public String preLdapLoginCheck(Users user, String password, HttpServletRequest req) { if (user == null) { throw new IllegalArgumentException("User not set."); } if (!user.getMode().equals(UserAccountType.LDAP_ACCOUNT_TYPE)) { throw new IllegalArgumentException("User is not registerd as ldap user."); } String newPassword = getPasswordPlusSalt(password, user.getSalt()) + Settings.MOBILE_OTP_PADDING; return newPassword; }
/** * Validates password and update account audit. Use validatePwd if ldap user. * * @param user * @param password * @param req * @return */ public boolean validatePassword(Users user, String password, HttpServletRequest req) { if (user == null) { throw new IllegalArgumentException("User not set."); } if (user.getMode().equals(UserAccountType.LDAP_ACCOUNT_TYPE)) { throw new IllegalArgumentException("Operation not allowed for LDAP account."); } String userPwdHash = user.getPassword(); String pwdHash = getPasswordHash(password, user.getSalt()); if (!userPwdHash.equals(pwdHash)) { registerFalseLogin(user, req); LOGGER.log(Level.WARNING, "False login attempt by user: {0}", user.getEmail()); return false; } resetFalseLogin(user); return true; }
otp = Settings.MOBILE_OTP_PADDING; String newPassword = getPasswordPlusSalt(password, user.getSalt()); if (otp.length() == Settings.MOBILE_OTP_PADDING.length() && user.getMode().equals(UserAccountType.M_ACCOUNT_TYPE)) { newPassword = newPassword + otp;
String pwdHash = getPasswordHash(password, user.getSalt()); if (!userPwdHash.equals(pwdHash)) { registerFalseLogin(user, req);