Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: provide option to limit (T)OTP checks #7693

Merged
merged 10 commits into from
Apr 10, 2024
Merged

feat: provide option to limit (T)OTP checks #7693

merged 10 commits into from
Apr 10, 2024

Conversation

livio-a
Copy link
Member

@livio-a livio-a commented Apr 3, 2024
edited

Similar to the existing option to automatically lock a user after a certain amount of wrong password checks, this PR adds an option to the lockout policy to do the same for (T)OTP checks.
Note that each OTP method is treated individually. Meaning that if the lockout is set to 3, after 2 failed TOTP checks, the user would still be able to potentially try the TOTP email verification more than once.

Note
The existing MaxAttempts in the configuration for DefaultInstance and FirstInstance has been changed to MaxPasswordAttempts.

Definition of Ready

  • I am happy with the code
  • Short description of the feature/issue is added in the pr description
  • PR is linked to the corresponding user story
  • Acceptance criteria are met
  • All open todos and follow ups are defined in a new ticket and justified
  • Deviations from the acceptance criteria and design are agreed with the PO and documented.
  • No debug or dead code
  • My code has no repetitions
  • Critical parts are tested automatically
  • Where possible E2E tests are implemented
  • Documentation/examples are up-to-date
  • All non-functional requirements are met
  • Functionality of the acceptance criteria is checked manually on the dev system.

@vercel Vercel
Copy link

vercel bot commented Apr 3, 2024
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
docs ✅ Ready (Inspect) Visit Preview 💬 Add feedback Apr 10, 2024 9:02am

@livio-a
Merge branch 'main' into totp-lockout
39b3e32 
# Conflicts:
#	internal/command/user_human_otp.go
@livio-a livio-a marked this pull request as ready for review April 9, 2024 06:37
muhlemmer
muhlemmer reviewed Apr 9, 2024
View reviewed changes
Copy link
Contributor

@muhlemmer muhlemmer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One very small naming comment :)
For the rest back-end looks good to me!

internal/command/instance.go Outdated Show resolved Hide resolved
@muhlemmer muhlemmer enabled auto-merge (squash) April 10, 2024 08:48
@muhlemmer muhlemmer merged commit a282ac0 into main Apr 10, 2024
25 checks passed
@muhlemmer muhlemmer deleted the totp-lockout branch April 10, 2024 09:15
livio-a added a commit that referenced this pull request Apr 10, 2024
@livio-a
feat: provide option to limit (T)OTP checks (#7693)
153df2e 
* feat: provide option to limit (T)OTP checks

* fix requests in console

* update errors pkg

* cleanup

* cleanup

* improve naming of existing config
@github-actions GitHub Actions
Copy link

🎉 This PR is included in version 2.50.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@muhlemmer muhlemmer muhlemmer approved these changes

@peintnermax peintnermax peintnermax approved these changes

Assignees
No one assigned
Labels
released
Projects
Product Management
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@livio-a @muhlemmer @peintnermax