mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-07-17 01:12:27 -05:00
[PR #2747] [CLOSED] Lock accounts after X login failures, configurable #32163
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/dani-garcia/vaultwarden/pull/2747
Author: @Willena
Created: 9/16/2022
Status: ❌ Closed
Base:
main← Head:feature/limit_user_atemps📝 Commits (1)
485e21dImplement max login attempts📊 Changes
12 files changed (+46 additions, -6 deletions)
View changed files
➕
migrations/mysql/2022-09-15-002500_add_login_attempts/down.sql(+0 -0)➕
migrations/mysql/2022-09-15-002500_add_login_attempts/up.sql(+1 -0)➕
migrations/postgresql/2022-09-15-002500_add_login_attempts/down.sql(+0 -0)➕
migrations/postgresql/2022-09-15-002500_add_login_attempts/up.sql(+1 -0)➕
migrations/sqlite/2022-09-15-002500_add_login_attempts/down.sql(+0 -0)➕
migrations/sqlite/2022-09-15-002500_add_login_attempts/up.sql(+1 -0)📝
src/api/identity.rs(+34 -6)📝
src/config.rs(+3 -0)����
src/db/models/user.rs(+3 -0)📝
src/db/schemas/mysql/schema.rs(+1 -0)📝
src/db/schemas/postgresql/schema.rs(+1 -0)📝
src/db/schemas/sqlite/schema.rs(+1 -0)📄 Description
I saw this feature request in #246
The implementation reuse the user enabling feature to lock the account. It simply automatically disable the user when the number of retries is reach. When locked, only an admin can re-enable the user account.
A new column has been added to the user schema to store the number of failed attempts.
It is configurable with the
login_max_retryconfiguration key. The default value is 0 which disable automatic account lockingAny remarks tips and comments are welcomed as I'm not yet familiar with rust and currently trying to learn it
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.