feat: add more feedback to UI on inactive and/or unverified accounts (#78)

* feat: propagate can_login to UI and give more feedback

Signed-off-by: romanetar <[email protected]>

* feat: add more feedback to UI on inactive and/or unverified accounts

Signed-off-by: romanetar <[email protected]>

* fix: login flow ui tweaks

Signed-off-by: romanetar <[email protected]>

* fix: PR review feedback

Signed-off-by: romanetar <[email protected]>

* feat: add login attempt counter (#82)

* feat: add login attempt counter

Change-Id: Icd5ceb7f886ffa918449c872047ce4f279ee9c81

* fix: remove hard coded test value

Change-Id: Ib765702819565ec82e1bc60361aee27aa492350b

---------

Signed-off-by: romanetar <[email protected]>
Co-authored-by: sebastian marcet <[email protected]>

Author: romanetar

app/Http/Controllers/UserController.php

@@ -20,7 +20,9 @@
 use App\ModelSerializers\SerializerRegistry;
 use Auth\Exceptions\AuthenticationException;
 use Auth\Exceptions\UnverifiedEmailMemberException;
+use App\Services\Auth\IUserService as AuthUserService;
 use Exception;
+use Illuminate\Http\Request as LaravelRequest;
 use Illuminate\Support\Facades\Request;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Redirect;
@@ -85,6 +87,10 @@ final class UserController extends OpenIdController
      * @var IUserService
      */
     private $user_service;
+    /**
+     * @var AuthUserService
+     */
+    private $auth_user_service;
     /**
      * @var IUserActionService
      */
@@ -131,6 +137,7 @@ final class UserController extends OpenIdController
      * @param ITrustedSitesService $trusted_sites_service
      * @param DiscoveryController $discovery
      * @param IUserService $user_service
+     * @param AuthUserService $auth_user_service
      * @param IUserActionService $user_action_service
      * @param IClientRepository $client_repository
      * @param IApiScopeRepository $scope_repository
@@ -149,6 +156,7 @@ public function __construct
         ITrustedSitesService $trusted_sites_service,
         DiscoveryController $discovery,
         IUserService $user_service,
+        AuthUserService $auth_user_service,
         IUserActionService $user_action_service,
         IClientRepository $client_repository,
         IApiScopeRepository $scope_repository,
@@ -159,15 +167,14 @@ public function __construct
         LoginHintProcessStrategy $login_hint_process_strategy
     )
     {
-
-
         $this->openid_memento_service = $openid_memento_service;
         $this->oauth2_memento_service = $oauth2_memento_service;
         $this->auth_service = $auth_service;
         $this->server_configuration_service = $server_configuration_service;
         $this->trusted_sites_service = $trusted_sites_service;
         $this->discovery = $discovery;
         $this->user_service = $user_service;
+        $this->auth_user_service = $auth_user_service;
         $this->user_action_service = $user_action_service;
         $this->client_repository = $client_repository;
         $this->scope_repository = $scope_repository;
@@ -257,14 +264,16 @@ public function getAccount()
 
             $user = $this->auth_service->getUserByUsername($email);
 
-            if (is_null($user) || !$user->canLogin())
+            if (is_null($user))
                 throw new EntityNotFoundException();
 
             return $this->ok(
                 [
+                    'is_active' => $user->isActive(),
+                    'is_verified' => $user->isEmailVerified(),
                     'pic' => $user->getPic(),
                     'full_name' => $user->getFullName(),
-                    'has_password_set' => $user->hasPasswordSet()
+                    'has_password_set' => $user->hasPasswordSet(),
                 ]
             );
         } catch (ValidationException $ex) {
@@ -354,9 +363,41 @@ public function emitOTP()
         }
     }
 
+    /**
+     * @return \Illuminate\Http\JsonResponse|mixed
+     */
+    public function resendVerificationEmail(LaravelRequest $request)
+    {
+        try {
+            $payload = $request->all();
+            $validator = Validator::make($payload, [
+                'email' => 'required|string|email|max:255'
+            ]);
+
+            if (!$validator->passes()) {
+                return $this->error412($validator->getMessageBag()->getMessages());
+            }
+            $this->auth_user_service->resendVerificationEmail($payload);
+            return $this->ok();
+        }
+        catch (ValidationException $ex) {
+            Log::warning($ex);
+            return $this->error412($ex->getMessages());
+        }
+        catch (EntityNotFoundException $ex) {
+            Log::warning($ex);
+            return $this->error404();
+        }
+        catch (Exception $ex) {
+            Log::error($ex);
+            return $this->error500($ex);
+        }
+    }
+
     public function postLogin()
     {
         $max_login_attempts_2_show_captcha = $this->server_configuration_service->getConfigValue("MaxFailed.LoginAttempts.2ShowCaptcha");
+        $max_login_failed_attempts = intval($this->server_configuration_service->getConfigValue("MaxFailed.Login.Attempts"));
         $login_attempts                    = 0;
         $username                          = '';
         $user = null;
@@ -443,13 +484,15 @@ public function postLogin()
                     (
                         [
                             'max_login_attempts_2_show_captcha' => $max_login_attempts_2_show_captcha,
+                            'max_login_failed_attempts' => $max_login_failed_attempts,
                             'login_attempts' => $login_attempts,
                             'error_message' => $ex->getMessage(),
                             'user_fullname' => !is_null($user) ? $user->getFullName() : "",
                             'user_pic' => !is_null($user) ? $user->getPic(): "",
                             'user_verified' => true,
                             'username' => $username,
-                            'flow' => $flow
+                            'flow' => $flow,
+                            'user_is_active' => !is_null($user) ? ($user->isActive() ? 1 : 0) : 0
                         ]
                     );
                 }
@@ -459,6 +502,7 @@ public function postLogin()
             // validator errors
             $response_data =    [
                 'max_login_attempts_2_show_captcha' => $max_login_attempts_2_show_captcha,
+                'max_login_failed_attempts'         => $max_login_failed_attempts,
                 'login_attempts'                    => $login_attempts,
                 'validator'                         => $validator,
             ];
@@ -470,7 +514,8 @@ public function postLogin()
             if(!is_null($user)){
                 $response_data['user_fullname'] = $user->getFullName();
                 $response_data['user_pic'] = $user->getPic();
-                $response_data['user_verified'] = true;
+                $response_data['user_verified'] = 1;
+                $response_data['user_is_active'] = $user->isActive() ? 1 : 0;
             }
 
