Merge pull request #168 from croessner/features

Features

server/core/bruteforce.go

@@ -698,15 +698,15 @@ func (a *AuthState) processPWHist() (accountName string) {
 	return
 }
 
-// processBlockedAccount processes a blocked account by checking its existence in Redis and adding it if not present.
+// updateAffectedAccount processes a blocked account by checking its existence in Redis and adding it if not present.
 // It increments Redis read and write counters and logs errors encountered during the operations.
-func (a *AuthState) processBlockedAccount() {
+func (a *AuthState) updateAffectedAccount() {
 	accountName := a.refreshUserAccount()
 	if accountName == "" {
 		return
 	}
 
-	key := config.LoadableConfig.Server.Redis.Prefix + global.RedisBlockedAccountsKey
+	key := config.LoadableConfig.Server.Redis.Prefix + global.RedisAffectedAccountsKey
 
 	defer stats.RedisReadCounter.Inc()
 
@@ -897,7 +897,7 @@ func (a *AuthState) processBruteForce(ruleTriggered, alreadyTriggered bool, rule
 
 		a.BruteForceName = rule.Name
 
-		a.processBlockedAccount()
+		a.updateAffectedAccount()
 		a.saveFailedPasswordCounterInRedis()
 		a.getAllPasswordHistories()
 

server/core/register.go

@@ -16,7 +16,6 @@
 package core
 
 import (
-	stderrors "errors"
 	"fmt"
 	"net/http"
 
@@ -34,7 +33,6 @@ import (
 	"github.com/go-kit/log/level"
 	"github.com/pquerna/otp"
 	"github.com/pquerna/otp/totp"
-	"github.com/redis/go-redis/v9"
 	"github.com/spf13/viper"
 	"golang.org/x/text/cases"
 	"golang.org/x/text/language"
@@ -793,11 +791,6 @@ func registerTotpPOSTHandler(ctx *gin.Context) {
 			if _, err = rediscli.WriteHandle.Del(ctx, userKey).Result(); err != nil {
 				stats.RedisWriteCounter.Inc()
 
-				if stderrors.Is(err, redis.Nil) {
-
-					continue
-				}
-
 				level.Error(log.Logger).Log(global.LogKeyGUID, guid, global.LogKeyMsg, err)
 
 				break

server/core/rest.go

@@ -280,7 +280,7 @@ func listBlockedIPAddresses(ctx context.Context, filterCmd *FilterCmd, guid stri
 func listBlockedAccounts(ctx context.Context, filterCmd *FilterCmd, guid string) (*BlockedAccounts, error) {
 	blockedAccounts := &BlockedAccounts{Accounts: make(map[string][]string)}
 
-	key := config.LoadableConfig.Server.Redis.Prefix + global.RedisBlockedAccountsKey
+	key := config.LoadableConfig.Server.Redis.Prefix + global.RedisAffectedAccountsKey
 
 	defer stats.RedisReadCounter.Inc()
 
@@ -467,6 +467,7 @@ func processFlushCache(ctx *gin.Context, userCmd *FlushUserCmd, guid string) (re
 // 5. Returns false.
 func processUserCmd(ctx *gin.Context, userCmd *FlushUserCmd, guid string) (removedKeys []string, noUserAccountFound bool) {
 	var (
+		result        int64
 		removeHash    bool
 		accountName   string
 		ipAddresses   []string
@@ -499,28 +500,24 @@ func processUserCmd(ctx *gin.Context, userCmd *FlushUserCmd, guid string) (remov
 
 	// Remove PW_HIST_SET from Redis
 	key := getPWHistIPsRedisKey(accountName)
-	if err = rediscli.WriteHandle.Del(ctx, key).Err(); err != nil {
-		if !stderrors.Is(err, redis.Nil) {
-			level.Error(log.Logger).Log(global.LogKeyGUID, guid, global.LogKeyMsg, err)
-		} else {
-			err = nil
-		}
+	if result, err = rediscli.WriteHandle.Del(ctx, key).Result(); err != nil {
+		level.Error(log.Logger).Log(global.LogKeyGUID, guid, global.LogKeyMsg, err)
 	} else {
-		removedKeys = append(removedKeys, key)
+		if result > 0 {
+			removedKeys = append(removedKeys, key)
+		}
 	}
 
 	defer stats.RedisWriteCounter.Inc()
 
