darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-20 15:31:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

ensure we reset failed_login_count when appropriate

Browse Source 
in verify_user_password, if succesful we reset the failed_login_count.
now we use failed_login_count for 2FA attempts, we need to make sure we
reset it in other places too, so that people don't get blocked,
especially in the reset-password user journey.

* verify_user_code - if it's succesful, reset the failed_login_count
* update_password - reset failed_login_count because either
  * you're logged in and so it's 0 anyway
  * you're resetting your password via pword reset link, and the old
    count isn't relevant anymore
This commit is contained in:
Leo Hemsted
2017-02-16 15:20:30 +00:00
parent d0424e319c
commit ac9739f8a2
4 changed files with 79 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/dao/users_dao.py
View File

@@ -113,6 +113,8 @@ def reset_failed_login_count(user):
def update_user_password(user, password):
# reset failed login count - they've just reset their password so should be fine
user.failed_login_count = 0
user.password = password
user.password_changed_at = datetime.utcnow()
db.session.add(user)