Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Add JWT anti brute-force login protection (#2831)
* WIP: better brute force login protection * split device token classes * mv schema to 63 * use int(10) in schema too * add sysadmin action to clear locked users/devices * remove the FK on authfail * remove authfail users_id fk constraint in structure.sql * catch the invalid device token exception * remove the banned users stuff * change invalid token message * cleanup the exceptions a bit * get rid of the useless InvalidCsrfTokenException * remove unused js import * introduce the AuthenticatedUser and AnonymousUser classes and improve the App and init.inc.php files * remove the populateFromEmail method from Users * get rid of the useless SessionAuth and rearrange init Auth and App * be more specific about which kind of user can be loaded in App * change Update class signature * use init.inc.php in ApiController * don't store the whole teamconfigarr in app
- Loading branch information
1 parent
20e785f
commit 8e92afe
Showing
83 changed files
with
1,104 additions
and
749 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.