Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78630

A notification should be displayed when a user's account is locked/unlocked

    XMLWordPrintable

Details

    • MOODLE_39_STABLE, MOODLE_402_STABLE
    • MOODLE_403_STABLE
    • MDL-78630-401
    • MDL-78630-402
    • MDL-78630-master
    • Hide

      Prerequisites

      1. A non-admin user
      2. Set up Mailhog:

        docker run -p 8025:8025 -p 1025:1025 mailhog/mailhog
        

      3. Configure Moodle to use Mailhog:
        1. Browse to "Site Administration" > "Server" > "Support contact"
        2. Set "supportemail" to something like "support@localhost.invalid"
        3. Browse to "Site Administration" > "Server" > "Outgoing mail configuration"
        4. Set "smtphosts" to "localhost:1025"
        5. Set "noreplyaddress" to something like "noreply@localhost.invalid"
        6. Browse to http://localhost:8025/ to monitor mails sent by the site

      Testing

      1. Browse to "Site Administration" > "General" > "Security" > "Site security settings"
      2. Set "Account lockout threshold" to 3
      3. In a private tab (or just logout) login using correct credentials for the non-admin user
      4. Verify the user can log in without issue
      5. Log out
      6. Attempt to log in again with an incorrect password
      7. Verify an error stating: "Invalid login, please try again" is displayed
      8. Make 2 more attempts to log in with a wrong password
      9. Verify an email is sent out (by looking at mailhog) informing the user of the lockout
      10. Attempt to login again with a wrong password
      11. Verify an error displays informing the user of the lockout
      12. Attempt to login again using correct credentials
      13. Verify an error displays informing the user of the lockout
      14. Follow the unlock account link from the email
      15. Verify an info box is displayed informing the user that their account has been unlocked
      16. Verify you can now login using correct credentials
      Show
      Prerequisites A non-admin user Set up Mailhog: docker run -p 8025:8025 -p 1025:1025 mailhog/mailhog Configure Moodle to use Mailhog: Browse to "Site Administration" > "Server" > "Support contact" Set "supportemail" to something like "support@localhost.invalid" Browse to "Site Administration" > "Server" > "Outgoing mail configuration" Set "smtphosts" to "localhost:1025" Set "noreplyaddress" to something like "noreply@localhost.invalid" Browse to http://localhost:8025/ to monitor mails sent by the site Testing Browse to "Site Administration" > "General" > "Security" > "Site security settings" Set "Account lockout threshold" to 3 In a private tab (or just logout) login using correct credentials for the non-admin user Verify the user can log in without issue Log out Attempt to log in again with an incorrect password Verify an error stating: "Invalid login, please try again" is displayed Make 2 more attempts to log in with a wrong password Verify an email is sent out (by looking at mailhog) informing the user of the lockout Attempt to login again with a wrong password Verify an error displays informing the user of the lockout Attempt to login again using correct credentials Verify an error displays informing the user of the lockout Follow the unlock account link from the email Verify an info box is displayed informing the user that their account has been unlocked Verify you can now login using correct credentials

    Description

      When you set up "Account lockout threshold" and a user gets locked after N incorrect attempts to login, there is email sent to notify user about it. In this email  there is a link to navigate for unlocking the account. Which is works perfectly.

      However, it seems like there is no feedback/instructions after navigating to this link. Users get redirected to a login page.

      Would be nice somehow display notification saying "Your account has been successfully unlocked." or something. 

      Also, it would be good to notify user on the login page that their account has been locked out. Currently, the Invalid login, please try again notification is displayed, but once account is locked there is no point to try again. Instead, Account is locked out and account unlock link has been to sent to registered email (text can vary) could be displayed.

      Attachments

        Issue Links

          Activity

            People

              cameron1729 cameron1729
              dmitriim Dmitrii Metelkin
              Tomo Tsuyuki Tomo Tsuyuki
              Ilya Tregubov Ilya Tregubov
              Kim Jared Lucas Kim Jared Lucas
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 35 minutes
                  35m

                  Clockify

                    Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.