Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-21342

Account lockout after failed login attempts

    Details

    • Database:
      Any
    • Testing Instructions:
      Hide

      1/ run phpunit tests
      2/ set some low threshold and timeouts and try lockouts

      • verify user gets email with unlock instructions
      • verify account is unlocked automatically after selected time without failed logins
      • verify that more attempts in some longer window do not trigger lockout
      • verify admin may unlock accounts manually from the Admins / Users / Accounts / Browse list of users
      Show
      1/ run phpunit tests 2/ set some low threshold and timeouts and try lockouts verify user gets email with unlock instructions verify account is unlocked automatically after selected time without failed logins verify that more attempts in some longer window do not trigger lockout verify admin may unlock accounts manually from the Admins / Users / Accounts / Browse list of users
    • Affected Branches:
      MOODLE_20_STABLE, MOODLE_24_STABLE
    • Fixed Branches:
      MOODLE_25_STABLE
    • Pull Master Branch:
      w51_MDL-21342_m25_lockout

      Description

      Implement a lockout system for web services => when wrong password too many time, lock the user (except if IP restriction field is not empty)
      Maybe do an administration too to unlock and visualize locked
      nothing needed for token
      Specs needed.
      log needed when a lockout happens.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  10 Vote for this issue
                  Watchers:
                  22 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    14/May/13