Resolve conflicts

ydb/core/tx/schemeshard/schemeshard__init.cpp

@@ -3884,9 +3884,9 @@ struct TSchemeShard::TTxInit : public TTransactionBase<TSchemeShard> {
                 sid.SetType(rowset.GetValue<Schema::LoginSids::SidType>());
                 sid.SetHash(rowset.GetValue<Schema::LoginSids::SidHash>());
                 sid.SetCreatedAt(rowset.GetValueOrDefault<Schema::LoginSids::CreatedAt>());
-                sid.SetCurrentFailedLoginAttemptCount(rowset.GetValueOrDefault<Schema::LoginSids::FailedAttemptCount>());
-                sid.SetLastFailedLoginAttempt(rowset.GetValueOrDefault<Schema::LoginSids::LastFailedAttempt>());
-                sid.SetLastSuccessfulLoginAttempt(rowset.GetValueOrDefault<Schema::LoginSids::LastSuccessfulAttempt>());
+                sid.SetFailedLoginAttemptCount(rowset.GetValueOrDefault<Schema::LoginSids::FailedAttemptCount>());
+                sid.SetLastFailedLogin(rowset.GetValueOrDefault<Schema::LoginSids::LastFailedAttempt>());
+                sid.SetLastSuccessfulLogin(rowset.GetValueOrDefault<Schema::LoginSids::LastSuccessfulAttempt>());
                 sidIndex[sid.name()] = securityState.SidsSize() - 1;
                 if (!rowset.Next()) {
                     return false;

ydb/core/tx/schemeshard/schemeshard__login.cpp

@@ -103,7 +103,7 @@ struct TSchemeShard::TTxLogin : TSchemeShard::TRwTxBase {
         return std::find_if(adminSids.begin(), adminSids.end(), hasSid) != adminSids.end();
     }
 
-    bool LoginAttempt(NIceDb::TNiceDb& db, const TActorContext& ctx) {
+    void LoginAttempt(NIceDb::TNiceDb& db, const TActorContext& ctx) {
         const auto& loginRequest = GetLoginRequest();
         if (!loginRequest.ExternalAuth && !AppData(ctx)->AuthConfig.GetEnableLoginAuthentication()) {
             Result->Record.SetError("Login authentication is disabled");
@@ -146,7 +146,7 @@ struct TSchemeShard::TTxLogin : TSchemeShard::TRwTxBase {
             }
             case TLoginProvider::TCheckLockOutResponse::EStatus::RESET: {
                 const auto& sid = Self->LoginProvider.Sids[loginRequest.User];
-                db.Table<Schema::LoginSids>().Key(loginRequest.User).Update<Schema::LoginSids::FailedAttemptCount>(sid.CurrentFailedLoginAttemptCount);
+                db.Table<Schema::LoginSids>().Key(loginRequest.User).Update<Schema::LoginSids::FailedAttemptCount>(sid.FailedLoginAttemptCount);
                 break;
             }
             case TLoginProvider::TCheckLockOutResponse::EStatus::UNLOCKED:
@@ -160,7 +160,7 @@ struct TSchemeShard::TTxLogin : TSchemeShard::TRwTxBase {
         case TLoginProvider::TLoginUserResponse::EStatus::SUCCESS: {
             const auto& sid = Self->LoginProvider.Sids[loginRequest.User];
             db.Table<Schema::LoginSids>().Key(loginRequest.User).Update<Schema::LoginSids::LastSuccessfulAttempt,
-                                                                        Schema::LoginSids::FailedAttemptCount>(ToInstant(sid.LastSuccessfulLoginAttempt).MilliSeconds(), sid.CurrentFailedLoginAttemptCount);
+                                                                        Schema::LoginSids::FailedAttemptCount>(ToInstant(sid.LastSuccessfulLogin).MilliSeconds(), sid.FailedLoginAttemptCount);
             Result->Record.SetToken(loginResponse.Token);
             Result->Record.SetSanitizedToken(loginResponse.SanitizedToken);
             Result->Record.SetIsAdmin(IsAdmin());
@@ -169,7 +169,7 @@ struct TSchemeShard::TTxLogin : TSchemeShard::TRwTxBase {
         case TLoginProvider::TLoginUserResponse::EStatus::INVALID_PASSWORD: {
             const auto& sid = Self->LoginProvider.Sids[loginRequest.User];
             db.Table<Schema::LoginSids>().Key(loginRequest.User).Update<Schema::LoginSids::LastFailedAttempt,
-                                                                        Schema::LoginSids::FailedAttemptCount>(ToInstant(sid.LastFailedLoginAttempt).MilliSeconds(), sid.CurrentFailedLoginAttemptCount);
+                                                                        Schema::LoginSids::FailedAttemptCount>(ToInstant(sid.LastFailedLogin).MilliSeconds(), sid.FailedLoginAttemptCount);
             Result->Record.SetError(loginResponse.Error);
             break;
         }

