parse-server icon indicating copy to clipboard operation
parse-server copied to clipboard

Published 20 hours ago verified publisher icon parse-community

accountLockout not resetting threshold after configured duration

Open messagenius-admin opened this issue 1 year ago • 2 comments
trafficstars

When using Account Lockout options, multiple login attempts result in the user being locked out for a specified period. After the lockout duration expires, the app should allow the user to attempt the configured number of login attempts again. However the user is locked out immediately after just one failed login attempt.

Steps to Reproduce

  1. Set the accountLockout config, for example: 
    "accountLockout": {
    "duration": 2,
    "threshold": 5 
}

This sample configuration will lock the user out for 2 minutes after 5 failed attempts.

  1. Perform a login with wrong cretentials, 5 times within 2 minutes.
  2. Observe that you are correctly locked out
  3. Wait for the lockout period to end.
  4. Attempt to log in again using incorrect credentials.

Actual Outcome

The user gets locked out again after a single failed attempt.

Expected Outcome

The user should be able to make the configured number (5 in the above example) of additional attempts before being locked out again.

Environment

Parse Server version: 7.3.0 OS/Host: Any Database: Any Client: Any, including REST

messagenius-admin avatar Oct 28 '24 21:10 messagenius-admin

Thanks for opening this issue!

parse-github-assistant[bot] avatar Oct 28 '24 21:10 parse-github-assistant[bot]

Could you submit a PR with and duplicate an existing test for this option, where you test this scenario?

mtrezza avatar Oct 29 '24 10:10 mtrezza