darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-04 10:21:14 -05:00
Code Issues Packages Projects Releases Wiki Activity

ensure we reset failed_login_count when appropriate

Browse Source 
in verify_user_password, if succesful we reset the failed_login_count.
now we use failed_login_count for 2FA attempts, we need to make sure we
reset it in other places too, so that people don't get blocked,
especially in the reset-password user journey.

* verify_user_code - if it's succesful, reset the failed_login_count
* update_password - reset failed_login_count because either
  * you're logged in and so it's 0 anyway
  * you're resetting your password via pword reset link, and the old
    count isn't relevant anymore
This commit is contained in:
Leo Hemsted
2017-02-16 15:20:30 +00:00
parent d0424e319c
commit ac9739f8a2
4 changed files with 79 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/user/rest.py
View File

@@ -130,6 +130,7 @@ def verify_user_code(user_id):
increment_failed_login_count(user_to_verify)
raise InvalidRequest("Code has expired", status_code=400)
use_user_code(code.id)
reset_failed_login_count(user_to_verify)
return jsonify({}), 204