Improve login error messages

Fixes #131
FAForever · Aug 21, 2017 · cdc2b4b · cdc2b4b
1 parent d9deb93
commit cdc2b4b
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 4 deletions.
diff --git a/src/main/java/com/faforever/api/config/security/WebSecurityConfig.java b/src/main/java/com/faforever/api/config/security/WebSecurityConfig.java
@@ -1,18 +1,24 @@
 package com.faforever.api.config.security;
 
 import com.faforever.api.config.ApplicationProfile;
+import com.google.common.collect.ImmutableMap;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.InternalAuthenticationServiceException;
+import org.springframework.security.authentication.LockedException;
 import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.OrRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
@@ -68,7 +74,9 @@ public boolean matches(HttpServletRequest request) {
       })
       .and().headers()
       .cacheControl().disable()
-      .and().formLogin().loginPage("/login").permitAll()
+      .and().formLogin()
+        .loginPage("/login").permitAll()
+        .failureHandler(authenticationFailureHandler())
       .and().authorizeRequests()
         .antMatchers(HttpMethod.OPTIONS).permitAll()
         .antMatchers("/oauth/**").permitAll()
@@ -90,4 +98,18 @@ public void addCorsMappings(CorsRegistry registry) {
       }
     };
   }
+
+  @Bean
+  public AuthenticationFailureHandler authenticationFailureHandler() {
+    ImmutableMap<Object, String> exceptionMappings = ImmutableMap.<Object, String>builder()
+      .put(InternalAuthenticationServiceException.class.getCanonicalName(), "/login?error=serverError")
+      .put(BadCredentialsException.class.getCanonicalName(), "/login?error=badCredentials")
+      .put(LockedException.class.getCanonicalName(), "/login?error=locked")
+      .build();
+
+    final ExceptionMappingAuthenticationFailureHandler result = new ExceptionMappingAuthenticationFailureHandler();
+    result.setExceptionMappings(exceptionMappings);
+    result.setDefaultFailureUrl("/login?error=unknown");
+    return result;
+  }
 }
diff --git a/src/main/resources/templates/login.html b/src/main/resources/templates/login.html
@@ -112,11 +112,15 @@ <h1>Log-in</h1>
 
   <form name="f" th:action="@{/login}" method="post">
     <input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}" th:if="${_csrf != null }"/>
-    <div th:if="${param.error}" class="alert alert-error">
-      Invalid username and password.
+    <div th:switch="${param.error[0]}" th:unless="${param.error == null}" class="alert alert-error">
+      <p th:case="'serverError'">A server error occurred. Please contact an administrator.</p>
+      <p th:case="'badCredentials'">Invalid username or password.</p>
+      <p th:case="'locked'">Your account is currently locked. If you are unsure why or for how long, please contact a
+        moderator.</p>
+      <p th:case="'unknown'">Login failed for unknown reason, please contact an administrator.</p>
     </div>
     <div th:if="${param.logout}" class="alert alert-success">
-      You have been logged out.
+      <p>You have been logged out.</p>
     </div>
     <input type="text" id="username" name="username" placeholder="Username"/>
     <input type="password" id="password" name="password" placeholder="Password"/>