[MDL-74577] login_failed_count_since_success isn't counted correctly - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.11.6, 4.0
Fix Version/s: 3.11.8, 4.0.2
Component/s: Authentication
Labels:
- ci
- hqteam_alpha
- release_notes
- triaged

Affected Branches:
MOODLE_311_STABLE, MOODLE_400_STABLE
Fixed Branches:
MOODLE_311_STABLE, MOODLE_400_STABLE
Pull from Repository:
https://github.com/sharidas/moodle/
Pull 3.11 Branch:
~~MDL-74577~~-311
Pull 3.11 Diff URL:
https://github.com/moodle/moodle/compare/MOODLE_311_STABLE...sharidas:MDL-74577-311
Pull 4.0 Branch:
~~MDL-74577~~-400
Pull 4.0 Diff URL:
https://github.com/moodle/moodle/compare/MOODLE_400_STABLE...sharidas:MDL-74577-400
Pull Main Branch:
~~MDL-74577~~-master
Pull Main Diff URL:
https://github.com/sharidas/moodle/commit/MDL-74577-master?w=1
Testing Instructions:
Hide

Procedure to test

Create a user 'testuser1'.

Make sure that 'displayloginfailures' is set to 'No' (the default). You can access this via, Site administration -> General -> Security -> Notification.

Provide wrong credentials for login for 'testuser1', multiple times (say 4 times)

Now login with the correct credential for 'testuser1' and then logout.

Now enable 'displayloginfailures' (by selecting/clicking the checkbox)

Re-login with correct credentials for 'testuser1'

Now logout as 'testuser1'

Check you don't see the number of false attempts displayed in the top nav bar.
Show
Procedure to test Create a user 'testuser1'. Make sure that ' displayloginfailures ' is set to 'No' (the default). You can access this via, Site administration -> General -> Security -> Notification. Provide wrong credentials for login for 'testuser1', multiple times (say 4 times) Now login with the correct credential for 'testuser1' and then logout. Now enable ' displayloginfailures ' (by selecting/clicking the checkbox) Re-login with correct credentials for 'testuser1' Now logout as 'testuser1' Check you don't see the number of false attempts displayed in the top nav bar.

Story Points:
1
Sprint:
4.1 holding pattern, 4.1 holding pattern 2

Description

The scenario which I reproduced in my instance while I was testing on MDL-73736 (jaked found this issue and I verified it on my instance):

Steps to replicate:

In the config.php, add $CFG->disablelogintoken = true;
Create a user say testuser1
Try to log in with testuser1 with the incorrect password. Repeat it multiple times. You should see 'login_failed_count_since_success' incrementing.
Now try to log in as testuser1 with the correct credentials.
Now you should see that the 'login_failed_count_since_success' value in the database is not reset to zero. This is not correct.

On the other hand, if the user tries to set 'displayloginfailures' (in System Administration > Security > Notifications) to true (by ticking the check box and saving changes). Later when the user logs in with correct credentials, the 'login_failed_count_since_success' is reset to 0.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

MDL-74577_Test Passed.PNG
48 kB
09/Jun/22 9:19 AM

Activity

People

Assignee:: Sujith Haridasan

Reporter:: Sujith Haridasan

Peer reviewer:: Mihail Geshoski

Integrator:: Sara Arjona (@sarjona)

Tester:: Gladys Basiana

Participants:: CiBoT, Gladys Basiana, Jake Dallimore, Mihail Geshoski, Sara Arjona (@sarjona), Sujith Haridasan

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 27/Apr/22 1:26 PM

Updated:: 07/Jul/22 2:08 PM

Resolved:: 10/Jun/22 11:47 PM

Fix Release Date:: 11/Jul/22

Time Tracking

Estimated:

Remaining:

Logged:

3h 20m

Details

Procedure to test

Description

Attachments

Attachments

Activity

People

Dates

Time Tracking