Skip to content

accountLockout not resetting threshold after configured duration #9386

New issue
New issue
Open
Open
accountLockout not resetting threshold after configured duration#9386
Labels
type:bugImpaired feature or lacking behavior that is likely assumed
@messagenius-admin

Description

@messagenius-admin
messagenius-admin
opened on Oct 28, 2024

When using Account Lockout options, multiple login attempts result in the user being locked out for a specified period. After the lockout duration expires, the app should allow the user to attempt the configured number of login attempts again.
However the user is locked out immediately after just one failed login attempt.

Steps to Reproduce

  1. Set the accountLockout config, for example: 
    "accountLockout": {
    "duration": 2,
    "threshold": 5 
}

This sample configuration will lock the user out for 2 minutes after 5 failed attempts.

  1. Perform a login with wrong cretentials, 5 times within 2 minutes.
  2. Observe that you are correctly locked out
  3. Wait for the lockout period to end.
  4. Attempt to log in again using incorrect credentials.

Actual Outcome

The user gets locked out again after a single failed attempt.

Expected Outcome

The user should be able to make the configured number (5 in the above example) of additional attempts before being locked out again.

Environment

Parse Server version: 7.3.0
OS/Host: Any
Database: Any
Client: Any, including REST

Metadata

Metadata

Assignees

No one assigned

    Labels

    type:bugImpaired feature or lacking behavior that is likely assumed

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions