Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Add brute force protection for login #54
Timeout requires us an extra-work as an integration with node-cron. We considered the retrieval process is sortof related to your own workflow and shouldn't be enforced, likely what has been done with mailing on seneca-user. In our case @CoderDojo, we prefer an email reset, which wouldn't be implemented here ( seneca-user ) but through our own µs, cd-users, since seneca-user doesn't do emailing anymore.
Now I do have two comments:
@mihaidma any thoughts?
It seems to me that after a successful login the counter should be reset to 0.
This seems to be the desired feature. If you try x times to login without success the account is locked. But if I failed 1 time and then login with success it should reset the counter back to 0.
Only x consecutive logins should lock the account.
1 similar comment
Aug 12, 2016
1 check passed
I made the specs for brute force protection: #62
I'll work at modifying this implementation.