Versions Compared

Old Version 5

changes.mady.by.user Ondrej Chytil

Saved on

compared with

New Version Current

changes.mady.by.user Ruth Stocks

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

Devstatus

...

Statusimplemented

...

Target4.4

...

 

Officialdocu
0Automatic lockout
1http://wiki.magnolia-cms.com/display/DOCS45/Users#Users-Automaticlockout

Account lockout was introduced with Magnolia 4.4.3

...

Goal

  • Make account unaccessible after number of failed login attempts
  • Let admin set number of max attempts (default 5?)

Solutions

a) Modify User interface and JCRAuthenticationModule

  • after each failed attempt increase int number
  • save this value as node data
  • if reaches max value then lock
  • after success login null value

b) Implement in login filter

  • check user from http request and login result status
  • check for user "repetition"

Actuall lockout

Hard lock - use existing method to disable account until is enabled again by admin.

...