lcpojr · lcpojr · Oct 11, 2020 · Oct 10, 2020 · Oct 10, 2020 · Oct 10, 2020
diff --git a/README.md b/README.md
@@ -36,11 +36,11 @@ To get the user and application data check out the database on `localhost:8181`
 ```elixir
 # Getting all user identities
 # The user password will be `admin`
-ResourceManager.Repo.all(ResourceManager.Identity.Schemas.User) |> ResourceManager.Repo.preload([:scopes])
+ResourceManager.Repo.all(ResourceManager.Identities.Schemas.User) |> ResourceManager.Repo.preload([:scopes])
 
 # Getting all client application identities
 # Check out for the client secret
-ResourceManager.Repo.all(ResourceManager.Identity.Schemas.ClientApplication) |> ResourceManager.Repo.preload([:scopes])
+ResourceManager.Repo.all(ResourceManager.Identities.Schemas.ClientApplication) |> ResourceManager.Repo.preload([:scopes])
 ```
 
 ### Making requests

diff --git a/apps/authenticator/lib/sign_in/commands/get_temporarilly_blocked.ex b/apps/authenticator/lib/sign_in/commands/get_temporarilly_blocked.ex
@@ -0,0 +1,28 @@
+defmodule Authenticator.SignIn.Commands.GetTemporarillyBlocked do
+  @moduledoc """
+  Get subject authentication attempts that failed consecutively and return
+  it's username or client_id.
+  """
+
+  require Logger
+
+  alias Authenticator.SignIn.{ApplicationAttempts, UserAttempts}
+
+  # Maximum failed attempts before block
+  @max_attempts 5
+
+  # 10 minutes interval
+  @max_interval 60 * 10 * -1
+
+  @doc """
+  Return the identities that failed more than #{@max_attempts} times on sign in
+  in #{@max_interval} seconds.
+  """
+  @spec execute(identity_type :: :user | :application) :: {:ok, list(String.t())}
+  def execute(:user), do: {:ok, UserAttempts.list(get_filters())}
+  def execute(:application), do: {:ok, ApplicationAttempts.list(get_filters())}
+
+  # Query filters
+  defp get_filters, do: [temporarilly_blocked: {@max_attempts, created_after()}]
+  defp created_after, do: NaiveDateTime.add(NaiveDateTime.utc_now(), @max_interval, :second)
+end
diff --git a/apps/authenticator/lib/sign_in/schemas/application_attempt.ex b/apps/authenticator/lib/sign_in/schemas/application_attempt.ex
@@ -47,4 +47,12 @@ defmodule Authenticator.SignIn.Schemas.ApplicationAttempt do
   defp custom_query(query, {:ids, ids}), do: where(query, [c], c.id in ^ids)
   defp custom_query(query, {:created_after, date}), do: where(query, [c], c.inserted_at > ^date)
   defp custom_query(query, {:created_before, date}), do: where(query, [c], c.inserted_at < ^date)
+
+  defp custom_query(query, {:temporarilly_blocked, {max_attempts, date}}) do
+    query
+    |> where([c], c.inserted_at > ^date)
+    |> group_by([c], c.client_id)
+    |> having([c], count(c.client_id) > ^max_attempts)
+    |> select([c], c.client_id)
+  end
 end
diff --git a/apps/authenticator/lib/sign_in/schemas/user_attempt.ex b/apps/authenticator/lib/sign_in/schemas/user_attempt.ex
@@ -47,4 +47,12 @@ defmodule Authenticator.SignIn.Schemas.UserAttempt do
   defp custom_query(query, {:ids, ids}), do: where(query, [c], c.id in ^ids)
   defp custom_query(query, {:created_after, date}), do: where(query, [c], c.inserted_at > ^date)
   defp custom_query(query, {:created_before, date}), do: where(query, [c], c.inserted_at < ^date)
+
+  defp custom_query(query, {:temporarilly_blocked, {max_attempts, date}}) do
+    query
+    |> where([c], c.inserted_at > ^date)
+    |> group_by([c], c.username)
+    |> having([c], count(c.username) > ^max_attempts)
+    |> select([c], c.username)
+  end
 end
diff --git a/apps/authenticator/test/authenticator/sign_in/commands/get_temporarilly_blocked_test.exs b/apps/authenticator/test/authenticator/sign_in/commands/get_temporarilly_blocked_test.exs
@@ -0,0 +1,28 @@
+defmodule Authenticator.SignIn.Commands.GetTemporarillyBlockedTest do
+  use Authenticator.DataCase, async: true
+
+  alias Authenticator.SignIn.Commands.GetTemporarillyBlocked
+
+  describe "#{GetTemporarillyBlocked}.execute/1" do
+    test "succeeds and return users to block temporarilly" do
+      assert [%{username: username} | _] =
+               Enum.map(1..15, fn _ ->
+                 insert!(:user_sign_in_attempt, username: "myusername", was_successful: false)
+               end)
+
+      assert {:ok, [^username | _]} = GetTemporarillyBlocked.execute(:user)
+    end
+
+    test "succeeds and return applications to block temporarilly" do
+      assert [%{client_id: client_id} | _] =
+               Enum.map(1..15, fn _ ->
+                 insert!(:application_sign_in_attempt,
+                   client_id: "myclientid",
+                   was_successful: false
+                 )
+               end)
+
+      assert {:ok, [^client_id | _]} = GetTemporarillyBlocked.execute(:application)
+    end
+  end
+end
diff --git a/apps/resource_manager/lib/credentials/blocklist_password_manager.ex b/apps/resource_manager/lib/credentials/blocklist_password_manager.ex
@@ -37,7 +37,7 @@ defmodule ResourceManager.Credentials.BlocklistPasswordManager do
 
