/**
* Tries to authenticate with given credentials
*
* @return User object if authentication is successful or null if not
*/
public User authenticate(String login, String password) {
User user = userDAO.findByLogin(login);
if (user == null) {
return null;
}
if (!passwordService.checkPassword(password, user.getPasswordSalt(), user.getPasswordHash())) {
user.setLoginAttempts(user.getLoginAttempts() + 1);
if (user.getLoginAttempts()
>= configurationService.getInt(
Constants.MAX_LOGIN_ATTEMPTS, Constants.MAX_LOGIN_ATTEMPTS_DEFAULT)) {
user.setStatus(UserStatus.LOCKED_OUT);
}
return null;
} else {
if (user.getLoginAttempts() != 0) {
user.setLoginAttempts(0);
}
if (user.getLastLogin() == null
|| System.currentTimeMillis() - user.getLastLogin().getTime()
> configurationService.getLong(
Constants.LAST_LOGIN_TIMEOUT, Constants.LAST_LOGIN_TIMEOUT_DEFAULT)) {
user.setLastLogin(timestampService.getTimestamp());
}
return user;
}
}
