Open alarner opened 8 years ago
Schema might look something like this:
CREATE TABLE IF NOT EXISTS `user_auth_attempts` (
`user_auth_attempt_id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
`auth_type` TINYINT(4) UNSIGNED NOT NULL,
`auth_identifier` VARCHAR(255) NOT NULL,
`auth_error` TINYINT(3) UNSIGNED DEFAULT 0,
`ip` VARCHAR(40) DEFAULT NULL,
`date` DATETIME NOT NULL,
PRIMARY KEY (`user_auth_attempt_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Here's the file where we need to hook in the logging of attempts: https://github.com/alarner/perk/blob/master/routes/auth.js#L129
If a user enters in an incorrect password too many times (this should be configurable in
config/auth.js
) they should be locked out from logging in for a configurable amount of time.This will involve creating a new table to keep track of authentication attempts and whether or not they were successful and from which IP addresses.