   # coveralls-ignore-stop
 
-  @doc "Update session statuses and save on cache"
+  @doc "Update blocked password list on cache"
   @spec execute() :: {:ok, :managed} | {:error, :update_failed | :failed_to_cache}
   def execute, do: manage_passwords()
 

diff --git a/apps/resource_manager/lib/credentials/ports/verify_hash.ex b/apps/resource_manager/lib/credentials/ports/verify_hash.ex
@@ -3,7 +3,7 @@ defmodule ResourceManager.Credentials.Ports.VerifyHash do
   Port to access Authenticator verify hash command.
   """
 
-  alias ResourceManager.Identity.Schemas.{ClientApplication, User}
+  alias ResourceManager.Identities.Schemas.{ClientApplication, User}
 
   @typedoc "All possible hash algorithms"
   @type algorithms :: :argon2 | :bcrypt | :pbkdf2

diff --git a/apps/resource_manager/lib/credentials/schemas/password.ex b/apps/resource_manager/lib/credentials/schemas/password.ex
@@ -12,7 +12,7 @@ defmodule ResourceManager.Credentials.Schemas.Password do
 
   import Ecto.Changeset
 
-  alias ResourceManager.Identity.Schemas.User
+  alias ResourceManager.Identities.Schemas.User
 
   @typedoc """
   Abstract password module type.

diff --git a/apps/resource_manager/lib/credentials/schemas/public_key.ex b/apps/resource_manager/lib/credentials/schemas/public_key.ex
@@ -7,7 +7,7 @@ defmodule ResourceManager.Credentials.Schemas.PublicKey do
 
   import Ecto.Changeset
 
-  alias ResourceManager.Identity.Schemas.ClientApplication
+  alias ResourceManager.Identities.Schemas.ClientApplication
 
   @typedoc """
   Abstract public_key module type.

diff --git a/...nager/lib/identity/client_applications.ex → ...ger/lib/identities/client_applications.ex b/...nager/lib/identity/client_applications.ex → ...ger/lib/identities/client_applications.ex
@@ -1,4 +1,4 @@
-defmodule ResourceManager.Identity.ClientApplications do
+defmodule ResourceManager.Identities.ClientApplications do
   @moduledoc """
   Client application are subject identities that are not impersonated by a person.
 
@@ -8,5 +8,5 @@ defmodule ResourceManager.Identity.ClientApplications do
   What a client application can do is defined by it's scopes.
   """
 
-  use ResourceManager.Domain, schema_model: ResourceManager.Identity.Schemas.ClientApplication
+  use ResourceManager.Domain, schema_model: ResourceManager.Identities.Schemas.ClientApplication
 end
diff --git a/.../lib/identity/commands/create_identity.ex → ...ib/identities/commands/create_identity.ex b/.../lib/identity/commands/create_identity.ex → ...ib/identities/commands/create_identity.ex
@@ -1,4 +1,4 @@
-defmodule ResourceManager.Identity.Commands.CreateIdentity do
+defmodule ResourceManager.Identities.Commands.CreateIdentity do
   @moduledoc """
   Command for creating a new identity.
   """
@@ -8,9 +8,9 @@ defmodule ResourceManager.Identity.Commands.CreateIdentity do
   alias Ecto.Multi
   alias ResourceManager.Permissions.Commands.ConsentScope
   alias ResourceManager.Credentials.{Passwords, PublicKeys}
-  alias ResourceManager.Identity.Commands.Inputs.{CreateClientApplication, CreateUser}
-  alias ResourceManager.Identity.Schemas.{ClientApplication, User}
-  alias ResourceManager.Identity.{ClientApplications, Users}
+  alias ResourceManager.Identities.Commands.Inputs.{CreateClientApplication, CreateUser}
+  alias ResourceManager.Identities.Schemas.{ClientApplication, User}
+  alias ResourceManager.Identities.{ClientApplications, Users}
   alias ResourceManager.Repo
 
