Only send an email about failed totp after three failed attempts
This commit is contained in:
parent
5cfc9bf2f9
commit
24f7d9b4f7
1 changed files with 25 additions and 20 deletions
|
@ -163,13 +163,8 @@ func (u *User) GetFailedTOTPAttemptsKey() string {
|
||||||
func HandleFailedTOTPAuth(s *xorm.Session, user *User) {
|
func HandleFailedTOTPAuth(s *xorm.Session, user *User) {
|
||||||
log.Errorf("Invalid TOTP credentials provided for user %d", user.ID)
|
log.Errorf("Invalid TOTP credentials provided for user %d", user.ID)
|
||||||
|
|
||||||
err := notifications.Notify(user, &InvalidTOTPNotification{User: user})
|
|
||||||
if err != nil {
|
|
||||||
log.Errorf("Could not send failed TOTP notification to user %d: %s", user.ID, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
key := user.GetFailedTOTPAttemptsKey()
|
key := user.GetFailedTOTPAttemptsKey()
|
||||||
err = keyvalue.IncrBy(key, 1)
|
err := keyvalue.IncrBy(key, 1)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("Could not increase failed TOTP attempts for user %d: %s", user.ID, err)
|
log.Errorf("Could not increase failed TOTP attempts for user %d: %s", user.ID, err)
|
||||||
}
|
}
|
||||||
|
@ -179,7 +174,18 @@ func HandleFailedTOTPAuth(s *xorm.Session, user *User) {
|
||||||
log.Errorf("Could get failed TOTP attempts for user %d: %s", user.ID, err)
|
log.Errorf("Could get failed TOTP attempts for user %d: %s", user.ID, err)
|
||||||
}
|
}
|
||||||
attempts := a.(int64)
|
attempts := a.(int64)
|
||||||
if attempts > 10 {
|
|
||||||
|
if attempts == 3 {
|
||||||
|
err = notifications.Notify(user, &InvalidTOTPNotification{User: user})
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("Could not send failed TOTP notification to user %d: %s", user.ID, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if attempts < 10 {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
log.Infof("Blocking user account %d after 10 failed TOTP password attempts", user.ID)
|
log.Infof("Blocking user account %d after 10 failed TOTP password attempts", user.ID)
|
||||||
err = RequestUserPasswordResetToken(s, user)
|
err = RequestUserPasswordResetToken(s, user)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -196,4 +202,3 @@ func HandleFailedTOTPAuth(s *xorm.Session, user *User) {
|
||||||
log.Errorf("Could not disable user %d: %s", user.ID, err)
|
log.Errorf("Could not disable user %d: %s", user.ID, err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in a new issue