This is an automated email from the ASF dual-hosted git repository.
mbrohl pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new a31195af89 Improved: LoginServices.userLogin: Respond "fail" instead
of "error" to avoid the (automatic service engine) logging of a stack trace on
missing/invalid credentials (OFBIZ-10507)
a31195af89 is described below
commit a31195af8963f03f4e338dcf4e7c0f749193e350
Author: Benjamin Jugl <benjamin.j...@ecomify.de>
AuthorDate: Tue Nov 30 16:31:51 2021 +0100
Improved: LoginServices.userLogin: Respond "fail" instead of "error" to
avoid the (automatic service engine) logging of a stack trace on
missing/invalid credentials (OFBIZ-10507)
---
.../apache/ofbiz/common/login/LoginServices.java | 55 ++++++++++++++++------
1 file changed, 41 insertions(+), 14 deletions(-)
diff --git
a/framework/common/src/main/java/org/apache/ofbiz/common/login/LoginServices.java
b/framework/common/src/main/java/org/apache/ofbiz/common/login/LoginServices.java
index c24757d056..c125a39d8d 100644
---
a/framework/common/src/main/java/org/apache/ofbiz/common/login/LoginServices.java
+++
b/framework/common/src/main/java/org/apache/ofbiz/common/login/LoginServices.java
@@ -20,6 +20,7 @@
package org.apache.ofbiz.common.login;
import java.sql.Timestamp;
+import java.util.ArrayList;
import java.util.Calendar;
import java.util.LinkedHashMap;
import java.util.LinkedList;
@@ -81,6 +82,11 @@ public class LoginServices {
Locale locale = (Locale) context.get("locale");
Delegator delegator = ctx.getDelegator();
+ // Keep track of two different kinds of errors (UserOnly and DebugLog)
and set the RESPONSE_MESSAGE of the
+ // service according to what kind of errors where thrown
+ List<String> userErrMsgs = new ArrayList<>();
+ List<String> debugErrMsgs = new ArrayList<>();
+
// load the external auth modules -- note: this will only run once and
cache the objects
if (!AuthHelper.authenticatorsLoaded()) {
AuthHelper.loadAuthenticators(dispatcher);
@@ -120,11 +126,10 @@ public class LoginServices {
// get the visitId for the history entity
String visitId = (String) context.get("visitId");
- String errMsg = "";
if (UtilValidate.isEmpty(username)) {
- errMsg = UtilProperties.getMessage(RESOURCE,
"loginservices.username_missing", locale);
+ userErrMsgs.add(UtilProperties.getMessage(RESOURCE,
"loginservices.username_missing", locale));
} else if (UtilValidate.isEmpty(password) &&
UtilValidate.isEmpty(jwtToken)) {
- errMsg = UtilProperties.getMessage(RESOURCE,
"loginservices.password_missing", locale);
+ userErrMsgs.add(UtilProperties.getMessage(RESOURCE,
"loginservices.password_missing", locale));
} else {
if
("true".equalsIgnoreCase(EntityUtilProperties.getPropertyValue("security",
"username.lowercase", delegator))) {
@@ -275,9 +280,9 @@ public class LoginServices {
Debug.logInfo("[LoginServices.userLogin] :
Password Incorrect", MODULE);
// password invalid...
