Credential Lockout Policy fix

fixes #855, fixes #856, fixes #857 Signed-off-by: Claudio Mezzasalma <claudio.mezzasalma@eurotech.com>
eclipse-kapua · Nov 7, 2017 · 625e777 · 625e777
1 parent 0dded69
commit 625e777
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/.../java/org/eclipse/kapua/service/authentication/shiro/realm/ApiKeyAuthenticatingRealm.java b/.../java/org/eclipse/kapua/service/authentication/shiro/realm/ApiKeyAuthenticatingRealm.java
@@ -173,7 +173,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authent
         // Check if lockout policy is blocking credential
         Map<String, Object> credentialServiceConfig;
         try {
-            credentialServiceConfig = KapuaSecurityUtils.doPrivileged(() -> credentialService.getConfigValues(account.getScopeId()));
+            credentialServiceConfig = KapuaSecurityUtils.doPrivileged(() -> credentialService.getConfigValues(account.getId()));
             boolean lockoutPolicyEnabled = (boolean) credentialServiceConfig.get("lockoutPolicy.enabled");
             if (lockoutPolicyEnabled) {
                 Date now = new Date();
@@ -240,6 +240,7 @@ protected void assertCredentialsMatch(AuthenticationToken authcToken, Authentica
         Credential credential = (Credential) kapuaInfo.getCredentials();
         credential.setFirstLoginFailure(null);
         credential.setLoginFailuresReset(null);
+        credential.setLockoutReset(null);
         credential.setLoginFailures(0);
         try {
             KapuaSecurityUtils.doPrivileged(() -> credentialService.update(credential));

diff --git a/...ava/org/eclipse/kapua/service/authentication/shiro/realm/UserPassAuthenticatingRealm.java b/...ava/org/eclipse/kapua/service/authentication/shiro/realm/UserPassAuthenticatingRealm.java
@@ -178,7 +178,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authent
         // Check if lockout policy is blocking credential
         Map<String, Object> credentialServiceConfig;
         try {
-            credentialServiceConfig = KapuaSecurityUtils.doPrivileged(() -> credentialService.getConfigValues(account.getScopeId()));
+            credentialServiceConfig = KapuaSecurityUtils.doPrivileged(() -> credentialService.getConfigValues(account.getId()));
             boolean lockoutPolicyEnabled = (boolean) credentialServiceConfig.get("lockoutPolicy.enabled");
             if (lockoutPolicyEnabled) {
                 Date now = new Date();
@@ -245,6 +245,7 @@ protected void assertCredentialsMatch(AuthenticationToken authcToken, Authentica
         Credential credential = (Credential) kapuaInfo.getCredentials();
         credential.setFirstLoginFailure(null);
         credential.setLoginFailuresReset(null);
+        credential.setLockoutReset(null);
         credential.setLoginFailures(0);
         try {
             KapuaSecurityUtils.doPrivileged(() -> credentialService.update(credential));