go-aah/aah#37 log distinct message

go-aah · Jul 4, 2017 · 03d9c09 · 03d9c09
1 parent bc7232c
commit 03d9c09
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 7 deletions.
diff --git a/scheme/form_auth.go b/scheme/form_auth.go
@@ -70,13 +70,18 @@ func (f *FormAuth) DoAuthenticate(authcToken *authc.AuthenticationToken) (*authc
 
 	// Compare passwords
 	isPasswordOk := f.passwordEncoder.Compare(authcInfo.Credential, []byte(authcToken.Credential))
-	if isPasswordOk && !authcInfo.IsLocked && !authcInfo.IsExpired {
-		// Success, return authentication info
-		return authcInfo, nil
+	if !isPasswordOk {
+		log.Error("Subject credentials do not match")
+		return nil, authc.ErrAuthenticationFailed
 	}
 
-	// Failed, return error
-	return nil, authc.ErrAuthenticationFailed
+	if authcInfo.IsLocked || authcInfo.IsExpired {
+		log.Error("Subject account is locked or expired")
+		return nil, authc.ErrAuthenticationFailed
+	}
+
+	// Success, return authentication info
+	return authcInfo, nil
 }
 
 // ExtractAuthenticationToken method extracts the authentication token information

diff --git a/scheme/form_auth_test.go b/scheme/form_auth_test.go
@@ -25,9 +25,19 @@ func (tfa *testFormAuthentication) Init(cfg *config.Config) error {
 }
 
 func (tfa *testFormAuthentication) GetAuthenticationInfo(authcToken *authc.AuthenticationToken) *authc.AuthenticationInfo {
+	if authcToken == nil {
+		return authc.NewAuthenticationInfo()
+	}
+
 	authcInfo := authc.NewAuthenticationInfo()
-	authcInfo.Principals = append(authcInfo.Principals, &authc.Principal{Realm: "database", Value: "jeeva", IsPrimary: true})
-	authcInfo.Credential = []byte("$2y$10$2A4GsJ6SmLAMvDe8XmTam.MSkKojdobBVJfIU7GiyoM.lWt.XV3H6") // welcome123
+	if authcToken.Identity == "jeeva" {
+		authcInfo.Principals = append(authcInfo.Principals, &authc.Principal{Realm: "database", Value: "jeeva", IsPrimary: true})
+		authcInfo.Credential = []byte("$2y$10$2A4GsJ6SmLAMvDe8XmTam.MSkKojdobBVJfIU7GiyoM.lWt.XV3H6") // welcome123
+	} else if authcToken.Identity == "john" {
+		authcInfo.Principals = append(authcInfo.Principals, &authc.Principal{Realm: "database", Value: "john", IsPrimary: true})
+		authcInfo.Credential = []byte("$2y$10$2A4GsJ6SmLAMvDe8XmTam.MSkKojdobBVJfIU7GiyoM.lWt.XV3H6") // welcome123
+		authcInfo.IsLocked = true
+	}
 	return authcInfo
 }
 
@@ -106,4 +116,12 @@ func TestSchemeFormAuth(t *testing.T) {
 	assert.NotNil(t, err)
 	assert.Nil(t, authcInfo)
 	assert.True(t, err == authc.ErrAuthenticationFailed)
+
+	// Correct Credentials but account is locked
+	authcToken.Credential = "welcome123"
+	authcToken.Identity = "john"
+	authcInfo, err = formAuth.DoAuthenticate(authcToken)
+	assert.NotNil(t, err)
+	assert.Nil(t, authcInfo)
+	assert.True(t, err == authc.ErrAuthenticationFailed)
 }