if (password != null) {
- errMsg = UtilProperties.getMessage(RESOURCE,
"loginservices.password_incorrect", locale);
+
userErrMsgs.add(UtilProperties.getMessage(RESOURCE,
"loginservices.password_incorrect", locale));
} else if (jwtToken != null) {
- errMsg = UtilProperties.getMessage(RESOURCE,
"loginservices.token_incorrect", locale);
+
userErrMsgs.add(UtilProperties.getMessage(RESOURCE,
"loginservices.token_incorrect", locale));
}
// increment failed login count
Long currentFailedLogins =
userLogin.getLong("successiveFailedLogins");
@@ -400,20 +405,25 @@ public class LoginServices {
continue;
}
Map<String, Object> messageMap = UtilMisc.<String,
Object>toMap("username", username);
- errMsg = UtilProperties.getMessage(RESOURCE,
"loginservices.account_for_user_login_id_disabled", messageMap, locale);
+ userErrMsgs.add(UtilProperties.getMessage(RESOURCE,
"loginservices.account_for_user_login_id_disabled", messageMap, locale));
+ StringBuilder tmpErrMsg = new StringBuilder();
if (disabledDateTime != null) {
messageMap = UtilMisc.<String,
Object>toMap("disabledDateTime", disabledDateTime);
- errMsg += " " +
UtilProperties.getMessage(RESOURCE, "loginservices.since_datetime", messageMap,
locale);
+ tmpErrMsg.append(" ");
+
tmpErrMsg.append(UtilProperties.getMessage(RESOURCE,
"loginservices.since_datetime", messageMap, locale));
} else {
- errMsg += ".";
+ tmpErrMsg.append(".");
}
if (loginDisableMinutes > 0 && reEnableTime != null) {
messageMap = UtilMisc.<String,
Object>toMap("reEnableTime", reEnableTime);
- errMsg += " " +
UtilProperties.getMessage(RESOURCE, "loginservices.will_be_reenabled",
messageMap, locale);
+ tmpErrMsg.append(" ");
+
tmpErrMsg.append(UtilProperties.getMessage(RESOURCE,
"loginservices.will_be_reenabled", messageMap, locale));
} else {
- errMsg += " " +
UtilProperties.getMessage(RESOURCE,
"loginservices.not_scheduled_to_be_reenabled", locale);
+ tmpErrMsg.append(" ");
+
tmpErrMsg.append(UtilProperties.getMessage(RESOURCE,
"loginservices.not_scheduled_to_be_reenabled", locale));
}
+ userErrMsgs.add(tmpErrMsg.toString());
}
} else {
// no userLogin object; there may be a non-syncing
authenticator
@@ -421,7 +431,7 @@ public class LoginServices {
try {
externalAuth = AuthHelper.authenticate(username,
password, isServiceAuth);
} catch (AuthenticatorException e) {
- errMsg = e.getMessage();
+ debugErrMsgs.add(e.getMessage());
Debug.logError(e, "External Authenticator had fatal
exception : " + e.getMessage(), MODULE);
}
if (externalAuth) {
@@ -436,16 +446,33 @@ public class LoginServices {
// TODO: party + security information is needed;
Userlogin will need to be stored
} else {
// userLogin record not found, user does not exist
- errMsg = UtilProperties.getMessage(RESOURCE,
"loginservices.user_not_found", locale);
+ String errMsg = UtilProperties.getMessage(RESOURCE,
"loginservices.user_not_found", locale);
+ userErrMsgs.add(errMsg);
Debug.logInfo("[LoginServices.userLogin] Invalid User
: '" + username + "'; " + errMsg, MODULE);
}
}
}
}
- if (!errMsg.isEmpty()) {
+ if (debugErrMsgs.size() > 0) {
+ result.put(ModelService.RESPONSE_MESSAGE,
ModelService.RESPOND_ERROR);
+ } else if (userErrMsgs.size() > 0) {
result.put(ModelService.RESPONSE_MESSAGE,
ModelService.RESPOND_FAIL);
- result.put(ModelService.ERROR_MESSAGE, errMsg);
+ }
+ // if a technical error occurred then log all error message
+ List<String> messages = new ArrayList<>();
+ if (!debugErrMsgs.isEmpty()) {
+ messages.add(String.join(" / ", debugErrMsgs));
+ }
+ if (!userErrMsgs.isEmpty()) {
+ messages.add(String.join(" / ", userErrMsgs));
+ }
+ String allErrMsg = null;
+ if (!messages.isEmpty()) {
+ allErrMsg = String.join(" / ", messages);
+ }
+ if (allErrMsg != null) {
+ result.put(ModelService.ERROR_MESSAGE, allErrMsg);
}
return result;
}
