Closed engineertdog closed 3 years ago
This seems like it should be handled in hooks with some sort of rate limiter. For example, there is is https://daddywarbucks.github.io/feathers-fletching/hooks.html#ratelimit
That hook uses https://github.com/animir/node-rate-limiter-flexible under the hood, which has a bunch of storage options. It can handle the number of attempts (aka points) over some period of time.
You would probably want to configure that hook where it consumes 0 points in the before hook. So the user gets unlimited "valid" attempts. And then do a little custom error hook like
// Limiter Hook (before create)
// Consumes 0 points because we only want to limit on errors.
const limiter = rateLimit({ makeKey: context => context.data.email, makePoints: () => 0 })
// Error Hook (error create)
context => {
// Manually consume a point for this email
const rateLimiter = context.service.options.rateLimiter;
rateLimiter.consume(data.email, 1)
}
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Apologies if the issue could not be resolved. FeathersJS ecosystem modules are community maintained so there may be a chance that there isn't anybody available to address the issue at the moment. For other ways to get help see here.
I’ll start this out as a discussion, but this will change into a feature request that I’ll work on.
The Idea
More than likely, all AD setups are going to have login attempt limits. I would find it hard to believe there are many without this rule implemented. For most places, it’s probably going to be 5 attempts before you’re locked out. Why is this important? Any login attempt through this plugin counts toward that limit.
The Solution
I believe this feature would need to be added to the main
authenticate
function because we need access to the error object. Using a setting that the user defines onldap
with the other settings, we would check the current number of bad logins with the setting that was provided.Questions
badPasswordTime
.