KEYCLOAK-2147

keycloak · Nov 26, 2015 · 7c4c77d · 7c4c77d
1 parent d510516
commit 7c4c77d
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 40 deletions.
diff --git a/services/src/main/java/org/keycloak/services/managers/BruteForceProtector.java b/services/src/main/java/org/keycloak/services/managers/BruteForceProtector.java
@@ -53,12 +53,6 @@ public int compareTo(LoginEvent o) {
         }
     }
 
-    protected class SuccessfulLogin extends LoginEvent {
-        public SuccessfulLogin(String realmId, String userId, String ip) {
-            super(realmId, userId, ip);
-        }
-    }
-
     protected class ShutdownEvent extends LoginEvent {
         public ShutdownEvent() {
             super(null, null, null);
@@ -83,7 +77,7 @@ public void failure(KeycloakSession session, LoginEvent event) {
         logFailure(event);
         UsernameLoginFailureModel user = getUserModel(session, event);
         if (user == null) {
-            user = session.sessions().addUserLoginFailure(realm, event.username);
+            user = session.sessions().addUserLoginFailure(realm, event.username.toLowerCase());
         }
         user.setLastIPFailure(event.ip);
         long currentTime = System.currentTimeMillis();
@@ -122,7 +116,7 @@ public void failure(KeycloakSession session, LoginEvent event) {
     protected UsernameLoginFailureModel getUserModel(KeycloakSession session, LoginEvent event) {
         RealmModel realm = getRealmModel(session, event);
         if (realm == null) return null;
-        UsernameLoginFailureModel user = session.sessions().getUserLoginFailure(realm, event.username);
+        UsernameLoginFailureModel user = session.sessions().getUserLoginFailure(realm, event.username.toLowerCase());
         if (user == null) return null;
         return user;
     }
@@ -147,7 +141,6 @@ public void shutdown() {
         }
     }
 
-
     public void run() {
         final ArrayList<LoginEvent> events = new ArrayList<LoginEvent>(TRANSACTION_SIZE + 1);
         try {
@@ -196,10 +189,6 @@ public void run() {
         }
     }
 
-    protected void logSuccess(LoginEvent event) {
-        logger.warn("login success for user " + event.username + " from ip " + event.ip);
-    }
-
     protected void logFailure(LoginEvent event) {
         logger.warn("login failure for user " + event.username + " from ip " + event.ip);
         failures++;
@@ -215,15 +204,6 @@ protected void logFailure(LoginEvent event) {
         }
     }
 
-    public void successfulLogin(RealmModel realm, String username, ClientConnection clientConnection) {
-        logger.info("successful login user: " + username + " from ip " + clientConnection.getRemoteAddr());
-    }
-
-    public void invalidUser(RealmModel realm, String username, ClientConnection clientConnection) {
-        logger.warn("invalid user: " + username + " from ip " + clientConnection.getRemoteAddr());
-        // todo more?
-    }
-
     public void failedLogin(RealmModel realm, String username, ClientConnection clientConnection) {
         try {
             FailedLogin event = new FailedLogin(realm.getId(), username, clientConnection.getRemoteAddr());
@@ -238,7 +218,7 @@ public void failedLogin(RealmModel realm, String username, ClientConnection clie
     }
 
     public boolean isTemporarilyDisabled(KeycloakSession session, RealmModel realm, String username) {
-        UsernameLoginFailureModel failure = session.sessions().getUserLoginFailure(realm, username);
+        UsernameLoginFailureModel failure = session.sessions().getUserLoginFailure(realm, username.toLowerCase());
         if (failure == null) {
             return false;
         }
@@ -251,13 +231,4 @@ public boolean isTemporarilyDisabled(KeycloakSession session, RealmModel realm,
         return false;
     }
 
-    public long getFailures() {
-        return failures;
-    }
-
-    public long getLastFailure() {
-        return lastFailure;
-    }
-
-
 }
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java b/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java
@@ -75,7 +75,7 @@ public Map<String, Object> bruteForceUserStatus(@PathParam("username") String us
         data.put("lastIPFailure", "n/a");
         if (!realm.isBruteForceProtected()) return data;
 
-        UsernameLoginFailureModel model = session.sessions().getUserLoginFailure(realm, username);
+        UsernameLoginFailureModel model = session.sessions().getUserLoginFailure(realm, username.toLowerCase());
         if (model == null) return data;
         if (protector.isTemporarilyDisabled(session, realm, username)) {
             data.put("disabled", true);
@@ -97,7 +97,7 @@ public Map<String, Object> bruteForceUserStatus(@PathParam("username") String us
     @DELETE
     public void clearBruteForceForUser(@PathParam("username") String username) {
         auth.requireManage();
-        UsernameLoginFailureModel model = session.sessions().getUserLoginFailure(realm, username);
+        UsernameLoginFailureModel model = session.sessions().getUserLoginFailure(realm, username.toLowerCase());
         if (model != null) {
             session.sessions().removeUserLoginFailure(realm, username);
             adminEvent.operation(OperationType.DELETE).success();

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@@ -144,7 +144,7 @@ public Response updateUser(final @PathParam("id") String id, final UserRepresent
             }
 
             if (rep.isEnabled() != null && rep.isEnabled()) {
-                UsernameLoginFailureModel failureModel = session.sessions().getUserLoginFailure(realm, rep.getUsername());
+                UsernameLoginFailureModel failureModel = session.sessions().getUserLoginFailure(realm, rep.getUsername().toLowerCase());
                 if (failureModel != null) {
                     failureModel.clearFailures();
                 }

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java
@@ -302,6 +302,15 @@ public void testBrowserInvalidPassword() throws Exception {
         loginSuccess();
     }
 
+    @Test
+    public void testBrowserInvalidPasswordDifferentCase() throws Exception {
+        loginSuccess("test-user@localhost");
+        loginInvalidPassword("test-User@localhost");
+        loginInvalidPassword("Test-user@localhost");
+        expectTemporarilyDisabled();
+        clearAllUserFailures();
+    }
+
     @Test
     public void testBrowserMissingPassword() throws Exception {
         loginSuccess();
@@ -333,8 +342,12 @@ public void testBrowserMissingTotp() throws Exception {
     }
 
     public void expectTemporarilyDisabled() throws Exception {
+        expectTemporarilyDisabled("test-user@localhost");
+    }
+
+    public void expectTemporarilyDisabled(String username) throws Exception {
         loginPage.open();
-        loginPage.login("test-user@localhost", "password");
+        loginPage.login(username, "password");
 
         loginPage.assertCurrent();
         String src = driver.getPageSource();
@@ -345,9 +358,11 @@ public void expectTemporarilyDisabled() throws Exception {
                 .assertEvent();
     }
 
-
-
     public void loginSuccess() throws Exception {
+        loginSuccess("test-user@localhost");
+    }
+
+    public void loginSuccess(String username) throws Exception {
         loginPage.open();
         loginPage.login("test-user@localhost", "password");
 
@@ -391,10 +406,13 @@ public void loginWithMissingTotp() throws Exception {
         events.clear();
     }
 
-
     public void loginInvalidPassword() throws Exception {
+        loginInvalidPassword("test-user@localhost");
+    }
+
+    public void loginInvalidPassword(String username) throws Exception {
         loginPage.open();
-        loginPage.login("test-user@localhost", "invalid");
+        loginPage.login(username, "invalid");
 
         loginPage.assertCurrent();