From 2e92a39b33e2d06815b05d56176d073654b7f13d Mon Sep 17 00:00:00 2001 From: lskublik Date: Fri, 19 Jun 2020 14:07:09 +0200 Subject: [PATCH] fix for auditing of success/fail login --- .../gui/impl/prism/panel/ItemPanel.java | 2 +- .../security/AuthenticationEvaluatorImpl.java | 98 +++++++++++-------- .../NonceAuthenticationEvaluatorImpl.java | 4 +- .../PasswordAuthenticationEvaluatorImpl.java | 4 +- ...tyQuestionAuthenticationEvaluatorImpl.java | 6 +- .../TestAbstractAuthenticationEvaluator.java | 14 +-- ...LoginPageWithAuthenticationConfigTest.java | 2 +- 7 files changed, 71 insertions(+), 59 deletions(-) diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/prism/panel/ItemPanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/prism/panel/ItemPanel.java index de8b0bde9c4..7de5d415353 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/prism/panel/ItemPanel.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/prism/panel/ItemPanel.java @@ -63,7 +63,7 @@ protected void onInitialize() { private void initLayout() { - //ugly hack TODO FIME - prism context is lost during srialization/deserialization.. find better way how to do it. + //ugly hack TODO FIME - prism context is lost during serialization/deserialization.. find better way how to do it. if (getModelObject() != null) { getModelObject().revive(getPrismContext()); } diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/AuthenticationEvaluatorImpl.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/AuthenticationEvaluatorImpl.java index 85e0353279c..41f9964ba74 100644 --- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/AuthenticationEvaluatorImpl.java +++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/AuthenticationEvaluatorImpl.java @@ -7,7 +7,6 @@ package com.evolveum.midpoint.model.impl.security; import java.util.Collection; -import java.util.List; import javax.xml.datatype.Duration; import javax.xml.datatype.XMLGregorianCalendar; @@ -19,7 +18,6 @@ import com.evolveum.midpoint.prism.equivalence.ParameterizedEquivalenceStrategy; import com.evolveum.midpoint.security.api.*; -import com.evolveum.midpoint.util.QNameUtil; import org.apache.commons.lang.StringUtils; import org.jetbrains.annotations.NotNull; import org.springframework.beans.factory.annotation.Autowired; @@ -108,17 +106,17 @@ public UsernamePasswordAuthenticationToken authenticate(ConnectionEnvironment co if (checkCredentials(principal, authnCtx, connEnv)) { if(AuthenticationEvaluatorUtil.checkRequiredAssignment(focusType.getAssignment(), authnCtx.getRequireAssignments())){ - recordAuthenticationBehavior(principal, connEnv, null, true); - recordPasswordAuthenticationSuccess(principal, connEnv, getCredential(credentials)); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, null, authnCtx.getPrincipalType(), true); + recordPasswordAuthenticationSuccess(principal, connEnv, getCredential(credentials), false); return new UsernamePasswordAuthenticationToken(principal, authnCtx.getEnteredCredential(), principal.getAuthorities()); } else { - recordAuthenticationBehavior(principal, connEnv, "not contains required assignment", false); - recordPasswordAuthenticationFailure(principal, connEnv, getCredential(credentials), credentialsPolicy, "not contains required assignment"); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "not contains required assignment", authnCtx.getPrincipalType(), false); + recordPasswordAuthenticationFailure(principal, connEnv, getCredential(credentials), credentialsPolicy, "not contains required assignment", false); throw new InternalAuthenticationServiceException("web.security.flexAuth.invalid.required.assignment"); } } else { - recordAuthenticationBehavior(principal, connEnv, "password mismatch", false); - recordPasswordAuthenticationFailure(principal, connEnv, getCredential(credentials), credentialsPolicy, "password mismatch"); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "password mismatch", authnCtx.getPrincipalType(), false); + recordPasswordAuthenticationFailure(principal, connEnv, getCredential(credentials), credentialsPolicy, "password mismatch", false); throw new BadCredentialsException("web.security.provider.invalid"); } } @@ -138,12 +136,12 @@ public FocusType checkCredentials(ConnectionEnvironment connEnv, T authnCtx) CredentialPolicyType credentialsPolicy = getCredentialsPolicy(principal, authnCtx); if (checkCredentials(principal, authnCtx, connEnv)) { - recordAuthenticationBehavior(principal, connEnv, "password