-	// Remove account from BLOCKED_ACCOUNTS
-	key = config.LoadableConfig.Server.Redis.Prefix + global.RedisBlockedAccountsKey
-	if err = rediscli.WriteHandle.SRem(ctx, key, accountName).Err(); err != nil {
-		if !stderrors.Is(err, redis.Nil) {
-			level.Error(log.Logger).Log(global.LogKeyGUID, guid, global.LogKeyMsg, err)
-		} else {
-			err = nil
-		}
+	// Remove an account from AFFECTED_ACCOUNTS
+	key = config.LoadableConfig.Server.Redis.Prefix + global.RedisAffectedAccountsKey
+	if result, err = rediscli.WriteHandle.SRem(ctx, key, accountName).Result(); err != nil {
+		level.Error(log.Logger).Log(global.LogKeyGUID, guid, global.LogKeyMsg, err)
 	} else {
-		removedKeys = append(removedKeys, key)
+		if result > 0 {
+			removedKeys = append(removedKeys, key)
+		}
 	}
 
 	removedKeys = append(removedKeys, removeUserFromCache(ctx, userCmd, userKeys, guid, removeHash)...)
@@ -591,7 +588,10 @@ func prepareRedisUserKeys(ctx context.Context, guid string, accountName string)
 // If any error occurs during the removal process, it logs the error and immediately returns.
 // After successful removal, it logs the keys that have been flushed.
 func removeUserFromCache(ctx context.Context, userCmd *FlushUserCmd, userKeys config.StringSet, guid string, removeHash bool) []string {
-	var err error
+	var (
+		result int64
+		err    error
+	)
 
 	removedKeys := make([]string, 0)
 
@@ -612,21 +612,15 @@ func removeUserFromCache(ctx context.Context, userCmd *FlushUserCmd, userKeys co
 	}
 
 	for _, userKey := range userKeys.GetStringSlice() {
-		if err = rediscli.WriteHandle.Del(ctx, userKey).Err(); err != nil {
-			if !stderrors.Is(err, redis.Nil) {
-				stats.RedisWriteCounter.Inc()
-
-				level.Error(log.Logger).Log(global.LogKeyGUID, guid, global.LogKeyMsg, err)
+		if result, err = rediscli.WriteHandle.Del(ctx, userKey).Result(); err != nil {
+			level.Error(log.Logger).Log(global.LogKeyGUID, guid, global.LogKeyMsg, err)
 
-				return removedKeys
-			}
+			return removedKeys
 		}
 
 		stats.RedisWriteCounter.Inc()
 
-		if err != nil {
-			level.Warn(log.Logger).Log(global.LogKeyGUID, guid, "keys", userKey, "status", "not found")
-		} else {
+		if result > 0 {
 			removedKeys = append(removedKeys, userKey)
 
 			level.Info(log.Logger).Log(global.LogKeyGUID, guid, "keys", userKey, "status", "flushed")

server/global/const.go

@@ -470,8 +470,8 @@ const (
 	// RedisPWHistIPsKey represents the key used for storing password history associated with IPs in Redis.
 	RedisPWHistIPsKey = "PW_HIST_IPS"
 
-	// RedisBlockedAccountsKey represents the key used to store blocked accounts in Redis.
-	RedisBlockedAccountsKey = "BLOCKED_ACCOUNTS"
+	// RedisAffectedAccountsKey represents the key used for storing affected user accounts in Redis.
+	RedisAffectedAccountsKey = "AFFECTED_ACCOUNTS"
 )
 
 // ImageCopyright represents the copyright statement for a logo.