search

stumpapp / stump

A free and open source comics, manga and digital book server with OPDS support (WIP)
https://stumpapp.dev
MIT License
944 stars 44 forks source link

Account freezing and recovery #168

Closed aaronleopold closed 1 year ago

aaronleopold commented 1 year ago

If a sufficiently suspicious flurry of failed authentication events occurs (let's say 10 within a day for now), the associated user account should be put in a locked state. In order to unlock, the server owner (or anyone with access to the actual server instance), will need to invoke a CLI command to correct it.

Additional context

Create a new cli lib in crates that defines a clap interface. Refactor the server app to use this cli crate to either start the server or use a sub-command (e.g. unlock account).

In the container, I would envision the following possible:

# start the server
$ ./server

# unlock an account
$ ./server account lock --username <username>

# freeze an account
$ ./server account unlock --username <username>

# list all frozen accounts
$ ./server account list --locked

# reset password for a user
$ ./server account reset-password --username <username>

This would consume the core to query the DB directly

aaronleopold commented 1 year ago

I pretty much knocked this feature out after work today, I'll spend the rest of the week testing when I have time and then I'll make the PR

aaronleopold commented 1 year ago

Implemented in #171