Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Double devise failed attempts #1794

Merged
merged 1 commit into from
Feb 9, 2024
Merged

Double devise failed attempts #1794

merged 1 commit into from
Feb 9, 2024

Conversation

jayjay-w
Copy link
Contributor

@jayjay-w jayjay-w commented Feb 8, 2024
edited
Loading

Description

Due to devise-two-factor/devise-two-factor#28, devise doubles the count stored in the failed_attempts column when 2FA is enabled.

In this PR we are doubling the value set in devise_maximum_attempts in CheckConfig, so that devise always doubles it, at least until the issue referred to above is fixed

Due to this, user's will no longer get a warning before the last login attempt, so we are increasing the default number of attempts before an account is locked to 5.

References: CV2-4164

How has this been tested?

Confirmed that the user's account will always be locked after 5(default value) tries.

Checklist

  • I have performed a self-review of my own code
  • I have added unit and feature tests, if the PR implements a new feature or otherwise would benefit from additional testing
  • I have added regression tests, if the PR fixes a bug
  • I have added logging, exception reporting, and custom tracing with any additional information required for debugging
  • I considered secure coding practices when writing this code. Any security concerns are noted above.
  • I have commented my code in hard-to-understand areas, if any
  • I have made needed changes to the README
  • My changes generate no new warnings
  • If I added a third party module, I included a rationale for doing so and followed our current guidelines

@jayjay-w
Double devise failed attempts
b97c8db 
Due to devise-two-factor/devise-two-factor#28,
devise doubles the count stored in the failed_attempts column when 2FA is
enabled.

In this commit we are doubling the value set in devise_maximum_attempts in
CheckConfig, so that devise always doubles it, at least until the issue
referred to above is fixed
@codeclimate CodeClimate
Copy link

codeclimate bot commented Feb 8, 2024

Code Climate has analyzed commit b97c8db and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (100% is the threshold).

This pull request will bring the total coverage in the repository to 100.0% (0.0% change).

View more on Code Climate.

@jayjay-w jayjay-w marked this pull request as ready for review February 9, 2024 07:47
@jayjay-w jayjay-w merged commit 4a0f15e into develop Feb 9, 2024
8 checks passed
@jayjay-w jayjay-w deleted the CV2-4164-fix-login-retries-double-counter branch March 26, 2024 13:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@melsawy melsawy melsawy approved these changes

@caiosba caiosba Awaiting requested review from caiosba caiosba is a code owner

@DGaffney DGaffney Awaiting requested review from DGaffney

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jayjay-w @melsawy