Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-72889

Allow auth plugins to declare not being able to be locked out

    XMLWordPrintable

Details

    • MOODLE_311_STABLE

    Description

      Came across a small edge case bug, where a manual self registered user A attempted to login and failed a few times and inadvertently locked out another account which was an SSO user B. The settings on this site meant that usernames were protected so that user A didn't get any feedback, but user B got the lock out email out of the blue and had a small panic.

      Currently a SSO plugin could workaround this by setting the login_lockout_ignored preference on every user they manage but I think it would be better if auth plugins simply had a new method like ignore_user_lockout().

      It would probably be even better if each auth plugin declares whether it is an sso plugin or not, and ignore_user_lockout has a default implementation which leverages of that. 

      Attachments

        Activity

          People

            Unassigned Unassigned
            brendanheywood Brendan Heywood
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Sujith Haridasan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: