From 57d98869affbaaf2143dfad5c96ed663c1db8892 Mon Sep 17 00:00:00 2001
From: Jan Kristinus <jan.kristinus@yakamara.de>
Date: Thu, 29 Aug 2024 15:12:24 +0200
Subject: [PATCH] Auth Rules mit Pause funktionierte nicht sinnvoll closes #487
 (#492)

---
 install/tablesets/yform_user.json    | 22 +++++++++++++++++++---
 lang/de_de.lang                      |  1 +
 lang/en_gb.lang                      |  1 +
 plugins/auth/lib/ycom_auth.php       |  4 +++-
 plugins/auth/lib/ycom_auth_rules.php |  7 ++++---
 5 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/install/tablesets/yform_user.json b/install/tablesets/yform_user.json
index b2015e1f..3434a915 100644
--- a/install/tablesets/yform_user.json
+++ b/install/tablesets/yform_user.json
@@ -332,6 +332,22 @@
                 "db_type": "",
                 "list_hidden": 1,
                 "search": 1,
+                "name": "last_login_try_time",
+                "label": "translate:last_login_try_time",
+                "not_required": "",
+                "only_empty": "2",
+                "no_db": "",
+                "format": "",
+                "modify_default": ""
+            },
+            {
+                "table_name": "rex_ycom_user",
+                "prio": 22,
+                "type_id": "value",
+                "type_name": "datestamp",
+                "db_type": "",
+                "list_hidden": 1,
+                "search": 1,
                 "name": "termination_time",
                 "label": "translate:termination_time",
                 "not_required": "",
@@ -342,7 +358,7 @@
             },
             {
                 "table_name": "rex_ycom_user",
-                "prio": 22,
+                "prio": 23,
                 "type_id": "value",
                 "type_name": "integer",
                 "db_type": "",
@@ -358,7 +374,7 @@
             },
             {
                 "table_name": "rex_ycom_user",
-                "prio": 23,
+                "prio": 24,
                 "type_id": "value",
                 "type_name": "html",
                 "db_type": "",
@@ -371,7 +387,7 @@
             },
             {
                 "table_name": "rex_ycom_user",
-                "prio": 24,
+                "prio": 25,
                 "type_id": "value",
                 "type_name": "be_manager_relation",
                 "db_type": "",
diff --git a/lang/de_de.lang b/lang/de_de.lang
index 105c716f..1af89d3f 100644
--- a/lang/de_de.lang
+++ b/lang/de_de.lang
@@ -29,6 +29,7 @@ firstname = Vorname
 activation_key = Aktivierungsschlüssel
 session_key = Sessionschlüssel
 last_login_time = Letzter erfolgreicher Login
+last_login_try_time = Letzter versuchter Login
 last_action_time = Letzte Aktion
 termination_time = Kündigungszeitpunkt
 login_failed = Fehlgeschlagene Logins
diff --git a/lang/en_gb.lang b/lang/en_gb.lang
index 568abb79..651e0712 100644
--- a/lang/en_gb.lang
+++ b/lang/en_gb.lang
@@ -29,6 +29,7 @@ firstname = First name
 activation_key = Activation key
 session_key = Session key
 last_login_time = Last sign in
+last_login_try_time = Last sign in try
 last_action_time = Last action
 termination_time = Kündigungszeitpunkt
 login_failed = Failed sign in attempts
diff --git a/plugins/auth/lib/ycom_auth.php b/plugins/auth/lib/ycom_auth.php
index 38f6da08..c4b12560 100644
--- a/plugins/auth/lib/ycom_auth.php
+++ b/plugins/auth/lib/ycom_auth.php
@@ -211,13 +211,15 @@ public static function login(array $params): int
                 /** @var rex_ycom_user $loginUser */
                 $loginUser = $loginUsers[0];
 
+                // Check Only AuthRules
                 $auth_rules = new rex_ycom_auth_rules();
                 $authRuleConfig = rex_config::get('ycom/auth', 'auth_rule', 'login_try_5_pause') ?? 'login_try_5_pause';
                 if (!$auth_rules->check($loginUser, $authRuleConfig)) {
-                    $loginUser->increaseLoginTries()->save();
                     throw new rex_exception('Login failed - Auth Rules');
                 }
 
+                $loginUser->setValue('last_login_try_time', rex_sql::datetime(time()));
+
                 if (
                     $params['ignorePassword']
                     || ('' != $params['loginPassword'] && self::checkPassword($params['loginPassword'], $loginUser->getId()))
diff --git a/plugins/auth/lib/ycom_auth_rules.php b/plugins/auth/lib/ycom_auth_rules.php
index c90bcd36..2f73d47b 100644
--- a/plugins/auth/lib/ycom_auth_rules.php
+++ b/plugins/auth/lib/ycom_auth_rules.php
@@ -81,13 +81,14 @@ public function check(rex_ycom_user $user, string $rule_name = 'login_try_5_paus
 
         switch ($rule['action']['type']) {
             case 'deactivate':
+                $user->increaseLoginTries();
                 $user->setValue('status', -2); // to much login failures
                 $user->save();
                 return false;
             case 'pause':
-                $lastLoginDate = new DateTime($user->getValue('last_login_time'));
-                $lastLoginDate->modify('+' . $rule['action']['time'] . ' seconds');
-                if (date('YmdHis') < $lastLoginDate->format('YmdHis')) {
+                $lastLoginTryDate = new DateTime($user->getValue('last_login_try_time'));
+                $lastLoginTryDate->modify('+' . $rule['action']['time'] . ' seconds');
+                if (date('YmdHis') < $lastLoginTryDate->format('YmdHis')) {
                     return false;
                 }
                 return true;