automatic-controls
diff --git a/‎config/BUILD_DETAILS
Lines changed: 1 addition & 0 deletions b/‎config/BUILD_DETAILS
Lines changed: 1 addition & 0 deletions
diff --git a/‎config/RUNTIME_DEPS
Lines changed: 2 additions & 1 deletion b/‎config/RUNTIME_DEPS
Lines changed: 2 additions & 1 deletion
diff --git a/‎root/info.xml
Lines changed: 1 addition & 1 deletion b/‎root/info.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎root/webapp/main.css
Lines changed: 1 addition & 1 deletion b/‎root/webapp/main.css
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/aces/webctrl/mfa/core/Config.java
Lines changed: 93 additions & 4 deletions b/‎src/aces/webctrl/mfa/core/Config.java
Lines changed: 93 additions & 4 deletions
diff --git a/‎src/aces/webctrl/mfa/core/HelperAPI.java
Lines changed: 13 additions & 0 deletions b/‎src/aces/webctrl/mfa/core/HelperAPI.java
Lines changed: 13 additions & 0 deletions
diff --git a/‎src/aces/webctrl/mfa/core/IPCookie.java
Lines changed: 2 additions & 0 deletions b/‎src/aces/webctrl/mfa/core/IPCookie.java
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/aces/webctrl/mfa/core/Initializer.java
Lines changed: 15 additions & 0 deletions b/‎src/aces/webctrl/mfa/core/Initializer.java
Lines changed: 15 additions & 0 deletions
@@ -22,6 +22,7 @@ commonbaseutils-2.0.5
 commonexceptions-9.0.002
 core-9.0.002
 core-api-9.0.002
+datatable-9.0.002
 extensionsupport-api-9.0.002
 javax.mail-1.5.6
 webaccess-api-9.0.002
 
@@ -5,4 +5,5 @@ file:commonexceptions:modules\commonexceptions
 file:commonbaseutils:bin\lib
 file:webaccess-api:modules\webaccess
 file:extensionsupport-api:modules\extensionsupport
-file:javax.mail:bin\lib
+file:javax.mail:bin\lib
+file:datatable:modules\datatable
@@ -1,7 +1,7 @@
 <extension version="1">
   <name>MFA</name>
   <description>Provides MFA for WebCTRL logins through an authenticator app or emailed security codes.</description>
-  <version>0.3.2</version>
+  <version>0.3.3</version>
   <vendor>Automatic Controls Equipment Systems, Inc.</vendor>
   <web-operator-provider>aces.webctrl.mfa.core.MFAProvider</web-operator-provider>
   <system-menu-provider>aces.webctrl.mfa.web.SystemMenuEditor</system-menu-provider>
 
@@ -62,7 +62,7 @@ button:disabled {
 .buttonCopy:hover {
   color:darkgoldenrod;
 }
-a {
+a:not(.regularLink) {
   border:1px solid white;
   border-radius: 8px;
   padding-left:6px;
 