ydb/library/login/login.cpp

@@ -325,25 +325,25 @@ std::vector<TString> TLoginProvider::GetGroupsMembership(const TString& member)
 }
 
 bool TLoginProvider::CheckLockout(const TSidRecord& sid) const {
-    return (AccountLockout.AttemptThreshold != 0 && sid.CurrentFailedLoginAttemptCount >= AccountLockout.AttemptThreshold);
+    return (AccountLockout.AttemptThreshold != 0 && sid.FailedLoginAttemptCount >= AccountLockout.AttemptThreshold);
 }
 
 void TLoginProvider::ResetFailedLoginAttemptCount(TSidRecord* sid) {
-    sid->CurrentFailedLoginAttemptCount = 0;
+    sid->FailedLoginAttemptCount = 0;
 }
 
 void TLoginProvider::UnlockAccount(TSidRecord* sid) {
     ResetFailedLoginAttemptCount(sid);
 }
 
 bool TLoginProvider::ShouldResetFailedAttemptCount(const TSidRecord& sid) const {
-    if (sid.CurrentFailedLoginAttemptCount == 0) {
+    if (sid.FailedLoginAttemptCount == 0) {
         return false;
     }
     if (AccountLockout.AttemptResetDuration == std::chrono::system_clock::duration::zero()) {
         return false;
     }
-    return sid.LastFailedLoginAttempt + AccountLockout.AttemptResetDuration < std::chrono::system_clock::now();
+    return sid.LastFailedLogin + AccountLockout.AttemptResetDuration < std::chrono::system_clock::now();
 }
 
 bool TLoginProvider::ShouldUnlockAccount(const TSidRecord& sid) const {
@@ -381,7 +381,6 @@ TLoginProvider::TCheckLockOutResponse TLoginProvider::CheckLockOutUser(const TCh
 TLoginProvider::TLoginUserResponse TLoginProvider::LoginUser(const TLoginUserRequest& request) {
     auto now = std::chrono::system_clock::now();
     TLoginUserResponse response;
-    // response.LoginAttemptTime = std::chrono::time_point_cast<std::chrono::microseconds>(now).time_since_epoch().count();
 
     if (Keys.empty() || Keys.back().PrivateKey.empty()) {
         response.Status = TLoginUserResponse::EStatus::UNAVAILABLE_KEY;
@@ -402,12 +401,10 @@ TLoginProvider::TLoginUserResponse TLoginProvider::LoginUser(const TLoginUserReq
         if (!Impl->VerifyHash(request.Password, itUser->second.Hash)) {
             response.Status = TLoginUserResponse::EStatus::INVALID_PASSWORD;
             response.Error = "Invalid password";
-            sid->LastFailedLoginAttempt = std::chrono::system_clock::now();
-            sid->CurrentFailedLoginAttemptCount++;
+            sid->LastFailedLogin = now;
+            sid->FailedLoginAttemptCount++;
             return response;
         }
-
-        itUser->second.LastSuccessfulLogin = response.LoginAttemptTime;
     }
 
