Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limit login retries #830

Merged
merged 10 commits into from
Aug 19, 2019
Merged

Limit login retries #830

merged 10 commits into from
Aug 19, 2019

Conversation

fisx
Copy link
Contributor

@fisx fisx commented Aug 15, 2019

Implements https://github.com/wearezeta/backend-issues/issues/841#issuecomment-518033685 .

Open questions:

  1. I use forM_ instead of pooledForConcurrentlyN_ here. The latter will fail because Bridge.Budget is not concurrency-proof: if two threads / services request a budget coin concurrently, only one of them will decrement the budget value in cassandra. We could use counters instead of int in the schema, but it is unclear what that will mean for the other use case. (cases? i think there is only one.)
  2. Should I move LoginRetryOpts to Settings? It's not clear to me what the difference is, except perhaps that Settings can be changed at run-time, in which case LoginRetryOpts shouldn't go there (I think).

@fisx
Copy link
Contributor Author

fisx commented Aug 15, 2019

(I'll make a PR to wire-server-deploy soon, but since the flag is optional, that can be done independently.)

@fisx
Copy link
Contributor Author

fisx commented Aug 15, 2019

(I'll make a PR to wire-server-deploy soon, but since the flag is optional, that can be done independently.)

heh :) I guess i missed one after all:

          Exception: test/integration/API/User/Auth.hs:235:9-44: Irrefutable pattern failed for pattern Just opts

@fisx fisx mentioned this pull request Aug 16, 2019
Merged
tiago-loureiro
tiago-loureiro reviewed Aug 19, 2019
View reviewed changes
services/brig/brig.integration.yaml Outdated
@@ -137,6 +137,9 @@ optSettings:
setUserCookieThrottle:
stdDev: 5
retryAfter: 1
limitFailedLogins:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sry, can u make it limitFailedLogins -> setLimitFailedLogins for consistency's sake? ☺️

@fisx
Rename options fields.
0d09add
@fisx
Use NominalDiffTime for timeouts.
2a53fd4 
This is slightly less accurate, but works against UTCTime, and is
consistent with what we use in other places.
@fisx
Copy link
Contributor Author

fisx commented Aug 19, 2019

(this will pass CI once the resp. PRs there have been deployed.)

tiago-loureiro
tiago-loureiro approved these changes Aug 19, 2019
View reviewed changes
Copy link
Contributor

@tiago-loureiro tiago-loureiro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just please double check https://github.com/wireapp/wire-server/pull/830/files#r315212362

@fisx fisx merged commit 894488c into develop Aug 19, 2019
@fisx fisx deleted the fisx/limit-login-retries branch August 19, 2019 15:30
This was referenced Aug 20, 2019
Merged
Merged
@fisx fisx mentioned this pull request Sep 3, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tiago-loureiro tiago-loureiro tiago-loureiro approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fisx @tiago-loureiro