darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-15 09:42:38 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add separate config item for failed login count

Browse Source 
It’s confusing that changing `MAX_VERIFY_CODE_COUNT` also limits the
number of failed login attempts that a user of text messages 2FA can
make.

This makes the parameters independent, and adds a test to make sure any
future changes which affect the limit of failed login attempts are
covered.
This commit is contained in:
Chris Hill-Scott
2021-10-04 10:18:58 +01:00
parent 786893d920
commit 544bfbf569
3 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/user/rest.py
View File

@@ -205,7 +205,7 @@ def verify_user_code(user_id):
user_to_verify = get_user_by_id(user_id=user_id)
code = get_user_code(user_to_verify, data['code'], data['code_type'])
if user_to_verify.failed_login_count >= current_app.config.get('MAX_VERIFY_CODE_COUNT'):
if user_to_verify.failed_login_count >= current_app.config.get('MAX_FAILED_LOGIN_COUNT'):
raise InvalidRequest("Code not found", status_code=404)
if not code:
# only relevant from sms