OCA
[10.0][ADD] auth_brute_force_oauth
This PR adds auth_brute_force_oauth as a bridge module between auth_brute_force and auth_oauth.
The module fixes the "Authentication Attempts" records from Oauth login, the records will be showing "Successful" with Oauth login.
Since auth_brute_force and auth_oauth are independent to each other. The execution order of their check_credentials could vary in different environments.
Therefore this module will conbime the check_credentials from both modules:
- First the logic should check against whether the remote is banned.
- If the user is not banned, check if the uid and password pair match any exist user's Oauth access token.
- Lastly, the logic should check against user's uid and password.
The _auth_oauth_signin needs to be further adjusted as to raise AccessDenied during the Oauth login flow. Otherwise, there will not be any error message shown in the screen when the user is banned.
Related Issue: https://github.com/OCA/server-tools/issues/2023
There hasn't been any activity on this pull request in the past 4 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 30 days. If you want this PR to never become stale, please ask a PSC member to apply the "no stale" label.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}