casdoor/object/check_util.go

// Copyright 2021 The Casdoor Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package object

import (
	"fmt"
	"regexp"
	"time"

	"github.com/casdoor/casdoor/i18n"
)

var reRealName *regexp.Regexp

func init() {
	var err error
	reRealName, err = regexp.Compile("^[\u4E00-\u9FA5]{2,3}(?:·[\u4E00-\u9FA5]{2,3})*$")
	if err != nil {
		panic(err)
	}
}

func isValidRealName(s string) bool {
	return reRealName.MatchString(s)
}

func resetUserSigninErrorTimes(user *User) error {
	// if the password is correct and wrong times is not zero, reset the error times
	if user.SigninWrongTimes == 0 {
		return nil
	}

	user.SigninWrongTimes = 0
	_, err := UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, false)
	return err
}

func GetFailedSigninConfigByUser(user *User) (int, int, error) {
	application, err := GetApplicationByUser(user)
	if err != nil {
		return 0, 0, err
	}
	if application == nil {
		return 0, 0, fmt.Errorf("the application for user %s is not found", user.GetId())
	}

	failedSigninLimit := application.FailedSigninLimit
	if failedSigninLimit == 0 {
		failedSigninLimit = DefaultFailedSigninLimit
	}

	failedSigninFrozenTime := application.FailedSigninFrozenTime
	if failedSigninFrozenTime == 0 {
		failedSigninFrozenTime = DefaultFailedSigninFrozenTime
	}

	return failedSigninLimit, failedSigninFrozenTime, nil
}

func recordSigninErrorInfo(user *User, lang string, options ...bool) error {
	enableCaptcha := false
	if len(options) > 0 {
		enableCaptcha = options[0]
	}

	failedSigninLimit, failedSigninFrozenTime, errSignin := GetFailedSigninConfigByUser(user)
	if errSignin != nil {
		return errSignin
	}

	// increase failed login count
	if user.SigninWrongTimes < failedSigninLimit {
		user.SigninWrongTimes++
	}

	if user.SigninWrongTimes >= failedSigninLimit {
		// record the latest failed login time
		user.LastSigninWrongTime = time.Now().UTC().Format(time.RFC3339)
	}

	// update user
	_, err := UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, false)
	if err != nil {
		return err
	}

	leftChances := failedSigninLimit - user.SigninWrongTimes
	if leftChances == 0 && enableCaptcha {
		return fmt.Errorf(i18n.Translate(lang, "check:password or code is incorrect"))
	} else if leftChances >= 0 {
		return fmt.Errorf(i18n.Translate(lang, "check:password or code is incorrect, you have %d remaining chances"), leftChances)
	}

	// don't show the chance error message if the user has no chance left
	return fmt.Errorf(i18n.Translate(lang, "check:You have entered the wrong password or code too many times, please wait for %d minutes and try again"), failedSigninFrozenTime)
}
Update license headers. 2022-02-13 23:39:27 +08:00			`// Copyright 2021 The Casdoor Authors. All Rights Reserved.`
Add isValidPersonalName(). 2021-06-17 11:55:06 +08:00			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package object`

feat(login): add login limit (#1023) * feat(login): add login limit * chore: rename vars * chore: use `string` * fix: clear the signin error times after succeessfull login * chore: modify code position 2022-08-17 01:39:53 +08:00			`import (`
			`"fmt"`
			`"regexp"`
			`"time"`
feat: refactor backend i18n (#1373) * fix: handle the dataSourceName when DB changes * reduce duplication of code * feat: refactor translation error message * feat: use json intsead of ini file * remove useless translation * fix translate problems * remove useless addition * fix pr problems * fix pr problems * fix split problem * use gofumpt to fmt code * use crowdin to execute backend translation * fix pr problems * refactor: change translation file structure same as frontend * delete useless output * update go.mod 2022-12-07 13:13:23 +08:00
			`"github.com/casdoor/casdoor/i18n"`
feat(login): add login limit (#1023) * feat(login): add login limit * chore: rename vars * chore: use `string` * fix: clear the signin error times after succeessfull login * chore: modify code position 2022-08-17 01:39:53 +08:00			`)`
Add isValidPersonalName(). 2021-06-17 11:55:06 +08:00
Change personal to real name. 2022-02-27 13:44:44 +08:00			`var reRealName *regexp.Regexp`
Add isValidPersonalName(). 2021-06-17 11:55:06 +08:00
			`func init() {`
			`var err error`
Change personal to real name. 2022-02-27 13:44:44 +08:00			`reRealName, err = regexp.Compile("^[\u4E00-\u9FA5]{2,3}(?:·[\u4E00-\u9FA5]{2,3})*$")`
Add isValidPersonalName(). 2021-06-17 11:55:06 +08:00			`if err != nil {`
			`panic(err)`
			`}`
			`}`

