@Override
@Transactional
public void onAuthenticationFailure(
HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
// Wrong password or username
if (exception instanceof BadCredentialsException) {
MotechUser motechUser =
motechUsersDao.findByUserName(exception.getAuthentication().getName());
int failureLoginLimit = settingService.getFailureLoginLimit();
if (motechUser != null && failureLoginLimit > 0) {
int failureLoginCounter = motechUser.getFailureLoginCounter();
failureLoginCounter++;
if (failureLoginCounter > failureLoginLimit && motechUser.isActive()) {
motechUser.setUserStatus(UserStatus.BLOCKED);
failureLoginCounter = 0;
LOGGER.debug("User {} has been blocked", motechUser.getUserName());
}
motechUser.setFailureLoginCounter(failureLoginCounter);
motechUsersDao.update(motechUser);
}
if (motechUser != null && !motechUser.isActive()) {
LOGGER.debug("Redirecting to " + userBlockedUrl);
redirectStrategy.sendRedirect(request, response, userBlockedUrl);
return;
}
}
super.onAuthenticationFailure(request, response, exception);
}
@Test
public void shouldNotActivateInvalidUser() {
motechUserService.register(
"userName",
"password",
"1234",
"",
asList("IT_ADMIN", "DB_ADMIN"),
Locale.ENGLISH,
UserStatus.BLOCKED,
null);
motechUserService.activateUser("userName1");
MotechUser motechUser = usersDataService.findByUserName("userName");
assertFalse(motechUser.isActive());
}