@@ -7,6 +7,8 @@
 import java.util.*;
 import java.util.concurrent.*;
 import java.util.concurrent.locks.*;
+import java.util.function.Predicate;
+import java.util.regex.*;
 import java.nio.*;
 import java.nio.file.*;
 import java.nio.channels.*;
@@ -90,6 +92,47 @@ public static void init(Path mainFile, Path urlFile, Path cookieFile){
     Config.cookieFile = cookieFile;
     loadData();
   }
+  public static boolean deleteUnused(Set<String> users){
+    final Predicate<String> pred = new Predicate<>(){
+      @Override public boolean test(String o){
+        return !users.contains(o);
+      }
+    };
+    final HashSet<String> mfa = new HashSet<String>((int)Math.ceil(users.size()/0.75));
+    boolean changed = false;
+    whitelistLock.writeLock().lock();
+    try{
+      changed|=whitelist.removeIf(pred);
+    }finally{
+      whitelistLock.writeLock().unlock();
+    }
+    mapLock.writeLock().lock();
+    try{
+      changed|=usernameEmailMappings.keySet().removeIf(pred);
+      mfa.addAll(usernameEmailMappings.keySet());
+    }finally{
+      mapLock.writeLock().unlock();
+    }
+    otpLock.writeLock().lock();
+    try{
+      changed|=usernameOTPMappings.keySet().removeIf(pred);
+      mfa.addAll(usernameOTPMappings.keySet());
+    }finally{
+      otpLock.writeLock().unlock();
+    }
+    cookieLock.writeLock().lock();
+    try{
+      changed|=cookieMappings.keySet().removeIf(new Predicate<String>(){
+        @Override public boolean test(String s){
+          final Matcher m = IPCookie.USERNAME_PATTERN.matcher(s);
+          return !m.find() || !mfa.contains(m.group());
+        }
+      });
+    }finally{
+      cookieLock.writeLock().unlock();
+    }
+    return changed;
+  }
   private static <T> T get(CompletableFuture<T> x, long timeout) throws InterruptedException, ExecutionException, CancellationException {
     try{
       return x.get(timeout, TimeUnit.MILLISECONDS);
@@ -262,7 +305,7 @@ public static boolean submitToAPI(String user, String code, String ip, boolean c
     if (cache && result){
       final long cur = System.currentTimeMillis();
       if (apiResponseCache.size()>32){
-        apiResponseCache.values().removeIf(new java.util.function.Predicate<Long>(){
+        apiResponseCache.values().removeIf(new Predicate<Long>(){
           @Override public boolean test(Long o){
             return o<=cur;
           }
@@ -298,7 +341,7 @@ public static void insertCookie(String user, String ip){
     cookieLock.writeLock().lock();
     try{
       final long cur = System.currentTimeMillis();
-      cookieMappings.values().removeIf(new java.util.function.Predicate<IPCookie>(){
+      cookieMappings.values().removeIf(new Predicate<IPCookie>(){
         @Override public boolean test(IPCookie o){
           return o.expiry<=cur;
         }
@@ -326,7 +369,7 @@ public static boolean codeAlreadySubmitted(String user, String code){
       l = null;
     }
     if (submittedCodeCache.size()>32){
-      submittedCodeCache.values().removeIf(new java.util.function.Predicate<Long>(){
+      submittedCodeCache.values().removeIf(new Predicate<Long>(){
         @Override public boolean test(Long o){
           return o<=cur;
         }
@@ -359,7 +402,7 @@ public static boolean isRateLimited(String user){
   private static int getAttempts(String user){
     final long lim = System.currentTimeMillis()-90000L;
     final Container<Integer> count = new Container<>(0);
-    attempts.removeIf(new java.util.function.Predicate<Attempt>(){
+    attempts.removeIf(new Predicate<Attempt>(){
       @Override public boolean test(Attempt o) {
         if (o.time<lim){
           return true;
@@ -446,6 +489,39 @@ public static void printOTPs(StringBuilder sb){
     }
     sb.append(']');
   }
+  public static void checkCookies(Set<String> users){
+    final HashSet<String> set = new HashSet<>(Math.max((int)(users.size()/0.75), 16));
+    mapLock.readLock().lock();
+    try{
+      set.addAll(usernameEmailMappings.keySet());
+    }finally{
+      mapLock.readLock().unlock();
+    }
+    set.removeAll(users);
+    if (set.isEmpty()){
+      return;
+    }
+    otpLock.readLock().lock();
+    try{
+      set.removeAll(usernameOTPMappings.keySet());
+    }finally{
+      otpLock.readLock().unlock();
+    }
+    if (set.isEmpty()){
+      return;
+    }
+    cookieLock.writeLock().lock();
+    try{
+      cookieMappings.keySet().removeIf(new Predicate<String>(){
+        @Override public boolean test(String s){
+          final Matcher m = IPCookie.USERNAME_PATTERN.matcher(s);
+          return !m.find() || set.contains(m.group());
+        }
+      });
+    }finally{
+      cookieLock.writeLock().unlock();
+    }
+  }
   public static void setEmails(Map<String,String> map){
     mapLock.writeLock().lock();
     try{
@@ -493,6 +569,19 @@ public static void setOTPs(Map<String,String> map){
     }
   }
   public static String setOTP(String username, String otp){
+    if (otp==null && !containsEmailFor(username)){
+      cookieLock.writeLock().lock();
+      try{
+        cookieMappings.keySet().removeIf(new Predicate<String>(){
+          @Override public boolean test(String s){
+            final Matcher m = IPCookie.USERNAME_PATTERN.matcher(s);
+            return !m.find() || username.equalsIgnoreCase(m.group());
+          }
+        });
+      }finally{
+        cookieLock.writeLock().unlock();
+      }
+    }
     otpLock.writeLock().lock();
     try{
       if (otp==null){
 
