[CLOUD-222] auth: account locked out after consecutive failed attempts (!33585) · Merge requests · Administrator / sourcegraph

Administrator requested to merge jc/CLOUD-222-account-lockout into main Apr 07, 2022

Created by: unknwon

This PR implements account lockout for the builtin auth provider, currently accounts will be locked out after 5 consecutive failed attempts within an hour, and the lockout period is 30 minutes.

Test plan

Unit tests and,

Boot up local instance (doesn't have to be in dotcom mode)
Try wrong password for an existing user for 5 times
On the sixth time, the account lockout error is shown
Try again after 30 minutes (😂) or delete the Redis key v2:account_lockout:<user ID>, the account is unlocked

Jira: CLOUD-222

[CLOUD-222] auth: account locked out after consecutive failed attempts

Test plan

Merge request reports