llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-04 05:10:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: add dynamic mode for provider to enable verification code when the login password is wrong (#1753)

Browse Source 
* fix: update webAuthnBufferDecode to support Base64URL for WebAuthn updates

* feat: enable verification code when the login password is wrong

* fix: only enable captcha when login in password

* fix: disable login error limits when captcha on

* fix: pass "enableCaptcha" as an optional param

* fix: change enbleCapctah to optional bool param
This commit is contained in:
XDTD
2023-04-22 16:16:25 +08:00
committed by GitHub
parent ee8c2650c3
commit 6d6cbc7e6f
31 changed files with 150 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
object/check.go
View File

@ -157,10 +157,16 @@ func checkSigninErrorTimes(user *User, lang string) string {
return ""
}
func CheckPassword(user *User, password string, lang string) string {
func CheckPassword(user *User, password string, lang string, options ...bool) string {
enableCaptcha := false
if len(options) > 0 {
enableCaptcha = options[0]
}
// check the login error times
if msg := checkSigninErrorTimes(user, lang); msg != "" {
return msg
if !enableCaptcha {
if msg := checkSigninErrorTimes(user, lang); msg != "" {
return msg
}
}
organization := GetOrganizationByUser(user)
@ -182,7 +188,7 @@ func CheckPassword(user *User, password string, lang string) string {
return ""
}
return recordSigninErrorInfo(user, lang)
return recordSigninErrorInfo(user, lang, enableCaptcha)
} else {
return fmt.Sprintf(i18n.Translate(lang, "check:unsupported password type: %s"), organization.PasswordType)
}
@ -231,7 +237,11 @@ func checkLdapUserPassword(user *User, password string, lang string) string {
return ""
}
func CheckUserPassword(organization string, username string, password string, lang string) (*User, string) {
func CheckUserPassword(organization string, username string, password string, lang string, options ...bool) (*User, string) {
enableCaptcha := false
if len(options) > 0 {
enableCaptcha = options[0]
}
user := GetUserByFields(organization, username)
if user == nil || user.IsDeleted == true {
return nil, fmt.Sprintf(i18n.Translate(lang, "general:The user: %s doesn't exist"), util.GetId(organization, username))
@ -250,7 +260,7 @@ func CheckUserPassword(organization string, username string, password string, la
return nil, msg
}
} else {
if msg := CheckPassword(user, password, lang); msg != "" {
if msg := CheckPassword(user, password, lang, enableCaptcha); msg != "" {
return nil, msg
}
}
@ -380,7 +390,7 @@ func CheckUpdateUser(oldUser, user *User, lang string) string {
return ""
}
func CheckToEnableCaptcha(application *Application) bool {
func CheckToEnableCaptcha(application *Application, organization, username string) bool {
if len(application.Providers) == 0 {
return false
}
@ -390,6 +400,10 @@ func CheckToEnableCaptcha(application *Application) bool {
continue
}
if providerItem.Provider.Category == "Captcha" {
if providerItem.Rule == "Dynamic" {
user := GetUserByFields(organization, username)
return user != nil && user.SigninWrongTimes >= SigninWrongTimesLimit
}
return providerItem.Rule == "Always"
}
}

15
object/check_util.go
View File

@ -45,9 +45,15 @@ func resetUserSigninErrorTimes(user *User) {
UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, user.IsGlobalAdmin)
}
func recordSigninErrorInfo(user *User, lang string) string {
func recordSigninErrorInfo(user *User, lang string, options ...bool) string {
enableCaptcha := false
if len(options) > 0 {
enableCaptcha = options[0]
}
// increase failed login count
user.SigninWrongTimes++
if user.SigninWrongTimes < SigninWrongTimesLimit {
user.SigninWrongTimes++
}
if user.SigninWrongTimes >= SigninWrongTimesLimit {
// record the latest failed login time
@ -57,10 +63,11 @@ func recordSigninErrorInfo(user *User, lang string) string {
// update user
UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, user.IsGlobalAdmin)
leftChances := SigninWrongTimesLimit - user.SigninWrongTimes
if leftChances > 0 {
if leftChances == 0 && enableCaptcha {
return fmt.Sprint(i18n.Translate(lang, "check:password or code is incorrect"))
} else if leftChances >= 0 {
return fmt.Sprintf(i18n.Translate(lang, "check:password or code is incorrect, you have %d remaining chances"), leftChances)
}
// don't show the chance error message if the user has no chance left
return fmt.Sprintf(i18n.Translate(lang, "check:You have entered the wrong password or code too many times, please wait for %d minutes and try again"), int(LastSignWrongTimeDuration.Minutes()))
}