Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-74577

login_failed_count_since_success isn't counted correctly

    XMLWordPrintable

Details

    • MOODLE_311_STABLE, MOODLE_400_STABLE
    • MOODLE_311_STABLE, MOODLE_400_STABLE
    • MDL-74577-311
    • MDL-74577-400
    • MDL-74577-master
    • Hide

      Procedure to test

      1. Create a user 'testuser1'.
      2. Make sure that 'displayloginfailures' is set to 'No' (the default). You can access this via, Site administration -> General -> Security -> Notification.
      3. Provide wrong credentials for login for 'testuser1', multiple times (say 4 times)
      4. Now login with the correct credential for 'testuser1' and then logout.
      5. Now enable 'displayloginfailures' (by selecting/clicking the checkbox)
      6. Re-login with correct credentials for 'testuser1'
      7. Now logout as 'testuser1'
      8. Check you don't see the number of false attempts displayed in the top nav bar.

       

      Show
      Procedure to test Create a user 'testuser1'. Make sure that ' displayloginfailures ' is set to 'No' (the default). You can access this via, Site administration -> General -> Security -> Notification. Provide wrong credentials for login for 'testuser1', multiple times (say 4 times) Now login with the correct credential for 'testuser1' and then logout. Now enable ' displayloginfailures ' (by selecting/clicking the checkbox) Re-login with correct credentials for 'testuser1' Now logout as 'testuser1' Check you don't see the number of false attempts displayed in the top nav bar.  
    • 1
    • 4.1 holding pattern, 4.1 holding pattern 2

    Description

      The scenario which I reproduced in my instance while I was testing on MDL-73736 (jaked found this issue and I verified it on my instance):

      Steps to replicate:

      1. In the config.php, add $CFG->disablelogintoken = true;
      2. Create a user say testuser1
      3. Try to log in with testuser1 with the incorrect password. Repeat it multiple times. You should see 'login_failed_count_since_success' incrementing.
      4. Now try to log in as testuser1 with the correct credentials.
      5. Now you should see that the 'login_failed_count_since_success' value in the database is not reset to zero. This is not correct.

      On the other hand, if the user tries to set 'displayloginfailures' (in System Administration > Security > Notifications) to true (by ticking the check box and saving changes). Later when the user logs in with correct credentials, the 'login_failed_count_since_success' is reset to 0.

      Attachments

        Activity

          People

            sujith Sujith Haridasan
            sujith Sujith Haridasan
            Mihail Geshoski Mihail Geshoski
            Sara Arjona (@sarjona) Sara Arjona (@sarjona)
            Gladys Basiana Gladys Basiana
            David Woloszyn, Huong Nguyen, Jake Dallimore, Michael Hawkins, Stevani Andolo
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              11/Jul/22

              Time Tracking

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 3 hours, 20 minutes
                3h 20m