoFaElevatedSince.toMinutes() lt 2)}">
+	      	  <div>
+		      	#{messages.twofa_elevated_since_recently}
+		      </div>
+	      	</h:panelGroup>
+	      	
+		  </div>
+		  <hr style="border: 1px solid white;"/>
 		  <ul>
 	        <li><span class="ui-icon ui-icon-home" style="display:inline-block; vertical-align: bottom;" /><a href="#{request.contextPath}/index.xhtml">#{messages.index}</a></li>
            <li><span class="ui-icon ui-icon-star" style="display:inline-block; vertical-align: bottom;" />

--- a/bwreg-webapp/src/main/webapp/template/left-side-bar.xhtml
+++ b/bwreg-webapp/src/main/webapp/template/left-side-bar.xhtml
@@ -20,6 +20,36 @@
      <div class="submenu">
 	    <div class="submenu-title">#{messages.user}</div>
 		<div class="submenu-content">
+          <div style="padding: 8px;">
+	      	#{messages.login_status}:<br/> 
+	      	<h:panelGroup rendered="#{empty authorizationBean.loggedInSince}">
+	      	  <div>
+		      	#{messages.logged_in_since_not_set} 
+		      </div>
+	      	</h:panelGroup>
+	      	<h:panelGroup rendered="#{not empty authorizationBean.loggedInSince and (authorizationBean.loggedInSince.toMinutes() gt 2)}">
+	      	  <div>
+		      	#{messages.logged_in_since} #{authorizationBean.loggedInSince.toMinutes()} #{messages.minutes}
+		      </div>
+	      	</h:panelGroup>
+	      	<h:panelGroup rendered="#{not empty authorizationBean.loggedInSince and (authorizationBean.loggedInSince.toMinutes() lt 2)}">
+	      	  <div>
+		      	#{messages.logged_in_since_recently}
+		      </div>
+	      	</h:panelGroup>
+	      	<h:panelGroup rendered="#{authorizationBean.isTwoFaElevated() and (authorizationBean.twoFaElevatedSince.toMinutes() gt 2)}">
+	      	  <div>
+		      	#{messages.twofa_elevated_since} #{authorizationBean.twoFaElevatedSince.toMinutes()} #{messages.minutes}
+		      </div>
+	      	</h:panelGroup>
+	      	<h:panelGroup rendered="#{authorizationBean.isTwoFaElevated() and (authorizationBean.twoFaElevatedSince.toMinutes() lt 2)}">
+	      	  <div>
+		      	#{messages.twofa_elevated_since_recently}
+		      </div>
+	      	</h:panelGroup>
+	      	
+		  </div>
+		  <hr style="border: 1px solid white;"/>
 		  <ul>
 	        <li><span class="ui-icon ui-icon-home" style="display:inline-block; vertical-align: bottom;" /><a href="#{request.contextPath}/index.xhtml">#{messages.index}</a></li>
            <li><span class="ui-icon ui-icon-star" style="display:inline-block; vertical-align: bottom;" />

--- a/pom.xml
+++ b/pom.xml
@@ -78,7 +78,7 @@
 			<dependency>
 				<groupId>org.omnifaces</groupId>
 				<artifactId>omnifaces</artifactId>
-				<version>3.3</version>
+				<version>3.6.1</version>
 			</dependency>
 			<dependency>
 				<groupId>commons-fileupload</groupId>