Skip to content

[CLOUD-222] auth: account locked out after consecutive failed attempts

Warren Gifford requested to merge jc/CLOUD-222-account-lockout into main

Created by: unknwon

This PR implements account lockout for the builtin auth provider, currently accounts will be locked out after 5 consecutive failed attempts within an hour, and the lockout period is 30 minutes.

Test plan

Unit tests and,

  1. Boot up local instance (doesn't have to be in dotcom mode)
  2. Try wrong password for an existing user for 5 times
  3. On the sixth time, the account lockout error is shown
  4. Try again after 30 minutes (😂) or delete the Redis key v2:account_lockout:<user ID>, the account is unlocked
CleanShot 2022-04-08 at 16 22 57@2x

Jira: CLOUD-222

Merge request reports

Loading