Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block user accounts if an incorrect password was entered 5 times #527

Merged
merged 9 commits into from
Oct 23, 2024
Merged

Block user accounts if an incorrect password was entered 5 times #527

merged 9 commits into from
Oct 23, 2024

Commits on Sep 9, 2024

  1. add migration and auto generated db types

    @YunhwanJeong
    YunhwanJeong committed Sep 9, 2024
    Configuration menu
    Copy the full SHA
    6e42b82 View commit details
    Browse the repository at this point in the history

  2. add log event types to log suspicious login attempts 

    - accountLocked: log when the account is locked.
- loginFailedAccountLocked: log if the login fails while the account is locked.
    @YunhwanJeong
    YunhwanJeong committed Sep 9, 2024
    Configuration menu
    Copy the full SHA
    4f21f48 View commit details
    Browse the repository at this point in the history

Commits on Sep 10, 2024

  1. add login activity service 

    - Considered race condition in the incrementFailedLoginAttempts and the ensureUserLoginActivityRecord functions.
    @YunhwanJeong
    YunhwanJeong committed Sep 10, 2024
    Configuration menu
    Copy the full SHA
    41f09b8 View commit details
    Browse the repository at this point in the history

  2. add login controller logics

    @YunhwanJeong
    YunhwanJeong committed Sep 10, 2024
    Configuration menu
    Copy the full SHA
    a18fef0 View commit details
    Browse the repository at this point in the history

Commits on Oct 8, 2024

  1. review: add helpful comments to the accountLocked and loginFailedAcco… 

    …untLocked events.
    @YunhwanJeong
    YunhwanJeong committed Oct 8, 2024
    Configuration menu
    Copy the full SHA
    d4555e8 View commit details
    Browse the repository at this point in the history

  2. review: change reachedMaxAttempts operator from === to >=

    @YunhwanJeong
    YunhwanJeong committed Oct 8, 2024
    Configuration menu
    Copy the full SHA
    4b76572 View commit details
    Browse the repository at this point in the history

  3. review: throw an error if the user doesn't have login activity record… 

    … when getLoginActivity method has been executed.
    @YunhwanJeong
    YunhwanJeong committed Oct 8, 2024
    Configuration menu
    Copy the full SHA
    59e6339 View commit details
    Browse the repository at this point in the history

  4. review: consolidate validatePassword and loginActivity logic into a s… 

    …ingle userService method, replacing existing implementations
    @YunhwanJeong
    YunhwanJeong committed Oct 8, 2024
    Configuration menu
    Copy the full SHA
    33288d2 View commit details
    Browse the repository at this point in the history

Commits on Oct 9, 2024

  1. review: move the execution time of the validateUserCredentials method… 

    … before assigning true to the session.passwordValid
    @YunhwanJeong
    YunhwanJeong committed Oct 9, 2024
    Configuration menu
    Copy the full SHA
    3a52f2f View commit details
    Browse the repository at this point in the history