Skip to content

Commit 275b824

Browse files
pimvdnollpimvdnoll
committed
Added check on MFA code by the user (thanks Dirk of S-Unit for reporting after pentests!)
Added rate limit on attempts for MFA codes. Will block after user after 3 times (just like normal login attempts) Custom info and error messages are now possible Small documentation fixes
1 parent 0452a0c commit 275b824

4 files changed

Lines changed: 27 additions & 3 deletions

File tree

2fa.mpr

1.36 MB
Binary file not shown.

Output/MFAmodule_Mx8188_v1_5.mpk

136 KB
Binary file not shown.

javasource/mfamodule/helpers/MultiFactorAuthLoginAction.java

Lines changed: 25 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,21 @@ public ISession execute() throws Exception {
6666
IUser user = Core.getUser(sysContext, userMfaObj.getUsername());
6767
return Core.initializeSession(user, this.currentSessionId);
6868
}
69+
else if (userMfaObj.getUsername() != null && userMfaObj.getUsername() != "") {
70+
IUser user = Core.getUser(sysContext, userMfaObj.getUsername());
71+
if(user != null) {
72+
Object obj = (Integer)user.getMendixObject().getValue(sysContext,"FailedLogins")+1;
73+
user.getMendixObject().setValue(sysContext,"FailedLogins",obj);
74+
if ( (Integer)user.getMendixObject().getValue(sysContext,"FailedLogins") >= 3) {
75+
user.getMendixObject().setValue(sysContext,"Blocked",true);
76+
Core.commit(sysContext, user.getMendixObject());
77+
_logNode.debug( "Custom MFA to much attempts FAILED: user '" + userMfaObj.getUsername() + "' blocked" );
78+
throw new UserBlockedException("Custom MFA check: User '"+ userMfaObj.getUsername() + "' blocked");
79+
}
80+
Core.commit(sysContext, user.getMendixObject());
81+
}
82+
return oldSession;
83+
}
6984
else {
7085
return oldSession;
7186
}
@@ -127,7 +142,16 @@ else if( !Core.authenticate(sysContext, user, this.password)) {
127142
return super.execute();
128143
}
129144
else {
130-
_logNode.debug( "Custom Login FAILED: validation for user '" + this.userName + "' with code '"+mfaCode+"'." );
145+
_logNode.debug( "Custom MFA code validation FAILED: mfa check for user '" + this.userName + "' with code '"+mfaCode+"'." );
146+
Object obj = (Integer)user.getMendixObject().getValue(sysContext,"FailedLogins")+1;
147+
user.getMendixObject().setValue(sysContext,"FailedLogins",obj);
148+
if ( (Integer)user.getMendixObject().getValue(sysContext,"FailedLogins") >= 3) {
149+
user.getMendixObject().setValue(sysContext,"Blocked",true);
150+
Core.commit(sysContext, user.getMendixObject());
151+
_logNode.debug( "Custom MFA to much attempts FAILED: user '" + this.userName + "' blocked" );
152+
throw new UserBlockedException("Custom MFA check: User '"+ this.userName + "' blocked");
153+
}
154+
Core.commit(sysContext, user.getMendixObject());
131155
throw new AuthenticationRuntimeException(" Custom Login FAILED for user '" + this.userName + "'.");
132156
}
133157
}

javasource/mfamodule/proxies/Enum_MessageType.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,8 @@
66

77
public enum Enum_MessageType
88
{
9-
Info(new java.lang.String[][] { new java.lang.String[] { "en_US", "Info" } }),
10-
Error(new java.lang.String[][] { new java.lang.String[] { "en_US", "Error" } });
9+
Info(new java.lang.String[][] { new java.lang.String[] { "en_US", "Info" }, new java.lang.String[] { "nl_NL", "Info" } }),
10+
Error(new java.lang.String[][] { new java.lang.String[] { "en_US", "Error" }, new java.lang.String[] { "nl_NL", "Error" } });
1111

1212
private java.util.Map<java.lang.String, java.lang.String> captions;
1313

0 commit comments

Comments
 (0)