     const TKeyRecord& key = Keys.back();
@@ -448,8 +445,8 @@ TLoginProvider::TLoginUserResponse TLoginProvider::LoginUser(const TLoginUserReq
     response.Status = TLoginUserResponse::EStatus::SUCCESS;
 
     if (sid) {
-        sid->LastSuccessfulLoginAttempt = std::chrono::system_clock::now();
-        sid->CurrentFailedLoginAttemptCount = 0;
+        sid->LastSuccessfulLogin = now;
+        sid->FailedLoginAttemptCount = 0;
     }
 
     return response;
@@ -741,15 +738,14 @@ void TLoginProvider::UpdateSecurityState(const NLoginProto::TSecurityState& stat
             sid.Type = pbSid.GetType();
             sid.Name = pbSid.GetName();
             sid.Hash = pbSid.GetHash();
-            sid.LastSuccessfulLogin = pbSid.GetLastSuccessfulLogin();
             for (const auto& pbSubSid : pbSid.GetMembers()) {
                 sid.Members.emplace(pbSubSid);
                 ChildToParentIndex[pbSubSid].emplace(sid.Name);
             }
             sid.CreatedAt = std::chrono::system_clock::time_point(std::chrono::milliseconds(pbSid.GetCreatedAt()));
-            sid.CurrentFailedLoginAttemptCount = pbSid.GetCurrentFailedLoginAttemptCount();
-            sid.LastFailedLoginAttempt = std::chrono::system_clock::time_point(std::chrono::milliseconds(pbSid.GetLastFailedLoginAttempt()));
-            sid.LastSuccessfulLoginAttempt = std::chrono::system_clock::time_point(std::chrono::milliseconds(pbSid.GetLastSuccessfulLoginAttempt()));
+            sid.FailedLoginAttemptCount = pbSid.GetFailedLoginAttemptCount();
+            sid.LastFailedLogin = std::chrono::system_clock::time_point(std::chrono::milliseconds(pbSid.GetLastFailedLogin()));
+            sid.LastSuccessfulLogin = std::chrono::system_clock::time_point(std::chrono::milliseconds(pbSid.GetLastSuccessfulLogin()));
         }
     }
 }

ydb/library/login/login.h

@@ -76,7 +76,6 @@ class TLoginProvider {
         TString Token;
         TString SanitizedToken; // Token for audit logs
         EStatus Status = EStatus::UNSPECIFIED;
-        ui64 LoginAttemptTime; // microseconds
     };
 
     struct TValidateTokenRequest : TBasicRequest {
@@ -164,9 +163,9 @@ class TLoginProvider {
         TString Hash;
         std::unordered_set<TString> Members;
         std::chrono::system_clock::time_point CreatedAt; // CreatedAt does not need in describe result. We will not add to security state
-        size_t CurrentFailedLoginAttemptCount = 0;
-        std::chrono::system_clock::time_point LastFailedLoginAttempt;
-        std::chrono::system_clock::time_point LastSuccessfulLoginAttempt;
+        size_t FailedLoginAttemptCount = 0;
+        std::chrono::system_clock::time_point LastFailedLogin;
+        std::chrono::system_clock::time_point LastSuccessfulLogin;
     };
 
     // our current audience (database name)

ydb/library/login/protos/login.proto

@@ -23,9 +23,9 @@ message TSid {
     string Hash = 3;
     repeated string Members = 4;
     uint64 CreatedAt = 5;
-    uint64 CurrentFailedLoginAttemptCount = 6;
-    uint64 LastFailedLoginAttempt = 7;
-    uint64 LastSuccessfulLoginAttempt = 8;
+    uint64 LastSuccessfulLogin = 6;
+    uint64 LastFailedLogin = 7;
+    uint64 FailedLoginAttemptCount = 8;
 }
 
 message TSecurityState {