/**
* Tries to authenticate with given credentials
*
* @return User object if authentication is successful or null if not
*/
public User authenticate(String login, String password) {
User user = userDAO.findByLogin(login);
if (user == null) {
return null;
}
if (!passwordService.checkPassword(password, user.getPasswordSalt(), user.getPasswordHash())) {
user.setLoginAttempts(user.getLoginAttempts() + 1);
if (user.getLoginAttempts()
>= configurationService.getInt(
Constants.MAX_LOGIN_ATTEMPTS, Constants.MAX_LOGIN_ATTEMPTS_DEFAULT)) {
user.setStatus(UserStatus.LOCKED_OUT);
}
return null;
} else {
if (user.getLoginAttempts() != 0) {
user.setLoginAttempts(0);
}
if (user.getLastLogin() == null
|| System.currentTimeMillis() - user.getLastLogin().getTime()
> configurationService.getLong(
Constants.LAST_LOGIN_TIMEOUT, Constants.LAST_LOGIN_TIMEOUT_DEFAULT)) {
user.setLastLogin(timestampService.getTimestamp());
}
return user;
}
}
@Transactional
public AccessKey authenticate(@NotNull String key) {
Optional<AccessKey> accessKeyOpt =
genericDAO
.createNamedQuery(AccessKey.class, "AccessKey.getByKey", Optional.of(CacheConfig.get()))
.setParameter("someKey", key)
.getResultList()
.stream()
.findFirst();
if (!accessKeyOpt.isPresent()) {
return null;
}
AccessKey accessKey = accessKeyOpt.get();
final Long expirationPeriod =
configurationService.getLong(Constants.SESSION_TIMEOUT, Constants.DEFAULT_SESSION_TIMEOUT);
if (accessKey.getExpirationDate() != null) {
final Long expiresIn =
accessKey.getExpirationDate().getTime() - timestampService.getTimestamp().getTime();
if (AccessKeyType.SESSION == accessKey.getType()
&& expiresIn > 0
&& expiresIn < expirationPeriod / 2) {
em.refresh(accessKey, LockModeType.PESSIMISTIC_WRITE);
accessKey.setExpirationDate(
new Date(timestampService.getTimestamp().getTime() + expirationPeriod));
return genericDAO.merge(accessKey);
}
}
return accessKey;
}
