kapua icon indicating copy to clipboard operation
kapua copied to clipboard

Published 20 hours ago verified publisher icon eclipse

Account Lockout Policy Max Failures Can Be Set To 0

Open zanpizmoht opened this issue 5 years ago • 0 comments

Describe the bug You can set lockoutPolicy.maxFailures to 0 under accounts credential service and Kapua behaves the same way as if it was set to 1. That means that after one failed login user is locked. I believe the best solution to that would be to not allow 0 value for maxFailures.

To Reproduce Steps to reproduce the behavior:

  1. Login as kapua-sys
  2. Create an account, and create one user under that account
  3. Configure CredentialService of the account: set lockoutPolicy.enabled to TRUE and lockoutPolicy.maxFailures to 0
  4. Try to login as created user with wrong password
  5. User will be locked
  6. Repeat steps 1-5 again but set lockoutPolicy.maxFailures to 1 at step 3 - behavior will be the same

Expected behavior You should not be able to set value 0 for lockoutPolicy.maxFailures

Screenshots /

Version of Kapua 1.2.0

Type of deployment [ ] Local Vagrant deployment [ ] Docker [ ] Openshift (in its variants) [x] Others

Main component affected [ ] Console (in case of console please report info on which browser you encountered the problem) [ ] REST API [ ] Message Broker [x] - Others

zanpizmoht avatar Feb 20 '20 13:02 zanpizmoht