Change personal to real name. 2022-02-27 13:44:44 +08:00			`func isValidRealName(s string) bool {`
			`return reRealName.MatchString(s)`
Add isValidPersonalName(). 2021-06-17 11:55:06 +08:00			`}`
feat(login): add login limit (#1023) * feat(login): add login limit * chore: rename vars * chore: use `string` * fix: clear the signin error times after succeessfull login * chore: modify code position 2022-08-17 01:39:53 +08:00
feat: fix error handling in CheckPassword() related functions 2023-11-19 19:58:07 +08:00			`func resetUserSigninErrorTimes(user *User) error {`
feat(login): add login limit (#1023) * feat(login): add login limit * chore: rename vars * chore: use `string` * fix: clear the signin error times after succeessfull login * chore: modify code position 2022-08-17 01:39:53 +08:00			`// if the password is correct and wrong times is not zero, reset the error times`
			`if user.SigninWrongTimes == 0 {`
feat: fix error handling in CheckPassword() related functions 2023-11-19 19:58:07 +08:00			`return nil`
feat(login): add login limit (#1023) * feat(login): add login limit * chore: rename vars * chore: use `string` * fix: clear the signin error times after succeessfull login * chore: modify code position 2022-08-17 01:39:53 +08:00			`}`
feat: fix error handling in CheckPassword() related functions 2023-11-19 19:58:07 +08:00
feat(login): add login limit (#1023) * feat(login): add login limit * chore: rename vars * chore: use `string` * fix: clear the signin error times after succeessfull login * chore: modify code position 2022-08-17 01:39:53 +08:00			`user.SigninWrongTimes = 0`
feat: fix error handling in CheckPassword() related functions 2023-11-19 19:58:07 +08:00			`_, err := UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, false)`
			`return err`
feat(login): add login limit (#1023) * feat(login): add login limit * chore: rename vars * chore: use `string` * fix: clear the signin error times after succeessfull login * chore: modify code position 2022-08-17 01:39:53 +08:00			`}`

feat: add the `FailedSigninLimit` and `FailedSigninfrozenTime` configuration options to the application (#2552) Add configuration items to the application to limit the number of logins and the login wait time after the maximum number of errors is reached feat: #2272 fix: fixed the issue where the token parameter could be set to a negative value 2023-12-20 22:29:53 +08:00			`func GetFailedSigninConfigByUser(user *User) (int, int, error) {`
			`application, err := GetApplicationByUser(user)`
			`if err != nil {`
			`return 0, 0, err`
			`}`
feat: improve error message in GetFailedSigninConfigByUser() 2024-08-10 09:31:46 +08:00			`if application == nil {`
			`return 0, 0, fmt.Errorf("the application for user %s is not found", user.GetId())`
			`}`
feat: add the `FailedSigninLimit` and `FailedSigninfrozenTime` configuration options to the application (#2552) Add configuration items to the application to limit the number of logins and the login wait time after the maximum number of errors is reached feat: #2272 fix: fixed the issue where the token parameter could be set to a negative value 2023-12-20 22:29:53 +08:00
Refactor application.FailedSigninLimit code 2024-01-13 02:09:18 +08:00			`failedSigninLimit := application.FailedSigninLimit`
feat: add the `FailedSigninLimit` and `FailedSigninfrozenTime` configuration options to the application (#2552) Add configuration items to the application to limit the number of logins and the login wait time after the maximum number of errors is reached feat: #2272 fix: fixed the issue where the token parameter could be set to a negative value 2023-12-20 22:29:53 +08:00			`if failedSigninLimit == 0 {`
			`failedSigninLimit = DefaultFailedSigninLimit`
			`}`
Refactor application.FailedSigninLimit code 2024-01-13 02:09:18 +08:00
Fix failedSigninFrozenTime typo 2024-01-13 02:12:29 +08:00			`failedSigninFrozenTime := application.FailedSigninFrozenTime`
			`if failedSigninFrozenTime == 0 {`
			`failedSigninFrozenTime = DefaultFailedSigninFrozenTime`
feat: add the `FailedSigninLimit` and `FailedSigninfrozenTime` configuration options to the application (#2552) Add configuration items to the application to limit the number of logins and the login wait time after the maximum number of errors is reached feat: #2272 fix: fixed the issue where the token parameter could be set to a negative value 2023-12-20 22:29:53 +08:00			`}`

