Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
security: implement user lockout (#1552)
* add data-types required for login security * implement user lockout checking at login * cleanup legacy patterns * expose passwords in test_user * test user lockout after bad attempts * test user service * bump alembic version * save increment to database * add locked_at to datetime transformer on import * do proper test cleanup * implement scheduled task * spelling * document env variables * implement context manager for session * use context manager * implement reset script * cleanup generator * run generator * implement API endpoint for resetting locked users * add button to reset all locked users * add info when account is locked * use ignore instead of expect-error
- Loading branch information
Showing
35 changed files
with
450 additions
and
46 deletions.
There are no files selected for viewing
26 changes: 26 additions & 0 deletions
26
alembic/versions/2022-08-12-19.05.59_188374910655_add_login_attemps_and_locked_at_field_.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
"""add login_attemps and locked_at field to user table | ||
Revision ID: 188374910655 | ||
Revises: f30cf048c228 | ||
Create Date: 2022-08-12 19:05:59.776361 | ||
""" | ||
import sqlalchemy as sa | ||
|
||
from alembic import op | ||
|
||
# revision identifiers, used by Alembic. | ||
revision = "188374910655" | ||
down_revision = "f30cf048c228" | ||
branch_labels = None | ||
depends_on = None | ||
|
||
|
||
def upgrade(): | ||
op.add_column("users", sa.Column("login_attemps", sa.Integer(), nullable=True)) | ||
op.add_column("users", sa.Column("locked_at", sa.DateTime(), nullable=True)) | ||
|
||
|
||
def downgrade(): | ||
op.drop_column("users", "locked_at") | ||
op.drop_column("users", "login_attemps") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,19 @@ | ||
import { BaseCRUDAPI } from "../_base"; | ||
import { UserIn, UserOut } from "~/types/api-types/user"; | ||
import { UnlockResults, UserIn, UserOut } from "~/types/api-types/user"; | ||
|
||
const prefix = "/api"; | ||
|
||
const routes = { | ||
adminUsers: `${prefix}/admin/users`, | ||
adminUsersId: (tag: string) => `${prefix}/admin/users/${tag}`, | ||
adminResetLockedUsers: (force: boolean) => `${prefix}/admin/users/unlock?force=${force ? "true" : "false"}`, | ||
}; | ||
|
||
export class AdminUsersApi extends BaseCRUDAPI<UserIn, UserOut, UserOut> { | ||
baseRoute: string = routes.adminUsers; | ||
itemRoute = routes.adminUsersId; | ||
|
||
async unlockAllUsers(force = false) { | ||
return await this.requests.post<UnlockResults>(routes.adminResetLockedUsers(force), {}); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.