Versions Compared

Old Version 15

changes.mady.by.user Ruth Stocks

Saved on

compared with

New Version Current

changes.mady.by.user Ruth Stocks

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

Devstatus
Statusimplemented
Target4.4

 

Officialdocu
0Automatic lockout
1http://wiki.magnolia-cms.com/display/DOCS45/Users#Users-Automaticlockout

Goal

  • Make account unaccessible after number of failed login attempts
  • Let admin set number of max attempts (default 5?)

Solutions

a) Modify User interface and JCRAuthenticationModule

  • after each failed attempt increase int number
  • save this value as node data
  • if reaches max value then lock
  • after success login null value

b) Implement in login filter

  • check user from http request and login result status
  • check for user "repetition"

Actuall lockout

Hard lock - use existing method to disable account until is enabled again by admin.

Time lock - implement lock based on time period before account is enabled again with possibility to null this and make account accessible immediately (in edit user dialog probably)