mismatch", true); - recordPasswordAuthenticationSuccess(principal, connEnv, getCredential(credentials)); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "password mismatch", authnCtx.getPrincipalType(), true); + recordPasswordAuthenticationSuccess(principal, connEnv, getCredential(credentials), false); return focusType; } else { - recordAuthenticationBehavior(principal, connEnv, "password mismatch", false); - recordPasswordAuthenticationFailure(principal, connEnv, getCredential(credentials), credentialsPolicy, "password mismatch"); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "password mismatch", authnCtx.getPrincipalType(), false); + recordPasswordAuthenticationFailure(principal, connEnv, getCredential(credentials), credentialsPolicy, "password mismatch", false); throw new BadCredentialsException("web.security.provider.invalid"); } @@ -154,7 +152,7 @@ private boolean checkCredentials(MidPointPrincipal principal, T authnCtx, Connec FocusType focusType = principal.getFocus(); CredentialsType credentials = focusType.getCredentials(); if (credentials == null || getCredential(credentials) == null) { - recordAuthenticationBehavior(principal, connEnv, "no credentials in user", false); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "no credentials in user", authnCtx.getPrincipalType(), false); throw new AuthenticationCredentialsNotFoundException("web.security.provider.invalid"); } @@ -162,14 +160,14 @@ private boolean checkCredentials(MidPointPrincipal principal, T authnCtx, Connec // Lockout if (isLockedOut(getCredential(credentials), credentialsPolicy)) { - recordAuthenticationBehavior(principal, connEnv, "password locked-out", false); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "password locked-out", authnCtx.getPrincipalType(), false); throw new LockedException("web.security.provider.locked"); } if (supportsAuthzCheck()) { // Authorizations if (!hasAnyAuthorization(principal)) { - recordAuthenticationBehavior(principal, connEnv, "no authorizations", false); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "no authorizations", authnCtx.getPrincipalType(),false); throw new DisabledException("web.security.provider.access.denied"); } } @@ -209,7 +207,7 @@ public String getAndCheckUserPassword(ConnectionEnvironment connEnv, String user FocusType focusType = principal.getFocus(); CredentialsType credentials = focusType.getCredentials(); if (credentials == null) { - recordAuthenticationBehavior(principal, connEnv, "no credentials in user", false); + recordAuthenticationBehavior(username, null, connEnv, "no credentials in user", FocusType.class, false); throw new AuthenticationCredentialsNotFoundException("web.security.provider.invalid"); } PasswordType passwordType = credentials.getPassword(); @@ -218,13 +216,13 @@ public String getAndCheckUserPassword(ConnectionEnvironment connEnv, String user // Lockout if (isLockedOut(passwordType, passwordCredentialsPolicy)) { - recordAuthenticationBehavior(principal, connEnv, "password locked-out", false); + recordAuthenticationBehavior(username, null, connEnv, "password locked-out", FocusType.class,false); throw new LockedException("web.security.provider.locked"); } // Authorizations if (!hasAnyAuthorization(principal)) { - recordAuthenticationBehavior(principal, connEnv, "no authorizations", false); + recordAuthenticationBehavior(username, null, connEnv, "no authorizations", FocusType.class,false); throw new InternalAuthenticationServiceException("web.security.provider.access.denied"); } @@ -242,17 +240,16 @@ public PreAuthenticatedAuthenticationToken authenticateUserPreAuthenticated(Conn // Authorizations if (!hasAnyAuthorization(principal)) { - recordAuthenticationBehavior(principal, connEnv, "no authorizations", false); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "no authorizations", authnCtx.getPrincipalType(), false); throw new InternalAuthenticationServiceException("web.security.provider.access.denied"); } if(AuthenticationEvaluatorUtil.checkRequiredAssignment(principal.getFocus().getAssignment(), authnCtx.getRequireAssignments())){ PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal, null, principal.getAuthorities()); - recordAuthenticationBehavior(principal, connEnv, null, true); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, null, authnCtx.getPrincipalType(), true); return token; } else { - recordAuthenticationBehavior(principal, connEnv, "not contains required