Code development platform for open source projects from the European Union institutions :large_blue_circle: EU Login authentication by SMS will be completely phased out by mid-2025. To see alternatives please check here

Skip to content
Snippets Groups Projects
Commit d443d864 authored by Joze RIHTARSIC's avatar Joze RIHTARSIC
Browse files

small fixes

parent 2211d2bd
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/DBUserToUserROConverter.java
+ 1
1
View file @ d443d864
......@@ -48,7 +48,7 @@ public class DBUserToUserROConverter implements Converter<DBUser, UserRO> {
target.setLastTokenFailedLoginAttempt(source.getLastTokenFailedLoginAttempt());
target.setTokenSuspendedUtil(getSuspensionUntilDate(source.getLastTokenFailedLoginAttempt(),
source.getSequentialTokenLoginFailureCount(),
configurationService.getAccessTokenLoginFailDelayInMilliSeconds(),
configurationService.getAccessTokenLoginSuspensionTimeInSeconds(),
configurationService.getAccessTokenLoginMaxAttempts()));
target.setActive(source.isActive());
......
smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationProvider.java
+ 1
1
View file @ d443d864
......@@ -145,7 +145,7 @@ public class SMPAuthenticationProvider implements AuthenticationProvider {
try {
Optional<DBUser> oUsr = mUserDao.findUserByCertificateId(userToken, true);
if (!oUsr.isPresent()) {
if (!oUsr.isPresent() || !oUsr.get().isActive() ) {
LOG.securityWarn(SMPMessageCode.SEC_USER_NOT_EXISTS, userToken);
//https://www.owasp.org/index.php/Authentication_Cheat_Sheet
// Do not reveal the status of an existing account. Not to use UsernameNotFoundException
......
smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationProviderForUI.java
+ 1
2
View file @ d443d864
......@@ -91,7 +91,7 @@ public class SMPAuthenticationProviderForUI implements AuthenticationProvider {
DBUser user;
try {
Optional<DBUser> oUsr = mUserDao.findUserByUsername(username);
if (!oUsr.isPresent()) {
if (!oUsr.isPresent() || !oUsr.get().isActive() ){
LOG.debug("User with username does not exists [{}], continue with next authentication provider");
LOG.securityWarn(SMPMessageCode.SEC_INVALID_PASSWORD, "Username does not exits", username);
delayResponse(startTime);
......@@ -107,7 +107,6 @@ public class SMPAuthenticationProviderForUI implements AuthenticationProvider {
LOG.securityWarn(SMPMessageCode.SEC_USER_NOT_AUTHENTICATED, username, ExceptionUtils.getRootCause(ex), ex);
delayResponse(startTime);
throw BAD_CREDENTIALS_EXCEPTION;
}
validateIfUserAccountIsSuspended(user, startTime);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

For further information about the platform and support, please see https://code.europa.eu/info/about