FOGL-8753 : Implemented user blocking for incorrect password #1397
Conversation
Signed-off-by: nandan <nandan.ghildiyal@gmail.com>
| if int(user_id) == 1: | ||
| msg = "Restricted for Super Admin user." | ||
| _logger.warning(msg) | ||
| raise web.HTTPForbidden(reason=msg, body=json.dumps({"message": msg})) |
There was a problem hiding this comment.
Can we block Super Admin user? I believe NO
There was a problem hiding this comment.
No we do not currently. We should make this any user with admin right in future and allowing blocking of admin users as long as there is always one unblocked admin user. This is not for the current change however.
| ['id', '=', user_id]).payload() | ||
| storage_client = connect.get_storage_async() | ||
| old_result = await storage_client.query_tbl_with_payload('users', payload) | ||
| if len(old_result['rows']) == 0: |
There was a problem hiding this comment.
If 'rows' Key is not available then? raise Storage Server Exception
| @@ -602,6 +602,8 @@ CREATE TABLE fledge.users ( | |||
| enabled boolean NOT NULL DEFAULT TRUE, | |||
| pwd_last_changed timestamp(6) with time zone NOT NULL DEFAULT now(), | |||
| access_method character varying(5) CHECK( access_method IN ('any','pwd','cert') ) NOT NULL DEFAULT 'any', | |||
| failed_attempts integer DEFAULT 0, | |||
| block_until timestamp(6) DEFAULT now(), | |||
There was a problem hiding this comment.
Probably best tp use etc as the user might change timezones, especially should not be based on the timezone of the caller of the API.
There was a problem hiding this comment.
@MarkRiddoch While login user can only provide id and password. There is no way user can provide any information related to time. API does all the calculation for block time on the basis of information stored into the database. So we are safe here even if user changes timezone. so is it good now?
Signed-off-by: nandan <nandan.ghildiyal@gmail.com>
Signed-off-by: nandan <nandan.ghildiyal@gmail.com>
Signed-off-by: nandan <nandan.ghildiyal@gmail.com>
Signed-off-by: nandan <nandan.ghildiyal@gmail.com>
Signed-off-by: nandan <nandan.ghildiyal@gmail.com>
Signed-off-by: nandan <nandan.ghildiyal@gmail.com>
| @@ -602,6 +602,8 @@ CREATE TABLE fledge.users ( | |||
| enabled boolean NOT NULL DEFAULT TRUE, | |||
| pwd_last_changed timestamp(6) with time zone NOT NULL DEFAULT now(), | |||
| access_method character varying(5) CHECK( access_method IN ('any','pwd','cert') ) NOT NULL DEFAULT 'any', | |||
| failed_attempts integer DEFAULT 0, | |||
| block_until timestamp(6) DEFAULT now(), | |||
There was a problem hiding this comment.
Probably best tp use etc as the user might change timezones, especially should not be based on the timezone of the caller of the API.
Signed-off-by: nandan <nandan.ghildiyal@gmail.com>
|
Audit API tests are also failing with the given change |
|
VERSION file is also missing. It should be with version 72 |
…atus Signed-off-by: nandan <nandan.ghildiyal@gmail.com>
Signed-off-by: nandan <nandan.ghildiyal@gmail.com>
| @@ -1,4 +1,5 @@ | |||
| ALTER TABLE fledge.users ADD COLUMN failed_attempts INTEGER DEFAULT 0; | |||
| ALTER TABLE fledge.users ADD COLUMN block_until DATETIME DEFAULT "2024-01-01 10:10:10.55"; | |||
| ALTER TABLE fledge.users ADD COLUMN block_until DATETIME DEFAULT NULL; | |||
| UPDATE fledge.users SET block_until=current_timestamp; | |||
There was a problem hiding this comment.
Sqlite: CURRENT_TIMESTAMP is in GMT, not the timezone of the machine.
UPDATE users SET block_until=(SELECT STRFTIME('%Y-%m-%d %H:%M:%f', 'NOW', 'localtime'))
There was a problem hiding this comment.
Why are we not setting null? TS should be only if blocked.
…l to NULL Signed-off-by: nandan <nandan.ghildiyal@gmail.com>
Signed-off-by: nandan <nandan.ghildiyal@gmail.com>
Signed-off-by: nandan <nandan.ghildiyal@gmail.com>
Signed-off-by: nandan <nandan.ghildiyal@gmail.com>
| raise web.HTTPForbidden | ||
|
|
||
| user_id = request.match_info.get('user_id') | ||
|
|
There was a problem hiding this comment.
type cast of user_id only once
| if datetime.strptime(block_until, DATE_FORMAT) > datetime.strptime(curr_time, DATE_FORMAT): | ||
| diff = datetime.strptime(block_until, DATE_FORMAT) - datetime.strptime(curr_time, DATE_FORMAT) |
There was a problem hiding this comment.
block_until_datetime_formatter = datetime.strptime(block_until, DATE_FORMAT)
current_datetime_formatter = datetime.strptime(curr_time, DATE_FORMAT)
| hours_left = "" | ||
| if hours == 1 : | ||
| hours_left = "{} hour ".format(hours) | ||
| elif hours > 1: | ||
| hours_left = "{} hours ".format(hours) |
There was a problem hiding this comment.
hours_left = "{} hour ".format(hours) if hours == 1 else "{} hours ".format(hours)
| minutes_left = " 1 minute" #Show minutes 1 or less than 1 as "1 minute" | ||
| if minutes > 1: | ||
| minutes_left = " {} minutes ".format(minutes) |
There was a problem hiding this comment.
This can also be break into single statement
No description provided.