Permalink
Browse files

[cfid-332] Reset account lockout counter when password is changed

All the admin user or client has to do is reset the user's password
and the lockout timer is started again.

[Fixes #39907125] need to be able to reactivate a user account and reset password
[Fixes #40368551] Duplicate audit event for password change

Change-Id: Ifbbd5636e6193447a5604a815492c85c3c1c5af7
  • Loading branch information...
1 parent 6af4c93 commit b95793428f0c5e78b7fb9e9769e35ee5e7dfffed @dsyer dsyer committed Nov 29, 2012
@@ -19,21 +19,21 @@
* @author Dave Syer
*/
public enum AuditEventType {
+
// Do not change the code values, as these are used in the database.
UserAuthenticationSuccess (0),
UserAuthenticationFailure (1),
UserNotFound (2),
- PasswordChanged (3),
+ PasswordChangeSuccess (3),
PrincipalAuthenticationSuccess (4),
PrincipalAuthenticationFailure (5),
PrincipalNotFound (6),
- PasswordChangeSuccess (7),
- PasswordChangeFailure (8),
- SecretChangeSuccess (9),
- SecretChangeFailure (10),
- ClientCreateSuccess (11),
- ClientUpdateSuccess (12),
- ClientDeleteSuccess (13);
+ PasswordChangeFailure (7),
+ SecretChangeSuccess (8),
+ SecretChangeFailure (9),
+ ClientCreateSuccess (10),
+ ClientUpdateSuccess (11),
+ ClientDeleteSuccess (12);
private final int code;
@@ -41,6 +41,7 @@ public void setSaveDataPeriodMillis(int saveDataPeriodMillis) {
public void log(AuditEvent auditEvent) {
switch (auditEvent.getType()) {
case UserAuthenticationSuccess:
+ case PasswordChangeSuccess:
getJdbcTemplate().update("delete from sec_audit where principal_id=?", auditEvent.getPrincipalId());
break;
case UserAuthenticationFailure:
@@ -97,7 +97,7 @@ public void log(AuditEvent auditEvent) {
private void updateCounters(AuditEvent auditEvent) {
switch (auditEvent.getType()) {
- case PasswordChanged:
+ case PasswordChangeSuccess:
passwordChanges.incrementAndGet();
break;
case PasswordChangeFailure:
@@ -12,6 +12,7 @@
*/
package org.cloudfoundry.identity.uaa.audit;
+import static org.cloudfoundry.identity.uaa.audit.AuditEventType.PasswordChangeSuccess;
import static org.cloudfoundry.identity.uaa.audit.AuditEventType.UserAuthenticationFailure;
import static org.cloudfoundry.identity.uaa.audit.AuditEventType.UserAuthenticationSuccess;
import static org.junit.Assert.assertEquals;
@@ -90,6 +91,14 @@ public void userAuthenticationSuccessResetsData() throws Exception {
}
@Test
+ public void userPasswordChangeSuccessResetsData() throws Exception {
+ auditService.log(getAuditEvent(UserAuthenticationFailure, "1", "joe"));
+ assertEquals(1, template.queryForInt("select count(*) from sec_audit where principal_id='1'"));
+ auditService.log(getAuditEvent(PasswordChangeSuccess, "1", "joe"));
+ assertEquals(0, template.queryForInt("select count(*) from sec_audit where principal_id='1'"));
+ }
+
+ @Test
public void findMethodOnlyReturnsEventsWithinRequestedPeriod() {
long now = System.currentTimeMillis();
auditService.log(getAuditEvent(UserAuthenticationFailure, "1", "joe"));

0 comments on commit b957934

Please sign in to comment.