@@ -4,11 +4,13 @@
   Contributors: Cameron Vogt (@cvogt729)
 */
 package aces.webctrl.mfa.core;
+import java.util.*;
 import com.controlj.green.addonsupport.web.auth.AuthenticationManager;
 import com.controlj.green.extensionsupport.Extension;
 import com.controlj.green.core.ui.UserSession;
 import com.controlj.green.core.data.*;
 import com.controlj.green.common.policy.*;
+import com.controlj.green.datatable.util.CoreHelper;
 /**
  * Namespace which contains methods to access small sections of a few internal WebCTRL APIs.
  */
@@ -17,6 +19,17 @@ public class HelperAPI {
    * Specifies whether methods of this API should log stack traces generated from errors.
    */
   private final static boolean logErrors = true;
+  /**
+   * @return a collection of all local WebCTRL operators where usernames are mapped to display names, or {@code null} if an error occurs.
+   */
+  public static Map<String,String> getLocalOperators(){
+    try{
+      return new CoreHelper().getOperatorList();
+    }catch(Throwable t){
+      Initializer.log(t);
+      return null;
+    }
+  }
   /**
    * @return Whether the specified user exists in the system, case insensitive, and that the password validates.
    * If {@code pass} is {@code null}, the password is not validated.
 
@@ -1,5 +1,7 @@
 package aces.webctrl.mfa.core;
+import java.util.regex.Pattern;
 public class IPCookie {
+  public final static Pattern USERNAME_PATTERN = Pattern.compile("^.*?(?=_[^_]++$)");
   public final static long MAX_EXPIRY = 604800000L; // 1 week
   public volatile String user_ip;
   public volatile long expiry;
 
@@ -54,6 +54,7 @@ public class Initializer implements ServletContextListener {
       HelperAPI.logoutAllForeign();
       HelperAPI.activateWebOperatorProvider(name);
     }
+    deleteGhosts();
   }
   /**
    * Releases resources.
@@ -65,6 +66,20 @@ public class Initializer implements ServletContextListener {
     }
     Config.saveData();
   }
+  public static void deleteGhosts(){
+    final Map<String,String> map = HelperAPI.getLocalOperators();
+    if (map!=null){
+      Set<String> set = map.keySet();
+      //HashSet<String> users = HashSet.newHashSet(set.size());
+      HashSet<String> users = new HashSet<>((int)Math.ceil(set.size()/0.75));
+      for (String s: set){
+        users.add(s.toLowerCase());
+      }
+      if (Config.deleteUnused(users)){
+        Config.saveData();
+      }
+    }
+  }
   /**
    * Generate a new email token for the specified user.
    */
Original file line number	Diff line number	Diff line change
`@@ -62,7 +62,7 @@ button:disabled {`
`62`	`62`	`.buttonCopy:hover {`
`63`	`63`	`color:darkgoldenrod;`
`64`	`64`	`}`
`65`		`-a {`
	`65`	`+a:not(.regularLink) {`
`66`	`66`	`border:1px solid white;`
`67`	`67`	`border-radius: 8px;`
`68`	`68`	`padding-left:6px;`