Fix failedSigninFrozenTime typo 2024-01-13 02:12:29 +08:00			`return failedSigninLimit, failedSigninFrozenTime, nil`
feat: add the `FailedSigninLimit` and `FailedSigninfrozenTime` configuration options to the application (#2552) Add configuration items to the application to limit the number of logins and the login wait time after the maximum number of errors is reached feat: #2272 fix: fixed the issue where the token parameter could be set to a negative value 2023-12-20 22:29:53 +08:00			`}`

feat: fix error handling in CheckPassword() related functions 2023-11-19 19:58:07 +08:00			`func recordSigninErrorInfo(user *User, lang string, options ...bool) error {`
feat: add dynamic mode for provider to enable verification code when the login password is wrong (#1753) * fix: update webAuthnBufferDecode to support Base64URL for WebAuthn updates * feat: enable verification code when the login password is wrong * fix: only enable captcha when login in password * fix: disable login error limits when captcha on * fix: pass "enableCaptcha" as an optional param * fix: change enbleCapctah to optional bool param 2023-04-22 16:16:25 +08:00			`enableCaptcha := false`
			`if len(options) > 0 {`
			`enableCaptcha = options[0]`
			`}`
feat: fix error handling in CheckPassword() related functions 2023-11-19 19:58:07 +08:00
Fix failedSigninFrozenTime typo 2024-01-13 02:12:29 +08:00			`failedSigninLimit, failedSigninFrozenTime, errSignin := GetFailedSigninConfigByUser(user)`
feat: add the `FailedSigninLimit` and `FailedSigninfrozenTime` configuration options to the application (#2552) Add configuration items to the application to limit the number of logins and the login wait time after the maximum number of errors is reached feat: #2272 fix: fixed the issue where the token parameter could be set to a negative value 2023-12-20 22:29:53 +08:00			`if errSignin != nil {`
			`return errSignin`
			`}`

