Follow up on the LoginAttemptNotifications extension #41
Comments
This was referenced Oct 16, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
CWP 2.1, probably CWP 2.0 as well
The
LoginAttemptNotificationsextensions purpose is to show the CMS user when they log in the number of successful and/or unsuccessful login attempts that occurred since the previous time they logged into the CMS.@chillu pointed out that it's not particularly useful to show CMS users that there were successful login attempts, seeing as the message looks like this (nobody will remember their IP and be able to distinguish a malicious login from it):
In CWP 1.x this extension was disabled in 2013:
silverstripe/cwp@2c576c3#diff-8a7315557cd9f672e36f7e8f0ce2c29e
It was re-enabled during the CWP 2.x upgrade, possibly by mistake:
f46727f#diff-8a7315557cd9f672e36f7e8f0ce2c29eR125
It was then moved from _config.php into a YAML config file.
This issue is raised as a placeholder to either deprecated and remove this feature OR to investigate, fix and reimplement it so that it works correctly and doesn't show up every time a CMS user does something in the CMS.
Context: CWP kitchen sink recipe 2.1.x-dev on the CWP platform, not logged in as the default admin user.
Related bug fix for this functionality in core (UI fix): silverstripe/silverstripe-admin#568
The text was updated successfully, but these errors were encountered: