Skip to content

[Issue] Fixed customertoken not generating after configured failure in a row #34067

New issue
New issue
Closed
#34001
Closed
[Issue] Fixed customertoken not generating after configured failure in a row#34067
#34001
Assignees
sagar2009kumar
Labels
Area: APIsComponent: IntegrationFixed in 2.4.xThe issue has been fixed in 2.4-develop branchIssue: ConfirmedGate 3 Passed. Manual verification of the issue completed. Issue is confirmedPriority: P1Once P0 defects have been fixed, a defect having this priority is the next candidate for fixing.Progress: doneReported on 2.4.2Indicates original Magento version for the Issue report.Reproduced on 2.4.xThe issue has been reproduced on latest 2.4-develop branchSeverity: S1Affects critical data or functionality and forces users to employ a workaround.
@m2-assistant

Description

@m2-assistant
m2-assistant
opened on Sep 13, 2021

This issue is automatically created based on existing pull request: #34001: Fixed customertoken not generating after configured failure in a row

Description (*)

This pull request solves the issue when a customer has tried too many fail attempt (i.e more no of times than in the configuration)for generating the customer token via graphql or rest api. Then the customer is not able to log into the system ever.

Related Pull Requests

Fixed Issues (if relevant)

  1. Fixes magento/magento2#<issue_number>

Manual testing scenarios (*)

  1. Make more number of unsuccessful attempt than the configured number of times (configuration can be found in Services->Oauth) to generate the customer token via generateCustomerToken graphql api.
  2. After that, the customer would not be able to generate the token even with correct credentials.

Questions or comments

The issue was occuring because in the current system, there was no any check if lock_expires_at in oauth_token_request_log is greater than current date time. So, the system always returns the no of failed attempts.

For example, let's say, if the configured no of failed attempt is 6. And the customer has tried 7 times to generate the customer token via graphql api. Now, after the expiry time of lock_expires_at even when he/she tries with correct credentials, he/she is not able to generate the customer token and get the exception

'The account sign-in was incorrect or your account is disabled temporarily. '
. 'Please wait and try again later.'
image

This is a major issue for the Scandi PWA login as customer is not able to logged into the PWA after trying too many unsuccessful attempt.

To resolve the issue, i have applied the check if lock_expires_at is greater than current date time. Then we got zero token in that case and when the customer login with correct credentials, he/she will log into the system.

Please let me know if you need additional test cases (i have to make the test cases, lol) or any other description you want.

Contribution checklist (*)

  • [ *] Pull request has a meaningful description of its purpose
  • [ *] All commits are accompanied by meaningful commit messages
  • All new or changed code is covered with unit/integration tests (if applicable)
  • README.md files for modified modules are updated and included in the pull request if any README.md predefined sections require an update
  • All automated tests passed successfully (all builds are green)

Metadata

Metadata

Assignees

Labels

Area: APIsComponent: IntegrationFixed in 2.4.xThe issue has been fixed in 2.4-develop branchIssue: ConfirmedGate 3 Passed. Manual verification of the issue completed. Issue is confirmedPriority: P1Once P0 defects have been fixed, a defect having this priority is the next candidate for fixing.Progress: doneReported on 2.4.2Indicates original Magento version for the Issue report.Reproduced on 2.4.xThe issue has been reproduced on latest 2.4-develop branchSeverity: S1Affects critical data or functionality and forces users to employ a workaround.

Type

No type

Projects

High Priority Backlog

Status

Pull Request In Progress

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions