add fallback to id

2025-12-03 13:31:28 -03:00
parent af45be7083
commit 1b4cbbce6c
8 changed files with 112 additions and 33 deletions
--- a/id.saladeaula.digital/app/routes/authentication.py
+++ b/id.saladeaula.digital/app/routes/authentication.py
@@ -7,7 +7,10 @@ from aws_lambda_powertools.event_handler import (
    Response,
 )
 from aws_lambda_powertools.event_handler.api_gateway import Router
-from aws_lambda_powertools.event_handler.exceptions import ForbiddenError, NotFoundError
+from aws_lambda_powertools.event_handler.exceptions import (
+    NotFoundError,
+    UnauthorizedError,
+)
 from aws_lambda_powertools.event_handler.openapi.params import Body
 from aws_lambda_powertools.shared.cookies import Cookie
 from layercake.dateutils import now, ttl
@@ -25,7 +28,7 @@ dyn = DynamoDBPersistenceLayer(OAUTH2_TABLE, dynamodb_client)
 idp = boto3.client('cognito-idp')


-class InvalidCredentialsError(ForbiddenError): ...
+class InvalidCredentialsError(UnauthorizedError): ...


 class UserNotFoundError(NotFoundError): ...
@@ -42,15 +45,21 @@ def authentication(
        _get_idp_user(user_id, username, password)
    else:
        if not pbkdf2_sha256.verify(password, password_hash):
-            raise InvalidCredentialsError('Invalid credentials')
+            dyn.update_item(
+                key=KeyPair(user_id, 'FAILED_ATTEMPTS'),
+                update_expr='SET #count = if_not_exists(#count, :zero) + :one, \
+                                 updated_at = :now',
+                expr_attr_names={
+                    '#count': 'failed_attempts',
+                },
+                expr_attr_values={
+                    ':zero': 0,
+                    ':one': 1,
+                    ':now': now(),
+                },
+            )

-    dyn.update_item(
-        key=KeyPair(user_id, '0'),
-        # Post-migration (users): uncomment the following line
-        # update_expr='SET last_login = :now',
-        update_expr='SET lastLogin = :now',
-        expr_attr_values={':now': now()},
-    )
+            raise InvalidCredentialsError('Invalid credentials')

    return Response(
        status_code=HTTPStatus.OK,
@@ -146,6 +155,16 @@ def new_session(user_id: str) -> str:
    exp = ttl(start_dt=now_, seconds=SESSION_EXPIRES_IN)

    with dyn.transact_writer() as transact:
+        transact.delete(key=KeyPair(user_id, 'FAILED_ATTEMPTS'))
+        transact.update(
+            key=KeyPair(user_id, '0'),
+            # Post-migration (users): uncomment the following line
+            # update_expr='SET last_login = :now',
+            update_expr='SET lastLogin = :now',
+            expr_attr_values={
+                ':now': now_,
+            },
+        )
        transact.put(
            item={
                'id': 'SESSION',