Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78630

A notification should be displayed when a user's account is locked/unlocked

XMLWordPrintable

    • MOODLE_39_STABLE, MOODLE_402_STABLE
    • MOODLE_403_STABLE
    • MDL-78630-401
    • MDL-78630-master
    • Hide

      Prerequisites

      1. A non-admin user
      2. Set up Mailhog:

        docker run -p 8025:8025 -p 1025:1025 mailhog/mailhog
        

      3. Configure Moodle to use Mailhog:
        1. Browse to "Site Administration" > "Server" > "Support contact"
        2. Set "supportemail" to something like "support@localhost.invalid"
        3. Browse to "Site Administration" > "Server" > "Outgoing mail configuration"
        4. Set "smtphosts" to "localhost:1025"
        5. Set "noreplyaddress" to something like "noreply@localhost.invalid"
        6. Browse to http://localhost:8025/ to monitor mails sent by the site

      Testing

      1. Browse to "Site Administration" > "General" > "Security" > "Site security settings"
      2. Set "Account lockout threshold" to 3
      3. In a private tab (or just logout) login using correct credentials for the non-admin user
      4. Verify the user can log in without issue
      5. Log out
      6. Attempt to log in again with an incorrect password
      7. Verify an error stating: "Invalid login, please try again" is displayed
      8. Make 2 more attempts to log in with a wrong password
      9. Verify an email is sent out (by looking at mailhog) informing the user of the lockout
      10. Attempt to login again with a wrong password
      11. Verify an error displays informing the user of the lockout
      12. Attempt to login again using correct credentials
      13. Verify an error displays informing the user of the lockout
      14. Follow the unlock account link from the email
      15. Verify an info box is displayed informing the user that their account has been unlocked
      16. Verify you can now login using correct credentials
      Show
      Prerequisites A non-admin user Set up Mailhog: docker run -p 8025:8025 -p 1025:1025 mailhog/mailhog Configure Moodle to use Mailhog: Browse to "Site Administration" > "Server" > "Support contact" Set "supportemail" to something like "support@localhost.invalid" Browse to "Site Administration" > "Server" > "Outgoing mail configuration" Set "smtphosts" to "localhost:1025" Set "noreplyaddress" to something like "noreply@localhost.invalid" Browse to http://localhost:8025/ to monitor mails sent by the site Testing Browse to "Site Administration" > "General" > "Security" > "Site security settings" Set "Account lockout threshold" to 3 In a private tab (or just logout) login using correct credentials for the non-admin user Verify the user can log in without issue Log out Attempt to log in again with an incorrect password Verify an error stating: "Invalid login, please try again" is displayed Make 2 more attempts to log in with a wrong password Verify an email is sent out (by looking at mailhog) informing the user of the lockout Attempt to login again with a wrong password Verify an error displays informing the user of the lockout Attempt to login again using correct credentials Verify an error displays informing the user of the lockout Follow the unlock account link from the email Verify an info box is displayed informing the user that their account has been unlocked Verify you can now login using correct credentials

      When you set up "Account lockout threshold" and a user gets locked after N incorrect attempts to login, there is email sent to notify user about it. In this email  there is a link to navigate for unlocking the account. Which is works perfectly.

      However, it seems like there is no feedback/instructions after navigating to this link. Users get redirected to a login page.

      Would be nice somehow display notification saying "Your account has been successfully unlocked." or something. 

      Also, it would be good to notify user on the login page that their account has been locked out. Currently, the Invalid login, please try again notification is displayed, but once account is locked there is no point to try again. Instead, Account is locked out and account unlock link has been to sent to registered email (text can vary) could be displayed.

            cameron1729 cameron1729
            dmitriim Dmitrii Metelkin
            Tomo Tsuyuki Tomo Tsuyuki
            Ilya Tregubov Ilya Tregubov
            Kim Jared Lucas Kim Jared Lucas
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 35 minutes
                35m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.