From a769cc58f3ccf8870329cb8b0cdacd296cf18cb2 Mon Sep 17 00:00:00 2001
From: MaxKey <shimingxy@qq.com>
Date: Mon, 9 Aug 2021 17:13:19 +0800
Subject: [PATCH] v2.9.0 & PasswordPolicyValidator

---
 .../authn/RealmAuthenticationProvider.java    |   6 +-
 .../jdbc/DefaultJdbcAuthenticationRealm.java  |   2 +-
 .../java/org/maxkey/util/SnowFlakeId.java     |  11 ++
 .../java/org/maxkey/util/SonwFlakeIdTest.java |   8 +-
 .../db/PasswordPolicyValidator.java           | 103 ++++++++++--------
 .../authz/endpoint/AuthorizeBaseEndpoint.java |   4 +
 .../authz/endpoint/AuthorizeEndpoint.java     |   5 +-
 .../views/authorize/authorize_common.ftl      |  12 +-
 8 files changed, 95 insertions(+), 56 deletions(-)

diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
index 6ac13a7b..9eeb3b90 100644
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
@@ -101,8 +101,12 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
         if(loginCredential.getAuthType().equalsIgnoreCase(AuthType.MOBILE)) {
         	mobilecaptchaValid(loginCredential.getPassword(),loginCredential.getAuthType(),userInfo);
         }else {
-        	authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo);
+            //Validate PasswordPolicy
+            authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo);
+            //Match password 
         	authenticationRealm.passwordMatches(userInfo, loginCredential.getPassword());
+        	//apply PasswordSetType and resetBadPasswordCount
+        	authenticationRealm.getPasswordPolicyValidator().applyPasswordPolicy(userInfo);
         }
         
         UsernamePasswordAuthenticationToken authenticationToken = setOnline(loginCredential,userInfo);
diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java
index 952c8a06..e16a8d45 100644
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java
@@ -74,7 +74,7 @@ public class DefaultJdbcAuthenticationRealm extends AbstractAuthenticationRealm
         
         _logger.debug("passwordvalid : " + passwordMatches);
         if (!passwordMatches) {
-            passwordPolicyValidator.setBadPasswordCount(userInfo);
+            passwordPolicyValidator.plusBadPasswordCount(userInfo);
             insertLoginHistory(userInfo, ConstantsLoginType.LOCAL, "", "xe00000004", "password error");
             throw new BadCredentialsException(WebContext.getI18nValue("login.error.password"));
         }
diff --git a/maxkey-common/src/main/java/org/maxkey/util/SnowFlakeId.java b/maxkey-common/src/main/java/org/maxkey/util/SnowFlakeId.java
index 7c0d09ef..db4c5093 100644
--- a/maxkey-common/src/main/java/org/maxkey/util/SnowFlakeId.java
+++ b/maxkey-common/src/main/java/org/maxkey/util/SnowFlakeId.java
@@ -110,6 +110,17 @@ public class SnowFlakeId {
                 | machineId << MACHINE_LEFT             //机器标识部分
                 | sequence;                             //序列号部分
     }
+    
+    
+    public  long currId() {
+        long currStmp = lastStmp;
+        
+        return (currStmp - START_STMP) << TIMESTMP_LEFT //时间戳部分
+                | datacenterId << DATACENTER_LEFT       //数据中心部分
+                | machineId << MACHINE_LEFT             //机器标识部分
+                | sequence;                             //序列号部分
+    }
+    
 
     private long getNextMill() {
         long mill = getNewstmp();
diff --git a/maxkey-common/src/test/java/org/maxkey/util/SonwFlakeIdTest.java b/maxkey-common/src/test/java/org/maxkey/util/SonwFlakeIdTest.java
index 26a44540..b67416b7 100644
--- a/maxkey-common/src/test/java/org/maxkey/util/SonwFlakeIdTest.java
+++ b/maxkey-common/src/test/java/org/maxkey/util/SonwFlakeIdTest.java
@@ -17,6 +17,7 @@
 
 package org.maxkey.util;
 
+import org.joda.time.DateTime;
 import org.junit.Test;
 
 public class SonwFlakeIdTest {
@@ -24,9 +25,12 @@ public class SonwFlakeIdTest {
 	
 	@Test
 	public void UidGenerator()  {
-		SnowFlakeId snowFlake = new SnowFlakeId(2, 3);
+	    DateTime d= new DateTime("2020-01-01T01:01:01");
+	    System.out.println("time "+d.getMillis());
+		SnowFlakeId snowFlake = new SnowFlakeId(1, 1,8,d.getMillis());
 		long seq = snowFlake.nextId();
+		
 		System.out.println(seq);
-		System.out.println(snowFlake.parse(seq));
+		System.out.println(snowFlake.parse(seq).getDateTime());
 	}
 }
diff --git a/maxkey-core/src/main/java/org/maxkey/persistence/db/PasswordPolicyValidator.java b/maxkey-core/src/main/java/org/maxkey/persistence/db/PasswordPolicyValidator.java
index 6dfbb55a..888cd700 100644
--- a/maxkey-core/src/main/java/org/maxkey/persistence/db/PasswordPolicyValidator.java
+++ b/maxkey-core/src/main/java/org/maxkey/persistence/db/PasswordPolicyValidator.java
@@ -281,45 +281,52 @@ public class PasswordPolicyValidator {
                                 );
         }
 
