tabshift/payload
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

implement account locking on too many attempts and unlocking after time window

Browse Source
This commit is contained in:
Elliot DeNolf
2020-09-25 14:22:13 -04:00
parent 57c6afa3a9
commit c19ccd5df4
5 changed files with 56 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/auth/operations/login.js
View File

@@ -35,9 +35,15 @@ async function login(args) {
if (!userDoc || (args.collection.config.auth.emailVerification && !userDoc._verified)) {
throw new AuthenticationError();
}
if (userDoc && userDoc.isLocked) {
throw new AuthenticationError();
}
const authResult = await userDoc.authenticate(password);
if (!authResult.user) {
if (authResult.user) {
await authResult.user.resetLoginAttempts();
} else {
await userDoc.incLoginAttempts();
throw new AuthenticationError();
}