fix for auditing of success/fail login

Evolveum · Jun 19, 2020 · 2e92a39 · 2e92a39
1 parent 3a5a3ad
commit 2e92a39
Show file tree

Hide file tree

Showing 7 changed files with 71 additions and 59 deletions.
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/prism/panel/ItemPanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/prism/panel/ItemPanel.java
@@ -63,7 +63,7 @@ protected void onInitialize() {
 
     private void initLayout() {
 
-        //ugly hack TODO FIME - prism context is lost during srialization/deserialization.. find better way how to do it.
+        //ugly hack TODO FIME - prism context is lost during serialization/deserialization.. find better way how to do it.
         if (getModelObject() != null) {
             getModelObject().revive(getPrismContext());
         }

diff --git a/.../src/main/java/com/evolveum/midpoint/model/impl/security/AuthenticationEvaluatorImpl.java b/.../src/main/java/com/evolveum/midpoint/model/impl/security/AuthenticationEvaluatorImpl.java
diff --git a/...main/java/com/evolveum/midpoint/model/impl/security/NonceAuthenticationEvaluatorImpl.java b/...main/java/com/evolveum/midpoint/model/impl/security/NonceAuthenticationEvaluatorImpl.java
@@ -31,7 +31,7 @@ public class NonceAuthenticationEvaluatorImpl extends AuthenticationEvaluatorImp
     protected void checkEnteredCredentials(ConnectionEnvironment connEnv,
             NonceAuthenticationContext authCtx) {
         if (StringUtils.isBlank(authCtx.getNonce())) {
-            recordAuthenticationFailure(authCtx.getUsername(), connEnv, "empty password provided");
+            recordAuthenticationBehavior(authCtx.getUsername(), null, connEnv, "empty password provided", authCtx.getPrincipalType(), false);
             throw new BadCredentialsException("web.security.provider.password.encoding");
         }
     }
@@ -50,7 +50,7 @@ protected NonceType getCredential(CredentialsType credentials) {
     protected void validateCredentialNotNull(ConnectionEnvironment connEnv,
             @NotNull MidPointPrincipal principal, NonceType credential) {
         if (credential.getValue() == null) {
-            recordAuthenticationBehavior(principal, connEnv,"no stored password value", false);
+            recordAuthenticationBehavior(principal.getUsername(), principal, connEnv,"no stored password value", principal.getFocus().getClass(), false);
             throw new AuthenticationCredentialsNotFoundException("web.security.provider.password.bad");
         }
     }

diff --git a/...n/java/com/evolveum/midpoint/model/impl/security/PasswordAuthenticationEvaluatorImpl.java b/...n/java/com/evolveum/midpoint/model/impl/security/PasswordAuthenticationEvaluatorImpl.java
@@ -28,7 +28,7 @@ public class PasswordAuthenticationEvaluatorImpl extends AuthenticationEvaluator
     @Override
     protected void checkEnteredCredentials(ConnectionEnvironment connEnv, PasswordAuthenticationContext authCtx) {
         if (StringUtils.isBlank(authCtx.getPassword())) {
-            recordAuthenticationFailure(authCtx.getUsername(), connEnv, "empty password provided");
+            recordAuthenticationBehavior(authCtx.getUsername(), null, connEnv, "empty password provided", authCtx.getPrincipalType(), false);
             throw new BadCredentialsException("web.security.provider.password.encoding");
         }
     }
@@ -50,7 +50,7 @@ protected void validateCredentialNotNull(ConnectionEnvironment connEnv,
         ProtectedStringType protectedString = credential.getValue();
 
         if (protectedString == null) {
-            recordAuthenticationBehavior(principal, connEnv, "no stored password value", false);
+            recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "no stored password value", principal.getFocus().getClass(), false);
             throw new AuthenticationCredentialsNotFoundException("web.security.provider.password.bad");
         }
 

diff --git a/...om/evolveum/midpoint/model/impl/security/SecurityQuestionAuthenticationEvaluatorImpl.java b/...om/evolveum/midpoint/model/impl/security/SecurityQuestionAuthenticationEvaluatorImpl.java
@@ -30,7 +30,7 @@ public class SecurityQuestionAuthenticationEvaluatorImpl
     protected void checkEnteredCredentials(ConnectionEnvironment connEnv,
             SecurityQuestionsAuthenticationContext authCtx) {
         if (MapUtils.isEmpty(authCtx.getQuestionAnswerMap())) {
-            recordAuthenticationFailure(authCtx.getUsername(), connEnv, "empty password provided");
+            recordAuthenticationBehavior(authCtx.getUsername(), null, connEnv, "empty password provided", authCtx.getPrincipalType(), false);
             throw new BadCredentialsException("web.security.provider.password.encoding");
         }
 