feat(login): add login limit (#1023) * feat(login): add login limit * chore: rename vars * chore: use `string` * fix: clear the signin error times after succeessfull login * chore: modify code position 2022-08-17 01:39:53 +08:00			`// increase failed login count`
feat: add the `FailedSigninLimit` and `FailedSigninfrozenTime` configuration options to the application (#2552) Add configuration items to the application to limit the number of logins and the login wait time after the maximum number of errors is reached feat: #2272 fix: fixed the issue where the token parameter could be set to a negative value 2023-12-20 22:29:53 +08:00			`if user.SigninWrongTimes < failedSigninLimit {`
feat: add dynamic mode for provider to enable verification code when the login password is wrong (#1753) * fix: update webAuthnBufferDecode to support Base64URL for WebAuthn updates * feat: enable verification code when the login password is wrong * fix: only enable captcha when login in password * fix: disable login error limits when captcha on * fix: pass "enableCaptcha" as an optional param * fix: change enbleCapctah to optional bool param 2023-04-22 16:16:25 +08:00			`user.SigninWrongTimes++`
			`}`
feat(login): add login limit (#1023) * feat(login): add login limit * chore: rename vars * chore: use `string` * fix: clear the signin error times after succeessfull login * chore: modify code position 2022-08-17 01:39:53 +08:00
feat: add the `FailedSigninLimit` and `FailedSigninfrozenTime` configuration options to the application (#2552) Add configuration items to the application to limit the number of logins and the login wait time after the maximum number of errors is reached feat: #2272 fix: fixed the issue where the token parameter could be set to a negative value 2023-12-20 22:29:53 +08:00			`if user.SigninWrongTimes >= failedSigninLimit {`
feat(login): add login limit (#1023) * feat(login): add login limit * chore: rename vars * chore: use `string` * fix: clear the signin error times after succeessfull login * chore: modify code position 2022-08-17 01:39:53 +08:00			`// record the latest failed login time`
			`user.LastSigninWrongTime = time.Now().UTC().Format(time.RFC3339)`
			`}`

			`// update user`
feat: fix error handling in CheckPassword() related functions 2023-11-19 19:58:07 +08:00			`_, err := UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, false)`
			`if err != nil {`
			`return err`
			`}`

feat: add the `FailedSigninLimit` and `FailedSigninfrozenTime` configuration options to the application (#2552) Add configuration items to the application to limit the number of logins and the login wait time after the maximum number of errors is reached feat: #2272 fix: fixed the issue where the token parameter could be set to a negative value 2023-12-20 22:29:53 +08:00			`leftChances := failedSigninLimit - user.SigninWrongTimes`
feat: add dynamic mode for provider to enable verification code when the login password is wrong (#1753) * fix: update webAuthnBufferDecode to support Base64URL for WebAuthn updates * feat: enable verification code when the login password is wrong * fix: only enable captcha when login in password * fix: disable login error limits when captcha on * fix: pass "enableCaptcha" as an optional param * fix: change enbleCapctah to optional bool param 2023-04-22 16:16:25 +08:00			`if leftChances == 0 && enableCaptcha {`
feat: fix error handling in CheckPassword() related functions 2023-11-19 19:58:07 +08:00			`return fmt.Errorf(i18n.Translate(lang, "check:password or code is incorrect"))`
feat: add dynamic mode for provider to enable verification code when the login password is wrong (#1753) * fix: update webAuthnBufferDecode to support Base64URL for WebAuthn updates * feat: enable verification code when the login password is wrong * fix: only enable captcha when login in password * fix: disable login error limits when captcha on * fix: pass "enableCaptcha" as an optional param * fix: change enbleCapctah to optional bool param 2023-04-22 16:16:25 +08:00			`} else if leftChances >= 0 {`
feat: fix error handling in CheckPassword() related functions 2023-11-19 19:58:07 +08:00			`return fmt.Errorf(i18n.Translate(lang, "check:password or code is incorrect, you have %d remaining chances"), leftChances)`
feat(login): add login limit (#1023) * feat(login): add login limit * chore: rename vars * chore: use `string` * fix: clear the signin error times after succeessfull login * chore: modify code position 2022-08-17 01:39:53 +08:00			`}`
feat: fix error handling in CheckPassword() related functions 2023-11-19 19:58:07 +08:00
feat(login): add login limit (#1023) * feat(login): add login limit * chore: rename vars * chore: use `string` * fix: clear the signin error times after succeessfull login * chore: modify code position 2022-08-17 01:39:53 +08:00			`// don't show the chance error message if the user has no chance left`
Fix failedSigninFrozenTime typo 2024-01-13 02:12:29 +08:00			`return fmt.Errorf(i18n.Translate(lang, "check:You have entered the wrong password or code too many times, please wait for %d minutes and try again"), failedSigninFrozenTime)`
feat(login): add login limit (#1023) * feat(login): add login limit * chore: rename vars * chore: use `string` * fix: clear the signin error times after succeessfull login * chore: modify code position 2022-08-17 01:39:53 +08:00			`}`