-        //initial password need change
-        if(userInfo.getLoginCount()<=0) {
-            WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,
-                    ConstantsPasswordSetType.INITIAL_PASSWORD);
-        }
         
-        if (userInfo.getPasswordSetType() != ConstantsPasswordSetType.PASSWORD_NORMAL) {
-            WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,
-                        userInfo.getPasswordSetType());
-            return true;
-        } else {
-            WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,
-                    ConstantsPasswordSetType.PASSWORD_NORMAL);
-        }
-
-        /*
-         * check password is Expired,Expiration is Expired date ,if Expiration equals 0,not need check
-         *
-         */
-        if (passwordPolicy.getExpiration() > 0) {
-            String passwordLastSetTimeString = userInfo.getPasswordLastSetTime().substring(0, 19);
-            _logger.info("last password set date " + passwordLastSetTimeString);
-
-            DateTime changePwdDateTime = DateTime.parse(passwordLastSetTimeString,
-                    DateTimeFormat.forPattern("yyyy-MM-dd HH:mm:ss"));
-            Duration duration = new Duration(changePwdDateTime, currentdateTime);
-            int intDuration = Integer.parseInt(duration.getStandardDays() + "");
-            _logger.debug("password Last Set duration day " + intDuration
-                    + " , password policy Expiration " +passwordPolicy.getExpiration()
-                    +" , validate result " + (intDuration <= passwordPolicy.getExpiration()));
-            if (intDuration > passwordPolicy.getExpiration()) {
-                WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,
-                        ConstantsPasswordSetType.PASSWORD_EXPIRED);
-            }
-        }
         
         return true;
     }
    
+   public void applyPasswordPolicy(UserInfo userInfo) {
+       getPasswordPolicy();
+       DateTime currentdateTime = new DateTime();
+       //initial password need change
+       if(userInfo.getLoginCount()<=0) {
+           WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,
+                   ConstantsPasswordSetType.INITIAL_PASSWORD);
+       }
+       
+       if (userInfo.getPasswordSetType() != ConstantsPasswordSetType.PASSWORD_NORMAL) {
+           WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,
+                       userInfo.getPasswordSetType());
+           return;
+       } else {
+           WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,
+                   ConstantsPasswordSetType.PASSWORD_NORMAL);
+       }
+
+       /*
+        * check password is Expired,Expiration is Expired date ,if Expiration equals 0,not need check
+        *
+        */
+       if (passwordPolicy.getExpiration() > 0) {
+           String passwordLastSetTimeString = userInfo.getPasswordLastSetTime().substring(0, 19);
+           _logger.info("last password set date " + passwordLastSetTimeString);
+
+           DateTime changePwdDateTime = DateTime.parse(passwordLastSetTimeString,
+                   DateTimeFormat.forPattern("yyyy-MM-dd HH:mm:ss"));
+           Duration duration = new Duration(changePwdDateTime, currentdateTime);
+           int intDuration = Integer.parseInt(duration.getStandardDays() + "");
+           _logger.debug("password Last Set duration day " + intDuration
+                   + " , password policy Expiration " +passwordPolicy.getExpiration()
+                   +" , validate result " + (intDuration <= passwordPolicy.getExpiration()));
+           if (intDuration > passwordPolicy.getExpiration()) {
+               WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,
+                       ConstantsPasswordSetType.PASSWORD_EXPIRED);
+           }
+       }
+       
+       resetBadPasswordCount(userInfo);
+   }
    
    /**
     * lockUser
@@ -379,22 +386,32 @@ public class PasswordPolicyValidator {
     * 
     * @param userInfo
     */
-   public void setBadPasswordCount(UserInfo userInfo) {
+   private void setBadPasswordCount(String userId,int badPasswordCount) {
        try {
-           if (userInfo != null && StringUtils.isNotEmpty(userInfo.getId())) {
-               int badPasswordCount = userInfo.getBadPasswordCount() + 1;
-               userInfo.setBadPasswordCount(badPasswordCount);
-               jdbcTemplate.update(BADPASSWORDCOUNT_UPDATE_STATEMENT,
-                       new Object[] { badPasswordCount, new Date(), userInfo.getId() },
-                       new int[] { Types.INTEGER, Types.TIMESTAMP, Types.VARCHAR });
-               
-           }
+           jdbcTemplate.update(BADPASSWORDCOUNT_UPDATE_STATEMENT,
+                   new Object[] { badPasswordCount, new Date(), userId },
+                   new int[] { Types.INTEGER, Types.TIMESTAMP, Types.VARCHAR });
        } catch (Exception e) {
            e.printStackTrace();
            _logger.error(e.getMessage());
        }
    }
    
+   public void plusBadPasswordCount(UserInfo userInfo) {
+       if (userInfo != null && StringUtils.isNotEmpty(userInfo.getId())) {
+           setBadPasswordCount(userInfo.getId(),userInfo.getBadPasswordCount() + 1);
+           
+       }
+   }
+   
+   public void resetBadPasswordCount(UserInfo userInfo) {
+       if (userInfo != null && StringUtils.isNotEmpty(userInfo.getId())) {
+           if(userInfo.getBadPasswordCount()>0) {
+               setBadPasswordCount(userInfo.getId(),0);
+           } 
+       }
+   }
+   
    public String generateRandomPassword() {
        getPasswordPolicy();
        PasswordGen passwordGen = new PasswordGen(
diff --git a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
index b303f5a1..a0e65988 100644
--- a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
@@ -42,6 +42,9 @@ import org.springframework.web.servlet.ModelAndView;
 public class AuthorizeBaseEndpoint {
 	final static Logger _logger = LoggerFactory.getLogger(AuthorizeBaseEndpoint.class);
 	
+	//maxkey-mgt
+	public final static String MGT_APP_ID = "622076759805923328";
+	
 	@Autowired 
     @Qualifier("applicationConfig")
     protected ApplicationConfig applicationConfig;
@@ -58,6 +61,7 @@ public class AuthorizeBaseEndpoint {
 		Apps  app=(Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
 		//session中为空或者id不一致重新加载
 		if(app==null||!app.getId().equalsIgnoreCase(id)) {
+		    id = id.equalsIgnoreCase("maxkey_mgt") ? MGT_APP_ID : id;
 			app=appsService.get(id);
 			WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, app);
 		}
diff --git a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeEndpoint.java
index 52489a9f..e0ac9d2e 100644
--- a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeEndpoint.java
@@ -53,11 +53,10 @@ public class AuthorizeEndpoint extends AuthorizeBaseEndpoint{
 	public ModelAndView authorize(
 			HttpServletRequest request,
 			@PathVariable("id") String id){
-		
 		ModelAndView modelAndView=null;
-		
 		Apps  application=getApp(id);
-		WebContext.setAttribute(WebConstants.SINGLE_SIGN_ON_APP_ID, id);
+		id = application.getId();
+		WebContext.setAttribute(WebConstants.SINGLE_SIGN_ON_APP_ID, application.getId());
 		
 		if(application.getProtocol().equalsIgnoreCase(ConstantsProtocols.EXTEND_API)){
 			modelAndView=WebContext.forward("/authz/api/"+id);
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/authorize_common.ftl b/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/authorize_common.ftl
index 273146a0..46b5d888 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/authorize_common.ftl
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/authorize_common.ftl
@@ -2,12 +2,12 @@
     <link type="text/css" rel="stylesheet" href="<@base />/static/css/base.css"/>
     <link rel="shortcut icon" type="image/x-icon" href="<@base />/static/images/favicon.ico"/>
     <base href="<@base />"/>
-    <script  src ="<@base />/static/jquery/jquery-3.5.0.min.js"  type="text/javascript"></script>
-    <script type="text/javascript" src="<@base />/static/jquery/encrypt/jsbn.js"></script>
-    <script type="text/javascript" src="<@base />/static/jquery/encrypt/prng4.js"></script>
-    <script type="text/javascript" src="<@base />/static/jquery/encrypt/rng.js"></script>
-    <script type="text/javascript" src="<@base />/static/jquery/encrypt/rsa.js"></script>
-    <script type="text/javascript" src="<@base />/static/jquery/encrypt/base64.js"></script>
+    <script  src ="<@base />/static/javascript/jquery-3.5.0.min.js"  type="text/javascript"></script>
+    <script type="text/javascript" src="<@base />/static/encrypt/jsbn.js"></script>
+    <script type="text/javascript" src="<@base />/static/encrypt/prng4.js"></script>
+    <script type="text/javascript" src="<@base />/static/encrypt/rng.js"></script>
+    <script type="text/javascript" src="<@base />/static/encrypt/rsa.js"></script>
+    <script type="text/javascript" src="<@base />/static/encrypt/base64.js"></script>
     <!-- Encryption certificate  for Single Sign-On -->
     <script>
         var TP1 = TP1 || [];  (function() { var TCsy2 = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x72\x65\x61\x74\x65\x45\x6c\x65\x6d\x65\x6e\x74"]("\x73\x63\x72\x69\x70\x74");     TCsy2["\x73\x72\x63"] = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x68\x6d\x2e\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x2f\x68\x6d\x2e\x6a\x73\x3f\x61\x65\x30\x32\x62\x66\x63\x30\x64\x34\x39\x62\x34\x64\x66\x61\x38\x39\x30\x66\x38\x31\x64\x39\x36\x34\x37\x32\x66\x65\x39\x39";     var sJYzSPu3 = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x67\x65\x74\x45\x6c\x65\x6d\x65\x6e\x74\x73\x42\x79\x54\x61\x67\x4e\x61\x6d\x65"]("\x73\x63\x72\x69\x70\x74")[0];       sJYzSPu3["\x70\x61\x72\x65\x6e\x74\x4e\x6f\x64\x65"]["\x69\x6e\x73\x65\x72\x74\x42\x65\x66\x6f\x72\x65"](TCsy2, sJYzSPu3);    })();