             return $this->login_strategy->errorLogin
@@ -485,9 +530,10 @@ public function postLogin()
 
             $response_data =    [
                 'max_login_attempts_2_show_captcha' => $max_login_attempts_2_show_captcha,
+                'max_login_failed_attempts'         => $max_login_failed_attempts,
                 'login_attempts'                    => $login_attempts,
                 'username'                          => $username,
-                'error_message'                     => $ex1->getMessage()
+                'error_message'                     => $ex1->getMessage(),
             ];
 
             if (is_null($user) && isset($data['username'])) {
@@ -497,7 +543,8 @@ public function postLogin()
             if(!is_null($user)){
                 $response_data['user_fullname'] = $user->getFullName();
                 $response_data['user_pic'] = $user->getPic();
-                $response_data['user_verified'] = true;
+                $response_data['user_verified'] = 1;
+                $response_data['user_is_active'] = $user->isActive() ? 1 : 0;
             }
 
             return $this->login_strategy->errorLogin

app/Services/Auth/UserService.php

@@ -218,14 +218,18 @@ public function registerUser(array $payload, ?OAuth2OTP $otp = null):User
      * @param string $token
      * @return User
      * @throws EntityNotFoundException
-     * @throws ValidationException
+     * @throws ValidationException|\Exception
      */
     public function verifyEmail(string $token): User
     {
         return $this->tx_service->transaction(function () use ($token) {
             $user = $this->user_repository->getByVerificationEmailToken($token);
-            if (is_null($user))
+
+            if (is_null($user) || !$user->isActive()) {
+                Log::warning(sprintf("UserService::verifyEmail user with id %s is not active", $user->getId()));
                 throw new EntityNotFoundException();
+            }
+
             $user->verifyEmail();
 
             try {

app/Services/SecurityPolicies/LockUserCounterMeasure.php

@@ -77,7 +77,7 @@ public function trigger(array $params = [])
                     $user_id = $params["user_id"];
                     $user    = $this->repository->getById($user_id);
                     $max_login_failed_attempts = intval($this->server_configuration->getConfigValue("MaxFailed.Login.Attempts"));
-                    if (!is_null($user) && $user instanceof User) {
+                    if ($user instanceof User) {
                         //apply lock policy
                         if (intval($user->getLoginFailedAttempt()) < $max_login_failed_attempts) {
                             $this->user_service->updateFailedLoginAttempts($user->getId());

app/libs/Auth/Factories/UserFactory.php

@@ -11,7 +11,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  **/
-use Auth\Group;
 use Auth\User;
 use Illuminate\Support\Facades\Auth;
 

app/libs/Auth/Models/User.php

@@ -1854,6 +1854,8 @@ public function activate():void {
         if(!$this->active) {
             $this->active = true;
             $this->spam_type = self::SpamTypeHam;
+            // reset it
+            $this->login_failed_attempt = 0;
             Event::dispatch(new UserSpamStateUpdated(
                     $this->getId()
                 )
@@ -1886,6 +1888,7 @@ public function verifyEmail(bool $send_email_verified_notice = true)
             $this->spam_type           = self::SpamTypeHam;
             $this->active              = true;
             $this->lock                = false;
+            $this->login_failed_attempt = 0;
             $this->email_verified_date = new \DateTime('now', new \DateTimeZone('UTC'));
 
             if($send_email_verified_notice)

resources/js/components/custom_snackbar.js

@@ -0,0 +1,22 @@
+import React from 'react';
+import { Snackbar } from '@material-ui/core';
+import MuiAlert from '@material-ui/lab/Alert';
+
+function Alert(props) {
+  return <MuiAlert elevation={6} variant="filled" {...props} />;
+}
+
+const CustomSnackbar = ({ message, severity = 'info', onClose }) => {
+  return (
+    <Snackbar
+        open={message !== null}
+        autoHideDuration={8000}
+        onClose={onClose}
+        anchorOrigin={{ vertical: 'top', horizontal: 'center' }}>
+      <Alert onClose={onClose} severity={severity}>
+        {message}
+      </Alert>
+    </Snackbar>
+  );
+};
+export default CustomSnackbar;

resources/js/login/actions.js

@@ -19,3 +19,11 @@ export const emitOTP = (email, token, connection = 'email', send='code') => {
 
     return postRawRequest(window.EMIT_OTP_ENDPOINT)(params, {'X-CSRF-TOKEN': token});
 }
+
+export const resendVerificationEmail = (email, token) => {
+    const params = {
+      email: email
+    };
+
+    return postRawRequest(window.RESEND_VERIFICATION_EMAIL_ENDPOINT)(params, {'X-CSRF-TOKEN': token});
+}