Commit 76bddff3 authored by ls1947's avatar ls1947
Browse files

Inspect both twofa and local login methods

Before release ssh-key inspect both login methods. Not only twofa.
parent 2a58d66c
......@@ -13,6 +13,7 @@ package edu.kit.scc.webreg.dao;
import java.util.List;
import edu.kit.scc.webreg.entity.UserLoginInfoEntity;
import edu.kit.scc.webreg.entity.UserLoginMethod;
public interface UserLoginInfoDao extends BaseDao<UserLoginInfoEntity, Long> {
......@@ -20,6 +21,6 @@ public interface UserLoginInfoDao extends BaseDao<UserLoginInfoEntity, Long> {
List<UserLoginInfoEntity> findByRegistry(Long registryId);
UserLoginInfoEntity findByRegistryTwofaSuccess(Long registryId);
UserLoginInfoEntity findLastByRegistryAndMethod(Long registryId, UserLoginMethod method);
}
......@@ -14,7 +14,6 @@ import java.util.List;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Named;
import javax.persistence.NoResultException;
import edu.kit.scc.webreg.dao.UserLoginInfoDao;
import edu.kit.scc.webreg.entity.UserLoginInfoEntity;
......@@ -40,12 +39,12 @@ public class JpaUserLoginInfoDao extends JpaBaseDao<UserLoginInfoEntity, Long> i
@Override
@SuppressWarnings("unchecked")
public UserLoginInfoEntity findByRegistryTwofaSuccess(Long registryId) {
public UserLoginInfoEntity findLastByRegistryAndMethod(Long registryId, UserLoginMethod method) {
List<UserLoginInfoEntity> list = em.createQuery(
"select e from UserLoginInfoEntity e where e.registry.id = :registryId "
+ "and e.loginMethod = :loginMethod order by e.loginDate desc")
.setParameter("registryId", registryId)
.setParameter("loginMethod", UserLoginMethod.TWOFA)
.setParameter("loginMethod", method)
.setMaxResults(1)
.getResultList();
if (list.size() == 0) {
......
......@@ -21,6 +21,7 @@ import edu.kit.scc.webreg.entity.SshPubKeyRegistryEntity;
import edu.kit.scc.webreg.entity.UserEntity;
import edu.kit.scc.webreg.entity.UserLoginInfoEntity;
import edu.kit.scc.webreg.entity.UserLoginInfoStatus;
import edu.kit.scc.webreg.entity.UserLoginMethod;
import edu.kit.scc.webreg.exc.NoRegistryFoundException;
import edu.kit.scc.webreg.exc.NoUserFoundException;
import edu.kit.scc.webreg.exc.RestInterfaceException;
......@@ -67,9 +68,11 @@ public class SshLoginServiceImpl implements SshLoginService {
if (service.getServiceProps().containsKey("twofa") &&
service.getServiceProps().get("twofa").equalsIgnoreCase("enabled")) {
UserLoginInfoEntity loginInfo = userLoginInfoDao.findByRegistryTwofaSuccess(registry.getId());
UserLoginInfoEntity twofaLoginInfo = userLoginInfoDao.findLastByRegistryAndMethod(registry.getId(), UserLoginMethod.TWOFA);
UserLoginInfoEntity localLoginInfo = userLoginInfoDao.findLastByRegistryAndMethod(registry.getId(), UserLoginMethod.LOCAL);
if (loginInfo != null && loginInfo.getLoginStatus().equals(UserLoginInfoStatus.SUCCESS)) {
if (twofaLoginInfo != null && twofaLoginInfo.getLoginStatus().equals(UserLoginInfoStatus.SUCCESS) &&
localLoginInfo != null && localLoginInfo.getLoginStatus().equals(UserLoginInfoStatus.SUCCESS)) {
// check expiry for twofa
Long expiry = 60L * 60L * 1000L;
......@@ -77,7 +80,8 @@ public class SshLoginServiceImpl implements SshLoginService {
expiry = Long.parseLong(service.getServiceProps().get("twofa_expiry"));
}
if ((System.currentTimeMillis() - loginInfo.getLoginDate().getTime()) < expiry) {
if ((System.currentTimeMillis() - twofaLoginInfo.getLoginDate().getTime()) < expiry &&
(System.currentTimeMillis() - localLoginInfo.getLoginDate().getTime()) < expiry) {
List<SshPubKeyRegistryEntity> regKeyList = sshPubKeyRegistryDao.findByRegistryForInteractiveLogin(registry.getId());
return buildKeyList(regKeyList, user);
}
......@@ -135,9 +139,11 @@ public class SshLoginServiceImpl implements SshLoginService {
if (service.getServiceProps().containsKey("twofa") &&
service.getServiceProps().get("twofa").equalsIgnoreCase("enabled")) {
UserLoginInfoEntity loginInfo = userLoginInfoDao.findByRegistryTwofaSuccess(registry.getId());
UserLoginInfoEntity twofaLoginInfo = userLoginInfoDao.findLastByRegistryAndMethod(registry.getId(), UserLoginMethod.TWOFA);
UserLoginInfoEntity localLoginInfo = userLoginInfoDao.findLastByRegistryAndMethod(registry.getId(), UserLoginMethod.LOCAL);
if (loginInfo != null && loginInfo.getLoginStatus().equals(UserLoginInfoStatus.SUCCESS)) {
if (twofaLoginInfo != null && twofaLoginInfo.getLoginStatus().equals(UserLoginInfoStatus.SUCCESS) &&
localLoginInfo != null && localLoginInfo.getLoginStatus().equals(UserLoginInfoStatus.SUCCESS)) {
// check expiry for twofa
Long expiry = 60L * 60L * 1000L;
......@@ -145,7 +151,8 @@ public class SshLoginServiceImpl implements SshLoginService {
expiry = Long.parseLong(service.getServiceProps().get("twofa_expiry"));
}
if ((System.currentTimeMillis() - loginInfo.getLoginDate().getTime()) < expiry) {
if ((System.currentTimeMillis() - twofaLoginInfo.getLoginDate().getTime()) < expiry &&
(System.currentTimeMillis() - localLoginInfo.getLoginDate().getTime()) < expiry) {
List<SshPubKeyRegistryEntity> regKeyList = sshPubKeyRegistryDao.findByRegistryForLogin(registry.getId());
return buildKeyList(regKeyList, user);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment