Only send an email about failed totp after three failed attempts

This commit is contained in:
kolaente 2021-07-30 14:42:03 +02:00
parent 5cfc9bf2f9
commit 24f7d9b4f7
No known key found for this signature in database
GPG key ID: F40E70337AB24C9B

View file

@ -163,13 +163,8 @@ func (u *User) GetFailedTOTPAttemptsKey() string {
func HandleFailedTOTPAuth(s *xorm.Session, user *User) { func HandleFailedTOTPAuth(s *xorm.Session, user *User) {
log.Errorf("Invalid TOTP credentials provided for user %d", user.ID) log.Errorf("Invalid TOTP credentials provided for user %d", user.ID)
err := notifications.Notify(user, &InvalidTOTPNotification{User: user})
if err != nil {
log.Errorf("Could not send failed TOTP notification to user %d: %s", user.ID, err)
}
key := user.GetFailedTOTPAttemptsKey() key := user.GetFailedTOTPAttemptsKey()
err = keyvalue.IncrBy(key, 1) err := keyvalue.IncrBy(key, 1)
if err != nil { if err != nil {
log.Errorf("Could not increase failed TOTP attempts for user %d: %s", user.ID, err) log.Errorf("Could not increase failed TOTP attempts for user %d: %s", user.ID, err)
} }
@ -179,7 +174,18 @@ func HandleFailedTOTPAuth(s *xorm.Session, user *User) {
log.Errorf("Could get failed TOTP attempts for user %d: %s", user.ID, err) log.Errorf("Could get failed TOTP attempts for user %d: %s", user.ID, err)
} }
attempts := a.(int64) attempts := a.(int64)
if attempts > 10 {
if attempts == 3 {
err = notifications.Notify(user, &InvalidTOTPNotification{User: user})
if err != nil {
log.Errorf("Could not send failed TOTP notification to user %d: %s", user.ID, err)
}
}
if attempts < 10 {
return
}
log.Infof("Blocking user account %d after 10 failed TOTP password attempts", user.ID) log.Infof("Blocking user account %d after 10 failed TOTP password attempts", user.ID)
err = RequestUserPasswordResetToken(s, user) err = RequestUserPasswordResetToken(s, user)
if err != nil { if err != nil {
@ -195,5 +201,4 @@ func HandleFailedTOTPAuth(s *xorm.Session, user *User) {
if err != nil { if err != nil {
log.Errorf("Could not disable user %d: %s", user.ID, err) log.Errorf("Could not disable user %d: %s", user.ID, err)
} }
}
} }