How can I display the number of log in attempts available before a customer is temporarily locked out?

Question

I just completed the implementation of a customer website using Liferay. The service is working well. One of the opportunities for improvement is to to reduce the number of calls from customers who have been locked out; our limit is 5. The idea is to provide a warning to customers who will be locked out on their next attempt and suggest that they use the 'Forgot Password" workflow instead.

Note that we defined auth.pipeline.pre=our-class. When handling the authentication I can easily read the user record and find out how many failed log ins have been attempted; what I do not know how to do cause the Liferay login action handler to register an exception that can be detected by login.jsp. I suspect that this might tough since there are only 3 values that can be returned from my auth.pipeline.pre=our-class class and none of them has the desired semantic.

Thanks in advance for any help.

Answer 1

This could be done by hooking login.jsp and overriding the message for AuthException in liferay-ui:error tag as below.

Boolean isMaxFailedLoginAttempt = false;
PortletRequest portletRequest = (PortletRequest)request.getAttribute(JavaConstants.JAVAX_PORTLET_REQUEST);
if(SessionErrors.contains(portletRequest, AuthException.class.getName())) { 
    User u = UserLocalServiceUtil.getUserByEmailAddress(company.getCompanyId(), login); 
    if(u != null) { 
        if(u.getFailedLoginAttempts() == 5) {
        isMaxFailedLoginAttempt = true;
    } 
    }
}

if(isMaxFailedLoginAttempt) {
%>  
    <liferay-ui:error exception="<%= AuthException.class %>" message="The username or   password you entered is incorrect; another incorrect login will temporarily lock your account. Please use forgot password link to reset the password." />
<%
   } else {
%>  
   <liferay-ui:error exception="<%= AuthException.class %>" message="The username or password you entered is incorrect. Please try again." />
<%      
   }
%>

`