@@ -43,7 +43,7 @@ protected void checkEnteredCredentials(ConnectionEnvironment connEnv,
         }
 
         if (allBlank) {
-            recordAuthenticationFailure(authCtx.getUsername(), connEnv, "empty password provided");
+            recordAuthenticationBehavior(authCtx.getUsername(), null, connEnv, "empty password provided", authCtx.getPrincipalType(), false);
             throw new BadCredentialsException("web.security.provider.password.encoding");
         }
     }
@@ -64,7 +64,7 @@ protected void validateCredentialNotNull(ConnectionEnvironment connEnv,
         List<SecurityQuestionAnswerType> securityQuestionsAnswers = credential.getQuestionAnswer();
 
         if (securityQuestionsAnswers == null || securityQuestionsAnswers.isEmpty()) {
-            recordAuthenticationBehavior(principal, connEnv, "no stored security questions", false);
+            recordAuthenticationBehavior(principal.getUsername(),principal, connEnv, "no stored security questions", principal.getFocus().getClass(),false);
             throw new AuthenticationCredentialsNotFoundException("web.security.provider.password.bad");
         }
 

diff --git a/...t/java/com/evolveum/midpoint/model/impl/security/TestAbstractAuthenticationEvaluator.java b/...t/java/com/evolveum/midpoint/model/impl/security/TestAbstractAuthenticationEvaluator.java
@@ -240,7 +240,7 @@ public void test102PasswordLoginNullPasswordJack() throws Exception {
         PrismObject<UserType> userAfter = getUser(USER_JACK_OID);
         display("user after", userAfter);
         assertFailedLoginsForCredentials(userAfter, 1);
-        assertFailedLoginsForBehavior(userAfter, 1);
+        assertFailedLoginsForBehavior(userAfter, 2);
         assertUserLockout(userAfter, LockoutStatusType.NORMAL);
     }
 
@@ -268,7 +268,7 @@ public void test103PasswordLoginEmptyPasswordJack() throws Exception {
         PrismObject<UserType> userAfter = getUser(USER_JACK_OID);
         display("user after", userAfter);
         assertFailedLoginsForCredentials(userAfter, 1);
-        assertFailedLoginsForBehavior(userAfter, 1);
+        assertFailedLoginsForBehavior(userAfter, 3);
         assertUserLockout(userAfter, LockoutStatusType.NORMAL);
     }
 
@@ -370,7 +370,7 @@ public void test125PasswordLoginBadPasswordJackAfterLockoutFailedAttemptsDuratio
         PrismObject<UserType> userAfter = getUser(USER_JACK_OID);
         display("user after", userAfter);
         assertFailedLoginsForCredentials(userAfter, 1);
-        assertFailedLoginsForBehavior(userAfter, 2);
+        assertFailedLoginsForBehavior(userAfter, 4);
         assertLastFailedLogin(userAfter, startTs, endTs);
         assertUserLockout(userAfter, LockoutStatusType.NORMAL);
     }
@@ -397,7 +397,7 @@ public void test130PasswordLoginLockout() throws Exception {
         PrismObject<UserType> userBetween = getUser(USER_JACK_OID);
         display("user after", userBetween);
         assertFailedLoginsForCredentials(userBetween, 2);
-        assertFailedLoginsForBehavior(userBetween, 3);
+        assertFailedLoginsForBehavior(userBetween, 5);
         assertUserLockout(userBetween, LockoutStatusType.NORMAL);
 
         try {
@@ -419,7 +419,7 @@ public void test130PasswordLoginLockout() throws Exception {
         PrismObject<UserType> userAfter = getUser(USER_JACK_OID);
         display("user after", userAfter);
         assertFailedLoginsForCredentials(userAfter, 3);
-        assertFailedLoginsForBehavior(userAfter, 4);
+        assertFailedLoginsForBehavior(userAfter, 6);
         assertLastFailedLogin(userAfter, startTs, endTs);
         assertUserLockout(userAfter, LockoutStatusType.LOCKED);
     }
@@ -445,7 +445,7 @@ public void test132PasswordLoginLockedoutGoodPassword() throws Exception {
         PrismObject<UserType> userAfter = getUser(USER_JACK_OID);
         display("user after", userAfter);
         assertFailedLoginsForCredentials(userAfter, 3);
-        assertFailedLoginsForBehavior(userAfter, 5);
+        assertFailedLoginsForBehavior(userAfter, 7);
         assertUserLockout(userAfter, LockoutStatusType.LOCKED);
     }
 
@@ -473,7 +473,7 @@ public void test133PasswordLoginLockedoutBadPassword() throws Exception {
         PrismObject<UserType> userAfter = getUser(USER_JACK_OID);
         display("user after", userAfter);
         assertFailedLoginsForCredentials(userAfter, 3);
-        assertFailedLoginsForBehavior(userAfter, 6);
+        assertFailedLoginsForBehavior(userAfter, 8);
         assertUserLockout(userAfter, LockoutStatusType.LOCKED);
     }
 

diff --git a/...com/evolveum/midpoint/testing/schrodinger/page/LoginPageWithAuthenticationConfigTest.java b/...com/evolveum/midpoint/testing/schrodinger/page/LoginPageWithAuthenticationConfigTest.java
@@ -92,7 +92,7 @@ public void test030resetPassowordMailNonce() throws IOException, InterruptedExce
     }
 
     @Test
-    public void test031resetPassowordSecurityQuestion() {
+    public void test031resetPasswordSecurityQuestion() {
         basicPage.loggedUser().logoutIfUserIsLogin();
         FormLoginPage login = midPoint.formLogin();
         open("/login");