Merge pull request #1361 from ssilvert/KEYCLOAK-1083-unlock-user-account

KEYCLOAK-1083: Provide a way for admin to unlock user account
2015-06-12 07:44:07 +01:00 · 2015-06-12 07:44:07 +01:00 · 2d82d15e5b
commit 2d82d15e5b
parent 656b157103 d6e64a2c5e
9 changed files with 56 additions and 13 deletions
--- a/model/api/src/main/java/org/keycloak/models/entities/UsernameLoginFailureEntity.java
+++ b/model/api/src/main/java/org/keycloak/models/entities/UsernameLoginFailureEntity.java
@ -60,4 +60,11 @@ public class UsernameLoginFailureEntity extends AbstractIdentifiableEntity {
    public void setRealmId(String realmId) {
        this.realmId = realmId;
    }
+
+    public void clearFailures() {
+        this.numFailures = 0;
+        this.lastFailure = 0;
+        this.lastIPFailure = null;
+        this.failedLoginNotBefore = 0;
+    }
 }
--- a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UsernameLoginFailureAdapter.java
+++ b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UsernameLoginFailureAdapter.java
@ -51,7 +51,7 @@ public class UsernameLoginFailureAdapter implements UsernameLoginFailureModel {

    @Override
    public void clearFailures() {
-        entity.setNumFailures(0);
+        entity.clearFailures();
        update();
    }

--- a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/LoginFailureEntity.java
+++ b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/LoginFailureEntity.java
@ -62,4 +62,10 @@ public class LoginFailureEntity implements Serializable {
        this.lastIPFailure = lastIPFailure;
    }

+    public void clearFailures() {
+        this.failedLoginNotBefore = 0;
+        this.numFailures = 0;
+        this.lastFailure = 0;
+        this.lastIPFailure = null;
+    }
 }
--- a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/UsernameLoginFailureAdapter.java
+++ b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/UsernameLoginFailureAdapter.java
@ -43,7 +43,7 @@ public class UsernameLoginFailureAdapter implements UsernameLoginFailureModel

   @Override
   public void clearFailures() {
-      user.setNumFailures(0);
+      user.clearFailures();
   }

   @Override
--- a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/UsernameLoginFailureEntity.java
+++ b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/UsernameLoginFailureEntity.java
@ -91,6 +91,13 @@ public class UsernameLoginFailureEntity {
        this.realmId = realmId;
    }

+    public void clearFailures() {
+        setFailedLoginNotBefore(0);
+        setLastFailure(0);
+        setLastIPFailure(null);
+        setNumFailures(0);
+    }
+
    public static class Key implements Serializable {

        private String realmId;
--- a/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/UsernameLoginFailureAdapter.java
+++ b/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/UsernameLoginFailureAdapter.java
@ -45,7 +45,7 @@ public class UsernameLoginFailureAdapter implements UsernameLoginFailureModel {

    @Override
    public void clearFailures() {
-        entity.getNumFailures().set(0);
+        entity.clearFailures();
    }

    @Override
--- a/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/entities/UsernameLoginFailureEntity.java
+++ b/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/entities/UsernameLoginFailureEntity.java
@ -62,4 +62,11 @@ public class UsernameLoginFailureEntity {
        this.lastIpFailure = lastIpFailure;
    }

+    public void clearFailures() {
+        this.failedLoginNotBefore = new AtomicInteger();
+        this.lastFailure = new AtomicLong();
+        this.lastIpFailure = new AtomicReference<String>();
+        this.numFailures = new AtomicInteger();
+    }
+
 }
--- a/model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/UsernameLoginFailureAdapter.java
+++ b/model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/UsernameLoginFailureAdapter.java
@ -50,7 +50,7 @@ public class UsernameLoginFailureAdapter  extends AbstractMongoAdapter<MongoUser

    @Override
    public void clearFailures() {
-        user.setNumFailures(0);
+        user.clearFailures();
        updateMongoEntity();
    }

--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@ -68,6 +68,8 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.TimeUnit;
+import org.keycloak.models.UsernameLoginFailureModel;
+import org.keycloak.services.managers.BruteForceProtector;

 /**
 * Base resource for managing users
@ -96,6 +98,9 @@ public class UsersResource {
    @Context
    protected HttpHeaders headers;

+    @Context
+    protected BruteForceProtector protector;
+
    public UsersResource(RealmModel realm, RealmAuth auth, TokenManager tokenManager, AdminEventBuilder adminEvent) {
        this.auth = auth;
        this.realm = realm;
@ -131,6 +136,13 @@ public class UsersResource {
                attrsToRemove = Collections.emptySet();
            }

+            if (rep.isEnabled()) {
+                UsernameLoginFailureModel failureModel = session.sessions().getUserLoginFailure(realm, rep.getUsername());
+                if (failureModel != null) {
+                    failureModel.clearFailures();
+                }
+            }
+
            updateUserFromRep(user, rep, attrsToRemove);
            adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();

@ -251,6 +263,10 @@ public class UsersResource {
            }
        }

+        if ((protector != null) && protector.isTemporarilyDisabled(session, realm, rep.getUsername())) {
+            rep.setEnabled(false);
+        }
+
        return rep;
    }