Account Locking support for Mongoose after some number of consecutive failed login attempts
JavaScript
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
examples
lib
.gitignore
README.md
index.js
package.json

README.md

Mongoose Account Locking - Useful for Mongoose User Schema with locking

This mongoose plugin is based on the post by Jeremy Martin’s DevSmash Blog

How it works?

  • A user’s account should be “locked” after some number of consecutive failed login attempts
  • A user’s account should become unlocked once a sufficient amount of time has passed
  • The User model should expose the reason for a failed login attempt to the application (though not necessarily to the end user)

Installation

npm install mongoose-account-locking

How to use?

After define your Mongoose user schema, just add mongoose-account-locking as plugin to your user schema

var locking = require('mongoose-account-locking');
UserSchema.plugin(locking);

You can also pass options when adding plugin

var options = {
    , maxLoginAttempts = 5
    , lockTime = 2 * 60 * 60 * 1000
    , username = 'username'
    , password = 'password';
};
User.plugin(locking, options)

where

  • maxLoginAttempts : Maximum number of allowable failed logins

  • lockTime : Amount of duration that account will be locked after exceeding the maxLoginAttemts

  • username : username key that is used in User schema. By default, it is 'username'. If you are using email as username, you can set to 'email'

  • password : password key that is used in User schema. By default, it is 'password'.

You can authenticate user as follows

// Create Model based on User Schema
var User = mongoose.model('User', UserSchema);

// Authenticate username and password
// If success, callback receive user
// If failure, callback receive err or reason
// Reasons are NOT_FOUND, PASSWORD_INCORRECT, and MAX_ATTEMPTS. 
User.getAuthenticated('username', 'MyPassword', function(err, user, reason) {
    // Write your code here
}

Example

Refer examples folder for sample code

To verify the code, you have to run the sample.js 5 times. After 5th time, it will lock the account. It wont allow you to access the account for next 2 hours.

Contributors

License

MIT License