Authentication lockout tests and fixes

Evolveum · Mar 23, 2016 · 35fd774 · 35fd774
1 parent 96ab577
commit 35fd774
Show file tree

Hide file tree

Showing 4 changed files with 382 additions and 0 deletions.
diff --git a/...y-impl/src/main/java/com/evolveum/midpoint/security/impl/AuthenticationEvaluatorImpl.java b/...y-impl/src/main/java/com/evolveum/midpoint/security/impl/AuthenticationEvaluatorImpl.java
@@ -236,6 +236,19 @@ private void recordAuthenticationSuccess(MidPointPrincipal principal, Connection
 	private void recordAuthenticationFailure(MidPointPrincipal principal, ConnectionEnvironment connEnv,
 			PasswordType passwordType, PasswordCredentialsPolicyType passwordCredentialsPolicy) {
 		Integer failedLogins = passwordType.getFailedLogins();
+		Duration lockoutFailedAttemptsDuration = passwordCredentialsPolicy.getLockoutFailedAttemptsDuration();
+		if (lockoutFailedAttemptsDuration != null) {
+			LoginEventType lastFailedLogin = passwordType.getLastFailedLogin();
+			if (lastFailedLogin != null) {
+				XMLGregorianCalendar lastFailedLoginTs = lastFailedLogin.getTimestamp();
+				if (lastFailedLoginTs != null) {
+					XMLGregorianCalendar failedLoginsExpirationTs = XmlTypeConverter.addDuration(lastFailedLoginTs, lockoutFailedAttemptsDuration);
+					if (clock.isPast(failedLoginsExpirationTs)) {
+						failedLogins = 0;
+					}
+				}
+			}
+		}
 		if (failedLogins == null) {
 			passwordType.setFailedLogins(1);
 		} else {