assignment", false); - recordAuthenticationFailure(principal.getUsername(), connEnv,"not contains required assignment"); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "not contains required assignment", authnCtx.getPrincipalType(), false); throw new InternalAuthenticationServiceException("web.security.flexAuth.invalid.required.assignment"); } } @@ -291,12 +288,12 @@ private MidPointPrincipal getAndCheckPrincipal(ConnectionEnvironment connEnv, St if (principal == null) { - recordAuthenticationFailure(enteredUsername, connEnv, "no focus"); + recordAuthenticationBehavior(enteredUsername, null, connEnv, "no focus", clazz, false); throw new UsernameNotFoundException("web.security.provider.invalid"); } if (supportsActivationCheck && !principal.isEnabled()) { - recordAuthenticationBehavior(principal, connEnv, "focus disabled", false); + recordAuthenticationBehavior(enteredUsername, principal, connEnv, "focus disabled", clazz, false); throw new DisabledException("web.security.provider.disabled"); } return principal; @@ -318,7 +315,7 @@ private boolean hasAnyAuthorization(MidPointPrincipal principal) { private

void checkPasswordValidityAndAge(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, C credentials, P passwordCredentialsPolicy) { if (credentials == null) { - recordAuthenticationBehavior(principal, connEnv, "no stored credential value", false); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "no stored credential value", principal.getFocus().getClass(), false); throw new AuthenticationCredentialsNotFoundException("web.security.provider.credential.bad"); } @@ -335,7 +332,7 @@ private

void checkPasswordValidityAndAge(Connec if (changeTimestamp != null) { XMLGregorianCalendar passwordValidUntil = XmlTypeConverter.addDuration(changeTimestamp, maxAge); if (clock.isPast(passwordValidUntil)) { - recordAuthenticationBehavior(principal, connEnv, "password expired", false); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "password expired", principal.getFocus().getClass(), false); throw new CredentialsExpiredException("web.security.provider.credential.expired"); } } @@ -345,7 +342,7 @@ private

void checkPasswordValidityAndAge(Connec private void checkPasswordValidityAndAge(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, ProtectedStringType protectedString, MetadataType passwordMetadata, CredentialPolicyType passwordCredentialsPolicy) { if (protectedString == null) { - recordAuthenticationBehavior(principal, connEnv, "no stored password value", false); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "no stored password value", principal.getFocus().getClass(), false); throw new AuthenticationCredentialsNotFoundException("web.security.provider.password.bad"); } if (passwordCredentialsPolicy == null) { @@ -357,7 +354,7 @@ private void checkPasswordValidityAndAge(ConnectionEnvironment connEnv, @NotNull if (changeTimestamp != null) { XMLGregorianCalendar passwordValidUntil = XmlTypeConverter.addDuration(changeTimestamp, maxAge); if (clock.isPast(passwordValidUntil)) { - recordAuthenticationBehavior(principal, connEnv, "password expired", false); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "password expired", principal.getFocus().getClass(), false); throw new CredentialsExpiredException("web.security.provider.credential.expired"); } } @@ -383,7 +380,7 @@ protected boolean decryptAndMatch(ConnectionEnvironment connEnv, @NotNull MidPoi // But that would be too hard for system administrator to figure out what is going on - especially // if the administrator himself cannot log in. Therefore explicitly log those errors here. LOGGER.error("Error dealing with credentials of user \"{}\" credentials: {}", principal.getUsername(), e.getMessage()); - recordAuthenticationBehavior(principal, connEnv, "error decrypting password: "+e.getMessage(), false); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "error decrypting password: "+e.getMessage(), principal.getFocus().getClass(), false); throw new AuthenticationServiceException("web.security.provider.unavailable", e); } } @@ -394,7 +391,7 @@ protected String getDecryptedValue(ConnectionEnvironment connEnv, @NotNull MidPo try { decryptedPassword = protector.decryptString(protectedString); } catch (EncryptionException e) { - recordAuthenticationBehavior(principal, connEnv, "error decrypting password: "+e.getMessage(), false); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "error decrypting password: "+e.getMessage(), principal.getFocus().getClass(), false); throw new AuthenticationServiceException("web.security.provider.unavailable", e); } } else { @@ -411,7 +408,7 @@ private String getPassword(ConnectionEnvironment connEnv, @NotNull MidPointPrinc try { decryptedPassword = protector.decryptString(protectedString); } catch (EncryptionException e) { - recordAuthenticationBehavior(principal, connEnv, "error decrypting password: "+e.getMessage(), false); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "error decrypting password: "+e.getMessage(), principal.getFocus().getClass(), false); throw new AuthenticationServiceException("web.security.provider.unavailable", e); } } else { @@ -453,8 +450,8 @@ private boolean isLockoutExpired(AbstractCredentialType credentialsType, Credent return clock.isPast(lockedUntilTimestamp); } - public void recordPasswordAuthenticationSuccess(@NotNull MidPointPrincipal principal, @NotNull ConnectionEnvironment connEnv, - @NotNull AuthenticationBehavioralDataType passwordType) { + protected void recordPasswordAuthenticationSuccess(@NotNull MidPointPrincipal principal, @NotNull ConnectionEnvironment connEnv, + @NotNull AuthenticationBehavioralDataType passwordType, boolean audit) { FocusType focusBefore = principal.getFocus().clone(); Integer failedLogins = passwordType.getFailedLogins(); if (failedLogins != null && failedLogins > 0) { @@ -474,25 +471,38 @@ public void recordPasswordAuthenticationSuccess(@NotNull MidPointPrincipal princ } focusProfileService.updateFocus(principal, computeModifications(focusBefore, principal.getFocus())); - recordAuthenticationSuccess(principal, connEnv); + if (audit) { + recordAuthenticationSuccess(principal, connEnv); + } } private void recordAuthenticationSuccess(@NotNull MidPointPrincipal principal, @NotNull ConnectionEnvironment connEnv) { securityHelper.auditLoginSuccess(principal.getFocus(), connEnv); } - public void recordAuthenticationBehavior(@NotNull MidPointPrincipal principal, @NotNull ConnectionEnvironment connEnv, - String reason, boolean isSuccess) { - AuthenticationBehavioralDataType behavior = AuthenticationEvaluatorUtil.getBehavior(principal.getFocus()); - if(isSuccess) { - recordPasswordAuthenticationSuccess(principal, connEnv, behavior); + public void recordAuthenticationBehavior(String username, MidPointPrincipal principal, @NotNull ConnectionEnvironment connEnv, + String reason, Class focusType, boolean isSuccess) { + if (principal == null && focusType != null) { + try { + principal = focusProfileService.getPrincipal(username, focusType); + } catch (Exception e) { + //ignore if non-exist + } + } + if (principal != null) { + AuthenticationBehavioralDataType behavior = AuthenticationEvaluatorUtil.getBehavior(principal.getFocus()); + if (isSuccess) { + recordPasswordAuthenticationSuccess(principal, connEnv, behavior, true); + } else { + recordPasswordAuthenticationFailure(principal, connEnv, behavior, null, reason, true); + } } else { - recordPasswordAuthenticationFailure(principal, connEnv, behavior, null, reason); + recordAuthenticationFailure(username, connEnv, reason); } } - public void recordPasswordAuthenticationFailure(@NotNull MidPointPrincipal principal, @NotNull ConnectionEnvironment connEnv, - @NotNull AuthenticationBehavioralDataType passwordType, CredentialPolicyType credentialsPolicy, String reason) { + protected void recordPasswordAuthenticationFailure(@NotNull MidPointPrincipal principal, @NotNull ConnectionEnvironment connEnv, + @NotNull AuthenticationBehavioralDataType passwordType, CredentialPolicyType credentialsPolicy, String reason, boolean audit) { FocusType focusBefore = principal.getFocus().clone(); Integer failedLogins = passwordType.getFailedLogins(); LoginEventType lastFailedLogin = passwordType.getLastFailedLogin(); @@ -543,7 +553,9 @@ public void recordPasswordAuthenticationFailure(@NotNull MidPointPrincipal princ } focusProfileService.updateFocus(principal, computeModifications(focusBefore, principal.getFocus())); - recordAuthenticationFailure(principal, connEnv, reason); + if (audit) { + recordAuthenticationFailure(principal, connEnv, reason); + } } protected void recordAuthenticationFailure(@NotNull MidPointPrincipal principal, ConnectionEnvironment connEnv, String reason) { diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/NonceAuthenticationEvaluatorImpl.