search

alarner / perk

A well documented set of tools for building node web applications.
http://perkframework.com
MIT License
181 stars 31 forks source link

Add incorrect password timeouts #33

Open alarner opened 8 years ago

alarner commented 8 years ago

If a user enters in an incorrect password too many times (this should be configurable in config/auth.js) they should be locked out from logging in for a configurable amount of time.

This will involve creating a new table to keep track of authentication attempts and whether or not they were successful and from which IP addresses.

alarner commented 8 years ago

Schema might look something like this:

CREATE TABLE IF NOT EXISTS `user_auth_attempts` (
    `user_auth_attempt_id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
    `auth_type` TINYINT(4) UNSIGNED NOT NULL,
    `auth_identifier` VARCHAR(255) NOT NULL,
    `auth_error` TINYINT(3) UNSIGNED DEFAULT 0,
    `ip` VARCHAR(40) DEFAULT NULL,
    `date` DATETIME NOT NULL,
    PRIMARY KEY (`user_auth_attempt_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
alarner commented 8 years ago

Here's the file where we need to hook in the logging of attempts: https://github.com/alarner/perk/blob/master/routes/auth.js#L129