   @typedoc "All possible identities"

diff --git a/...ger/lib/identity/commands/get_identity.ex → ...r/lib/identities/commands/get_identity.ex b/...ger/lib/identity/commands/get_identity.ex → ...r/lib/identities/commands/get_identity.ex
@@ -1,13 +1,13 @@
-defmodule ResourceManager.Identity.Commands.GetIdentity do
+defmodule ResourceManager.Identities.Commands.GetIdentity do
   @moduledoc """
   Find out an identity that matches the given parameters
   """
 
   require Logger
 
-  alias ResourceManager.Identity.{ClientApplications, Users}
-  alias ResourceManager.Identity.Commands.Inputs.{GetClientApplication, GetUser}
-  alias ResourceManager.Identity.Schemas.{ClientApplication, User}
+  alias ResourceManager.Identities.{ClientApplications, Users}
+  alias ResourceManager.Identities.Commands.Inputs.{GetClientApplication, GetUser}
+  alias ResourceManager.Identities.Schemas.{ClientApplication, User}
   alias ResourceManager.Repo
 
   @typedoc "All possible identities"

diff --git a/...mands/inputs/create_client_application.ex → ...mands/inputs/create_client_application.ex b/...mands/inputs/create_client_application.ex → ...mands/inputs/create_client_application.ex
@@ -1,11 +1,11 @@
-defmodule ResourceManager.Identity.Commands.Inputs.CreateClientApplication do
+defmodule ResourceManager.Identities.Commands.Inputs.CreateClientApplication do
   @moduledoc """
   Input parameters for creating client applications
   """
 
   use ResourceManager.Input
 
-  alias ResourceManager.Identity.Schemas.ClientApplication
+  alias ResourceManager.Identities.Schemas.ClientApplication
 
   @typedoc "Create client application input fields"
   @type t :: %__MODULE__{

diff --git a/...b/identity/commands/inputs/create_user.ex → ...identities/commands/inputs/create_user.ex b/...b/identity/commands/inputs/create_user.ex → ...identities/commands/inputs/create_user.ex
@@ -1,11 +1,11 @@
-defmodule ResourceManager.Identity.Commands.Inputs.CreateUser do
+defmodule ResourceManager.Identities.Commands.Inputs.CreateUser do
   @moduledoc """
   Input parameters for creating user identity
   """
 
   use ResourceManager.Input
 
-  alias ResourceManager.Identity.Schemas.User
+  alias ResourceManager.Identities.Schemas.User
 
   @typedoc "Create user input fields"
   @type t :: %__MODULE__{

diff --git a/...y/commands/inputs/get_client_applicate.ex → ...s/commands/inputs/get_client_applicate.ex b/...y/commands/inputs/get_client_applicate.ex → ...s/commands/inputs/get_client_applicate.ex
@@ -1,11 +1,11 @@
-defmodule ResourceManager.Identity.Commands.Inputs.GetClientApplication do
+defmodule ResourceManager.Identities.Commands.Inputs.GetClientApplication do
   @moduledoc """
   Input parameters for getting user identity
   """
 
   use ResourceManager.Input
 
-  alias ResourceManager.Identity.Schemas.ClientApplication
+  alias ResourceManager.Identities.Schemas.ClientApplication
 
   @typedoc "Get user input fields"
   @type t :: %__MODULE__{

diff --git a/.../lib/identity/commands/inputs/get_user.ex → ...ib/identities/commands/inputs/get_user.ex b/.../lib/identity/commands/inputs/get_user.ex → ...ib/identities/commands/inputs/get_user.ex
@@ -1,11 +1,11 @@
-defmodule ResourceManager.Identity.Commands.Inputs.GetUser do
+defmodule ResourceManager.Identities.Commands.Inputs.GetUser do
   @moduledoc """
   Input parameters for getting user identity
   """
 
   use ResourceManager.Input
 
-  alias ResourceManager.Identity.Schemas.User
+  alias ResourceManager.Identities.Schemas.User
 
   @typedoc "Get user input fields"
   @type t :: %__MODULE__{