cleverbeagle/pup

Allowed Login Attempts

wortkotze opened this issue · 1 comments

wortkotze commented

For us it is mandatory to prevent our accounts of too many failed login attempts.
We added a functionality to control how many LogIn Attempts are allowed and put it in the Admin UI to reset it.

If someone needs this aswell, please let me know then I can create a pullrequest for the newest version.
Probably our owner do it directly without a pullrequest :)

here is the logic for server startup.server.accounts.loginAttempts

`import { Meteor } from 'meteor/meteor';
import { Accounts } from 'meteor/accounts-base';

Accounts.validateLoginAttempt((info) => {
const user = info.user;

if (!user) return false;

let failAttempt = 0;
if (user.profile) failAttempt = user.profile.loginFaileAttempt;

let loginAllowed = false;
if (info.error && info.error.error == 403) {
if (failAttempt >= Meteor.settings.public.AllowedFailedAttempts) {
console.log(${user.profile.name.first} ${user.profile.name.last} max Attempts reached);
Logger.log(${user.profile.name.first} ${user.profile.name.last} max Attempts reached, [
'FailedLogIn',
]);
throw new Meteor.Error(403, 'you need to contact the admin!');
}
// increment the fail attempts
failAttempt++;
console.log(${user.profile.name.first} ${user.profile.name.last} failAttempt: ${failAttempt});
Logger.log(${user.profile.name.first} ${user.profile.name.last} failAttempt: ${failAttempt}, [
'FailedLogIn',
]);
loginAllowed = false;
} else {
// success login set to 0
failAttempt = 0;
loginAllowed = true;
}

Meteor.users.update({ _id: user._id }, { $set: { 'profile.loginFaileAttempt': failAttempt } });

return loginAllowed;
});
`

cbidon42 commented

Hello wortkotze,

Yeah surely I would be interested :)

Thanks.