ログイン失敗判定ロジッククラス変更

2024-04-03 17:16:08 +09:00 · 2024-04-03 17:16:08 +09:00 · ac5cfc4d0f
commit ac5cfc4d0f
parent fa3100b830
3 changed files with 14 additions and 17 deletions
--- a/ecs/jskult-webapp/src/controller/login.py
+++ b/ecs/jskult-webapp/src/controller/login.py
@ -66,12 +66,10 @@ def login(
    request: LoginModel = Depends(LoginModel.as_form),
    login_service: LoginService = Depends(get_service(LoginService))
 ):
-    # ユーザーマスタ検索
-    pre_login_user_record = login_service.logged_in_user(request.username)
-    # ログイン失敗回数が10回以上あれば、ログアウト画面にリダイレクトする
-    if pre_login_user_record is not None and pre_login_user_record.is_login_failed_limit_exceeded():
-        logger.info(f'ログイン失敗回数が10回以上: {pre_login_user_record.user_id}')
-        login_service.increase_login_failed_count(pre_login_user_record.user_id)
+    # ログイン成功問わず、DBのログイン失敗回数が10回以上あれば、ログアウト画面にリダイレクトする
+    if login_service.is_login_failed_limit_exceeded(request.username):
+        logger.info(f'ログイン失敗回数が10回以上: {request.username}')
+        login_service.increase_login_failed_count(request.username)
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=constants.LOGOUT_REASON_LOGIN_FAILED_LIMIT_EXCEEDED)

    try:
@ -79,11 +77,8 @@ def login(
    except NotAuthorizeException as e:
        logger.info(f'ログイン失敗：{e}')
        login_service.increase_login_failed_count(request.username)
-        
-        # pre_login_user_recordのデータ更新
-        pre_login_user_record = login_service.logged_in_user(request.username)
-        if pre_login_user_record is not None and pre_login_user_record.is_login_failed_limit_exceeded():
-            login_service.on_login_fail_limit_exceeded(pre_login_user_record.user_id)
+        if login_service.is_login_failed_limit_exceeded(request.username):
+            login_service.on_login_fail_limit_exceeded(request.username)
            raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=constants.LOGOUT_REASON_LOGIN_FAILED_LIMIT_EXCEEDED)
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=constants.LOGOUT_REASON_LOGIN_ERROR)
    except JWTTokenVerifyException as e:
--- a/ecs/jskult-webapp/src/model/db/user_master.py
+++ b/ecs/jskult-webapp/src/model/db/user_master.py
@ -2,7 +2,6 @@ from datetime import datetime
 from typing import Optional

 from src.model.db.base_db_model import BaseDBModel
-from src.system_var import constants

 class UserMasterModel(BaseDBModel):
    user_id: Optional[str]
@ -35,7 +34,4 @@ class UserMasterModel(BaseDBModel):
        return self.mntuser_flg == '1'

    def is_groupware_user(self):
-        return self.mntuser_flg == '0' or self.mntuser_flg is None
-    
-    def is_login_failed_limit_exceeded(self):
-        return self.mntuser_login_failed_cnt >= constants.LOGIN_FAIL_LIMIT
+        return self.mntuser_flg == '0' or self.mntuser_flg is None
--- a/ecs/jskult-webapp/src/services/login_service.py
+++ b/ecs/jskult-webapp/src/services/login_service.py
@ -11,7 +11,7 @@ from src.repositories.base_repository import BaseRepository
 from src.repositories.user_master_repository import UserMasterRepository
 from src.services.base_service import BaseService
 from src.system_var import environment
-
+from src.system_var import constants

 class LoginService(BaseService):
    REPOSITORIES = {
@ -55,6 +55,12 @@ class LoginService(BaseService):
    def on_login_fail_limit_exceeded(self, user_id: str):
        self.user_repository.disable_mnt_user({'user_id': user_id})

+    def is_login_failed_limit_exceeded(self, user_id: str):
+        user_record: UserMasterModel = self.user_repository.fetch_one({'user_id': user_id})
+        if user_record is None:
+            return False
+        return user_record.mntuser_login_failed_cnt >= constants.LOGIN_FAIL_LIMIT
+
    def __secret_hash(self, username: str):
        # see - https://aws.amazon.com/jp/premiumsupport/knowledge-center/cognito-unable-to-verify-secret-hash/  # noqa
        message = bytes(username + environment.COGNITO_CLIENT_ID, 'utf-8')