From dfca551caf7f0f89a766e2c3aec762e233cbb7b5 Mon Sep 17 00:00:00 2001
From: Olivier Lamy <olamy@apache.org>
Date: Sat, 23 Feb 2013 18:36:40 +0000
Subject: [PATCH] as we can chain various user managers with Archiva user
 manager authenticator can lock accounts in the following case : 2 user
 managers: ldap and jdo. ldap correctly find the user but cannot compare
 hashed password jdo reject password so increase loginAttemptCount now ldap
 bind authenticator work but loginAttemptCount has been increased. so we
 restore here loginAttemptCount to 0 if in authenticationFailureCauses

git-svn-id: https://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk@1449386 13f79535-47bb-0310-9956-ffa450edef68
---
 .../redback-authentication-api/pom.xml        |  3 +-
 .../AuthenticationFailureCause.java           | 20 +++++++++
 .../authentication/AuthenticationResult.java  |  5 +++
 .../DefaultAuthenticationManager.java         | 45 ++++++++++++++++++-
 .../src/test/resources/spring-context.xml     |  2 +
 5 files changed, 73 insertions(+), 2 deletions(-)

diff --git a/redback-authentication/redback-authentication-api/pom.xml b/redback-authentication/redback-authentication-api/pom.xml
index a175ed5e0..463a846b3 100644
--- a/redback-authentication/redback-authentication-api/pom.xml
+++ b/redback-authentication/redback-authentication-api/pom.xml
@@ -65,7 +65,8 @@
               org.apache.archiva.redback.policy;version=${project.version},
               org.apache.archiva.redback.users;version=${project.version},
               org.apache.commons.lang;version="[2.6,3)",
-              org.springframework*;version="[3,4)"
+              org.springframework*;version="[3,4)",
+              org.slf4j;resolution:=optional
             </Import-Package>
           </instructions>
         </configuration>
diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java
index 9b87debf4..d6dd9dc29 100644
--- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java
+++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java
@@ -18,6 +18,8 @@ package org.apache.archiva.redback.authentication;
  * under the License.
  */
 
+import org.apache.archiva.redback.users.User;
+
 import java.io.Serializable;
 
 /**
@@ -33,6 +35,8 @@ public class AuthenticationFailureCause
 
     private String message;
 
+    private User user;
+
     public AuthenticationFailureCause( int cause, String message )
     {
         this.cause = cause;
@@ -59,6 +63,22 @@ public class AuthenticationFailureCause
         this.message = message;
     }
 
+    public User getUser()
+    {
+        return user;
+    }
+
+    public AuthenticationFailureCause user ( User user)
+    {
+        this.user = user;
+        return this;
+    }
+
+    public void setUser( User user )
+    {
+        this.user = user;
+    }
+
     @Override
     public String toString()
     {
diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java
index c76ea98f4..dd98d56f7 100644
--- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java
+++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java
@@ -22,6 +22,7 @@ package org.apache.archiva.redback.authentication;
 import org.apache.archiva.redback.users.User;
 
 import java.io.Serializable;
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -93,6 +94,10 @@ public class AuthenticationResult
 
     public List<AuthenticationFailureCause> getAuthenticationFailureCauses()
     {
+        if ( authenticationFailureCauses == null )
+        {
+            this.authenticationFailureCauses = new ArrayList<AuthenticationFailureCause>();
+        }
         return authenticationFailureCauses;
     }
 
diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java
index 68165a779..d39587c40 100644
--- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java
+++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java
@@ -21,11 +21,17 @@ package org.apache.archiva.redback.authentication;
 
 import org.apache.archiva.redback.policy.AccountLockedException;
 import org.apache.archiva.redback.policy.MustChangePasswordException;
+import org.apache.archiva.redback.users.User;
+import org.apache.archiva.redback.users.UserManager;
+import org.apache.archiva.redback.users.UserManagerException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 
 import javax.annotation.PostConstruct;
 import javax.inject.Inject;
+import javax.inject.Named;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
@@ -47,12 +53,18 @@ public class DefaultAuthenticationManager
     implements AuthenticationManager
 {
 
+    private Logger log = LoggerFactory.getLogger( getClass() );
+
     private List<Authenticator> authenticators;
 
     @Inject
     private ApplicationContext applicationContext;
 
-    @SuppressWarnings("unchecked")
+    @Inject
+    @Named( value = "userManager#configurable" )
+    private UserManager userManager;
+
+    @SuppressWarnings( "unchecked" )
     @PostConstruct
     public void initialize()
     {
@@ -88,6 +100,37 @@ public class DefaultAuthenticationManager
 
                 if ( authResult.isAuthenticated() )
                 {
+                    //olamy: as we can chain various user managers with Archiva
+                    // user manager authenticator can lock accounts in the following case :
+                    // 2 user managers: ldap and jdo.
+                    // ldap correctly find the user but cannot compare hashed password
+                    // jdo reject password so increase loginAttemptCount
+                    // now ldap bind authenticator work but loginAttemptCount has been increased.
+                    // so we restore here loginAttemptCount to 0 if in authenticationFailureCauses
+
+                    for ( AuthenticationFailureCause authenticationFailureCause : authenticationFailureCauses )
+                    {
+                        User user = authenticationFailureCause.getUser();
+                        if ( user != null )
+                        {
+                            if ( user.getCountFailedLoginAttempts() > 0 )
+                            {
+                                user.setCountFailedLoginAttempts( 0 );
+                                if ( !userManager.isReadOnly() )
+                                {
+                                    try
+                                    {
+                                        userManager.updateUser( user );
+                                    }
+                                    catch ( UserManagerException e )
+                                    {
+                                        log.debug( e.getMessage(), e );
+                                        log.warn( "skip error updating user: {}", e.getMessage() );
+                                    }
+                                }
+                            }
+                        }
+                    }
                     return authResult;
                 }
 
diff --git a/redback-system/src/test/resources/spring-context.xml b/redback-system/src/test/resources/spring-context.xml
index dd75f723a..9857d4f23 100644
--- a/redback-system/src/test/resources/spring-context.xml
+++ b/redback-system/src/test/resources/spring-context.xml
@@ -45,4 +45,6 @@
 
   <alias name="commons-configuration" alias="test-conf"/>
 
+  <bean name="userManager#configurable" class="org.apache.archiva.redback.system.MockUserManager"/>
+
 </beans>
\ No newline at end of file
-- 
2.39.5