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/NonceAuthenticationEvaluatorImpl.java index b0ca67da057..774726fdfc8 100644 --- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/NonceAuthenticationEvaluatorImpl.java +++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/NonceAuthenticationEvaluatorImpl.java @@ -31,7 +31,7 @@ public class NonceAuthenticationEvaluatorImpl extends AuthenticationEvaluatorImp protected void checkEnteredCredentials(ConnectionEnvironment connEnv, NonceAuthenticationContext authCtx) { if (StringUtils.isBlank(authCtx.getNonce())) { - recordAuthenticationFailure(authCtx.getUsername(), connEnv, "empty password provided"); + recordAuthenticationBehavior(authCtx.getUsername(), null, connEnv, "empty password provided", authCtx.getPrincipalType(), false); throw new BadCredentialsException("web.security.provider.password.encoding"); } } @@ -50,7 +50,7 @@ protected NonceType getCredential(CredentialsType credentials) { protected void validateCredentialNotNull(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, NonceType credential) { if (credential.getValue() == null) { - recordAuthenticationBehavior(principal, connEnv,"no stored password value", false); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv,"no stored password value", principal.getFocus().getClass(), false); throw new AuthenticationCredentialsNotFoundException("web.security.provider.password.bad"); } } diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/PasswordAuthenticationEvaluatorImpl.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/PasswordAuthenticationEvaluatorImpl.java index b557287532c..aacc389996c 100644 --- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/PasswordAuthenticationEvaluatorImpl.java +++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/PasswordAuthenticationEvaluatorImpl.java @@ -28,7 +28,7 @@ public class PasswordAuthenticationEvaluatorImpl extends AuthenticationEvaluator @Override protected void checkEnteredCredentials(ConnectionEnvironment connEnv, PasswordAuthenticationContext authCtx) { if (StringUtils.isBlank(authCtx.getPassword())) { - recordAuthenticationFailure(authCtx.getUsername(), connEnv, "empty password provided"); + recordAuthenticationBehavior(authCtx.getUsername(), null, connEnv, "empty password provided", authCtx.getPrincipalType(), false); throw new BadCredentialsException("web.security.provider.password.encoding"); } } @@ -50,7 +50,7 @@ protected void validateCredentialNotNull(ConnectionEnvironment connEnv, ProtectedStringType protectedString = credential.getValue(); if (protectedString == null) { - recordAuthenticationBehavior(principal, connEnv, "no stored password value", false); + recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "no stored password value", principal.getFocus().getClass(), false); throw new AuthenticationCredentialsNotFoundException("web.security.provider.password.bad"); } diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/SecurityQuestionAuthenticationEvaluatorImpl.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/SecurityQuestionAuthenticationEvaluatorImpl.java index 3ab9b1f30c8..28dc524abd8 100644 --- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/SecurityQuestionAuthenticationEvaluatorImpl.java +++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/SecurityQuestionAuthenticationEvaluatorImpl.java @@ -30,7 +30,7 @@ public class SecurityQuestionAuthenticationEvaluatorImpl protected void checkEnteredCredentials(ConnectionEnvironment connEnv, SecurityQuestionsAuthenticationContext authCtx) { if (MapUtils.isEmpty(authCtx.getQuestionAnswerMap())) { - recordAuthenticationFailure(authCtx.getUsername(), connEnv, "empty password provided"); + recordAuthenticationBehavior(authCtx.getUsername(), null, connEnv, "empty password provided", authCtx.getPrincipalType(), false); throw new BadCredentialsException("web.security.provider.password.encoding"); } @@ -43,7 +43,7 @@ protected void checkEnteredCredentials(ConnectionEnvironment connEnv, } if (allBlank) { - recordAuthenticationFailure(authCtx.getUsername(), connEnv, "empty password provided"); + recordAuthenticationBehavior(authCtx.getUsername(), null, connEnv, "empty password provided", authCtx.getPrincipalType(), false); throw new BadCredentialsException("web.security.provider.password.encoding"); } } @@ -64,7 +64,7 @@ protected void validateCredentialNotNull(ConnectionEnvironment connEnv, List securityQuestionsAnswers = credential.getQuestionAnswer(); if (securityQuestionsAnswers == null || securityQuestionsAnswers.isEmpty()) { - recordAuthenticationBehavior(principal, connEnv, "no stored security questions", false); + recordAuthenticationBehavior(principal.getUsername(),principal, connEnv, "no stored security questions", principal.getFocus().getClass(),false); throw new AuthenticationCredentialsNotFoundException("web.security.provider.password.bad"); } diff --git a/model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/security/TestAbstractAuthenticationEvaluator.java b/model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/security/TestAbstractAuthenticationEvaluator.java index d70de719e2b..36320416f58 100644 --- a/model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/security/TestAbstractAuthenticationEvaluator.java +++ b/model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/security/TestAbstractAuthenticationEvaluator.java @@ -240,7 +240,7 @@ public void test102PasswordLoginNullPasswordJack() throws Exception { PrismObject userAfter = getUser(USER_JACK_OID); display("user after", userAfter); assertFailedLoginsForCredentials(userAfter, 1); - assertFailedLoginsForBehavior(userAfter, 1); + assertFailedLoginsForBehavior(userAfter, 2); assertUserLockout(userAfter, LockoutStatusType.NORMAL); } @@ -268,7 +268,7 @@ public void test103PasswordLoginEmptyPasswordJack() throws Exception { PrismObject userAfter = getUser(USER_JACK_OID); display("user after", userAfter); assertFailedLoginsForCredentials(userAfter, 1); - assertFailedLoginsForBehavior(userAfter, 1); + assertFailedLoginsForBehavior(userAfter, 3); assertUserLockout(userAfter, LockoutStatusType.NORMAL); } @@ -370,7 +370,7 @@ public void test125PasswordLoginBadPasswordJackAfterLockoutFailedAttemptsDuratio PrismObject userAfter = getUser(USER_JACK_OID); display("user after", userAfter); assertFailedLoginsForCredentials(userAfter, 1); - assertFailedLoginsForBehavior(userAfter, 2); + assertFailedLoginsForBehavior(userAfter, 4); assertLastFailedLogin(userAfter, startTs, endTs); assertUserLockout(userAfter, LockoutStatusType.NORMAL); } @@ -397,7 +397,7 @@ public void test130PasswordLoginLockout() throws Exception { PrismObject userBetween = getUser(USER_JACK_OID); display("user after", userBetween); assertFailedLoginsForCredentials(userBetween, 2); - assertFailedLoginsForBehavior(userBetween, 3); + assertFailedLoginsForBehavior(userBetween, 5); assertUserLockout(userBetween, LockoutStatusType.NORMAL); try { @@ -419,7 +419,7 @@ public void test130PasswordLoginLockout() throws Exception { PrismObject userAfter = getUser(USER_JACK_OID); display("user after", userAfter); assertFailedLoginsForCredentials(userAfter, 3); - assertFailedLoginsForBehavior(userAfter, 4); + assertFailedLoginsForBehavior(userAfter, 6); assertLastFailedLogin(userAfter, startTs, endTs); assertUserLockout(userAfter, LockoutStatusType.LOCKED); } @@ -445,7 +445,7 @@ public void test132PasswordLoginLockedoutGoodPassword() throws Exception { PrismObject userAfter = getUser(USER_JACK_OID); display("user after", userAfter); assertFailedLoginsForCredentials(userAfter, 3); - assertFailedLoginsForBehavior(userAfter, 5); + assertFailedLoginsForBehavior(userAfter, 7); assertUserLockout(userAfter, LockoutStatusType.LOCKED); } @@ -473,7 +473,7 @@ public void test133PasswordLoginLockedoutBadPassword() throws Exception { PrismObject userAfter = getUser(USER_JACK_OID); display("user after", userAfter); assertFailedLoginsForCredentials(userAfter, 3); - assertFailedLoginsForBehavior(userAfter, 6); + assertFailedLoginsForBehavior(userAfter, 8); assertUserLockout(userAfter, LockoutStatusType.LOCKED); } diff --git a/testing/schrodingertest/src/test/java/com/evolveum/midpoint/testing/schrodinger/page/LoginPageWithAuthenticationConfigTest.java b/testing/schrodingertest/src/test/java/com/evolveum/midpoint/testing/schrodinger/page/LoginPageWithAuthenticationConfigTest.java index bd478f79c6a..b4b66fd1b91 100644 --- a/testing/schrodingertest/src/test/java/com/evolveum/midpoint/testing/schrodinger/page/LoginPageWithAuthenticationConfigTest.java +++ b/testing/schrodingertest/src/test/java/com/evolveum/midpoint/testing/schrodinger/page/LoginPageWithAuthenticationConfigTest.java @@ -92,7 +92,7 @@ public void test030resetPassowordMailNonce() throws IOException, InterruptedExce } @Test - public void test031resetPassowordSecurityQuestion() { + public void test031resetPasswordSecurityQuestion() { basicPage.loggedUser().logoutIfUserIsLogin(); FormLoginPage login = midPoint.formLogin(); open("/login");