KARL4

Lock accounts after X unsuccessful tries

Bug #1613276 reported by Paul Everitt on 2016-08-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	KARL4	Fix Released	Medium	Carlos de la Guardia	KARL4 024 "2016 Oct"

Bug Description

"time lockout after 8 unsuccessful tries"

- At 8, password reset with a special notice indicating failures
- Configurable value for the limit on tries
- Show them how many tries they have left
- Send an email at some point in the failures to let them know there were problems, perhaps at 6 out of 8

Tags:

Paul Everitt (paul-agendaless) on 2016-09-01

Changed in karl4:
milestone:	022 → 023

Paul Everitt (paul-agendaless) on 2016-10-06

Changed in karl4:
milestone:	023 → 024

Revision history for this message

Paul Everitt (paul-agendaless) wrote on 2016-10-13:

I got a bug report from an OSF user that got locked out due to password attempts. It appears that some of this made it into production.

What step should I take from the debug console to clear that user's password attempts counter?

Also, what is needed to either disable this, or finish it?

Revision history for this message

Carlos de la Guardia (cguardia) wrote on 2016-10-13:

To reset the attempts:

root.login_tries['user_login'] = 8

What it needs is to send an email at 6 out of 8 tries and to force a password reset after locking.

By the way, this does mean the user tried 8 times to login with a bad password.

Paul Everitt (paul-agendaless) on 2016-10-23

Changed in karl4:
status:	New → Fix Committed

Paul Everitt (paul-agendaless) on 2016-10-23

Changed in karl4:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.