Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-17 18:51:10 +01:00
Code Issues Packages Projects Releases Activity

added configuration options for login attempt limits

Browse Source
This commit is contained in:
Sebastian Sdorra
2013-09-16 17:36:16 +02:00
parent bfa4372626
commit b2c1336b08
3 changed files with 258 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
scm-webapp/src/test/java/sonia/scm/security/ConfigurableLoginAttemptHandlerTest.java
View File

@@ -27,12 +27,25 @@
* http://bitbucket.org/sdorra/scm-manager
*
*/
package sonia.scm.security;
import java.util.concurrent.TimeUnit;
//~--- non-JDK imports --------------------------------------------------------
import org.apache.shiro.authc.ExcessiveAttemptsException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.junit.Test;
import sonia.scm.config.ScmConfiguration;
import sonia.scm.web.security.AuthenticationResult;
import sonia.scm.web.security.AuthenticationState;
//~--- JDK imports ------------------------------------------------------------
import java.util.concurrent.TimeUnit;
/**
*
@@ -40,25 +53,87 @@ import sonia.scm.web.security.AuthenticationResult;
*/
public class ConfigurableLoginAttemptHandlerTest
{
@Test
public void testLoginAttempt() throws InterruptedException
/**
* Method description
*
*/
@Test(expected = ExcessiveAttemptsException.class)
public void testLoginAttemptLimitReached()
{
ConfigurableLoginAttemptHandler handler = new ConfigurableLoginAttemptHandler(null);
LoginAttemptHandler handler = createHandler(2, 2);
UsernamePasswordToken token = new UsernamePasswordToken("hansolo", "hobbo");
handler.beforeAuthentication(token);
handler.onUnsuccessfulAuthentication(token, AuthenticationResult.FAILED);
handler.beforeAuthentication(token);
handler.beforeAuthentication(token);
handler.onUnsuccessfulAuthentication(token, AuthenticationResult.FAILED);
handler.beforeAuthentication(token);
handler.onUnsuccessfulAuthentication(token, AuthenticationResult.FAILED);
handler.beforeAuthentication(token);
handler.onUnsuccessfulAuthentication(token, AuthenticationResult.FAILED);
handler.beforeAuthentication(token);
handler.onUnsuccessfulAuthentication(token, AuthenticationResult.FAILED);
// asd
Thread.currentThread().sleep(TimeUnit.SECONDS.toMillis(10));
handler.beforeAuthentication(token);
}
/**
* Method description
*
*
* @throws InterruptedException
*/
@Test
public void testLoginAttemptLimitTimeout() throws InterruptedException
{
LoginAttemptHandler handler = createHandler(2, 1);
UsernamePasswordToken token = new UsernamePasswordToken("hansolo", "hobbo");
handler.beforeAuthentication(token);
handler.onUnsuccessfulAuthentication(token, AuthenticationResult.FAILED);
handler.beforeAuthentication(token);
handler.onUnsuccessfulAuthentication(token, AuthenticationResult.FAILED);
Thread.currentThread().sleep(TimeUnit.MILLISECONDS.toMillis(1200l));
handler.beforeAuthentication(token);
}
/**
* Method description
*
*
* @throws InterruptedException
*/
@Test
public void testLoginAttemptResetOnSuccess() throws InterruptedException
{
LoginAttemptHandler handler = createHandler(2, 1);
UsernamePasswordToken token = new UsernamePasswordToken("hansolo", "hobbo");
handler.beforeAuthentication(token);
handler.onUnsuccessfulAuthentication(token, AuthenticationResult.FAILED);
handler.beforeAuthentication(token);
handler.onUnsuccessfulAuthentication(token, AuthenticationResult.FAILED);
handler.onSuccessfulAuthentication(token,
new AuthenticationResult(AuthenticationState.SUCCESS));
handler.beforeAuthentication(token);
handler.onUnsuccessfulAuthentication(token, AuthenticationResult.FAILED);
handler.beforeAuthentication(token);
handler.onUnsuccessfulAuthentication(token, AuthenticationResult.FAILED);
}
/**
* Method description
*
*
* @param loginAttemptLimit
* @param loginAttemptLimitTimeout
*
* @return
*/
private LoginAttemptHandler createHandler(int loginAttemptLimit,
long loginAttemptLimitTimeout)
{
ScmConfiguration configuration = new ScmConfiguration();
configuration.setLoginAttemptLimit(loginAttemptLimit);
configuration.setLoginAttemptLimitTimeout(loginAttemptLimitTimeout);
return new ConfigurableLoginAttemptHandler(configuration);
}
}