You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks alot for the wonderful job done thus far. You approach is really superb. I am pretty new to FastAPI but much in love with this library.
I would love to request if these 2 events could be added to the authentication (/login). on_after_failed_login(): in case of multiple failed attempt, I would love to keep track of this failed attempt and possibly delay/deny future attempts on_before_login() -> bool: based on the number of previous failed login attempts I may want to decide if to allow or deny login at this moment. Am thinking this would only be called after every other conditions/parameters like the password, is_active, is_verified has been checked and ready generate the jwt/access_token, such that it would allow us raise exception/return false to deny the user login access
** Also, in situation where the admin created a new user account and forwarded the credentials to the user's email. I maybe want to force the user to change the default password. I may want to abort the login process just before the final stage and redirect the user to the change password screen before s/he can proceed
This would be cleaner for further customization
The text was updated successfully, but these errors were encountered:
Pauldic
changed the title
on_after_failed_login and on_before_login
on_after_failed_login and on_before_login (Feature Request)
May 23, 2024
Thanks alot for the wonderful job done thus far. You approach is really superb. I am pretty new to FastAPI but much in love with this library.
I would love to request if these 2 events could be added to the authentication (/login).
on_after_failed_login(): in case of multiple failed attempt, I would love to keep track of this failed attempt and possibly delay/deny future attempts
on_before_login() -> bool: based on the number of previous failed login attempts I may want to decide if to allow or deny login at this moment. Am thinking this would only be called after every other conditions/parameters like the password, is_active, is_verified has been checked and ready generate the jwt/access_token, such that it would allow us raise exception/return false to deny the user login access
** Also, in situation where the admin created a new user account and forwarded the credentials to the user's email. I maybe want to force the user to change the default password. I may want to abort the login process just before the final stage and redirect the user to the change password screen before s/he can proceed
This would be cleaner for further customization
The text was updated successfully, but these errors were encountered: