Trying to install Products.LoginLockout add-on in Plone 5

[SinghNav11]

Hello all,

I have been trying to install Products.LoginLockout add-on in my Plone 5 with Python 3.7 configuration.

Added it in buildout -

[instance] eggs += Products.LoginLockout

Doesn't have problem while creating new build but when trying to run the site in fg it errors saying -

No module named 'plugin'

Have anyone else ran into same problem ? If yes please share your experience.

[djay]

@SinghNav11 you can see someone is already trying to make it supported in 5.2 but its not yet done. In pull requests - https://github.com/collective/Products.LoginLockout/pull/34

[SinghNav11]

Hello @djay

Do you have any suggestion on how we can make this functionality available in plone 5, where we can lock user after few wrong attempts of username and password Is there any alternative add-on or any piece of code I can refer to make it work?

[djay]

@SinghNav11 here are the general procedure for upgrading a plugin to python 3. https://docs.plone.org/manage/upgrading/version_specific_migration/upgrade_to_python3.html. Should be a good first task if you haven't tried to make a plone addon before. You should be able to use that to continue the work on #34

[djay]

@SinghNav11 I've now finished the tests and merged the changes for python3 compatibility. If you want to checkout the master and confirm it works for you I can release it

[SinghNav11]

@djay Thank you for your big help, I really appreciate it I have been using this add-on since couple of days now and it looks good everything works as expected, Tested using different scenarios Only one issue I was able to note down was , when user attempts to login with 3 wrong passwords, User is locked out by the add-on and I can see that happening in logs but in UI (browser) Add-on doesn't display a meaningful message, actually their is no message saying "User is locked out"

Let me know if you have any solution for it.

Once again I really appreciate your help

[djay]

@SinghNav11 notifying the user they are logged out isn't one of the features. I'm not sure it should be either onscreen since that would allow attackers to know what is a valid username or not. Possibly it could email the user though. Raise a feature request if you think that should be a feature.