MemberDefaultLockoutTimeInMinutes doesn't seem to work (Umbraco 13.0.3)

[JeroenRoos]

Which Umbraco version are you using? (Please write the exact version, example: 10.1.0)

13.0.3

Bug summary

When setting the "MemberDefaultLockoutTimeInMinutes" in the appsettings, the Member still can't login again after the time is elapsed, and the Member still appears locked in the Members section in Umbraco.

After setting this to 1 minute in the appsettings, it still doesn't seem to unlock the Member again. Is there something I'm missing, is this the intended functionality, or is this appsetting ignored when locking the Member?

Specifics

No response

Steps to reproduce

Add the following to the appsettings.json:

"Umbraco": { "CMS": { "Security": { "MemberPassword": { "MaxFailedAccessAttemptsBeforeLockout": 1 }, "MemberDefaultLockoutTimeInMinutes": 1 } } }

Then try logging-in with an invalid password, and you will see in the Member section in Umbraco that it's locked-out, and the "Last lockout date" also has a value.

After waiting more than 1 minute, the Member is still locked-out, also when trying to login again, or when restarting the application, the Member is still locked-out.

Expected result / actual result

I expected the Member to be unlocked again, after the time period has passed, either automatically, after trying a new login attempt, or at a restart. This doesn't seem to be the case.

[github-actions[bot]]

Hi there @JeroenRoos!

Firstly, a big thank you for raising this issue. Every piece of feedback we receive helps us to make Umbraco better.

We really appreciate your patience while we wait for our team to have a look at this but we wanted to let you know that we see this and share with you the plan for what comes next.

• We'll assess whether this issue relates to something that has already been fixed in a later version of the release that it has been raised for.
• If it's a bug, is it related to a release that we are actively supporting or is it related to a release that's in the end-of-life or security-only phase?
• We'll replicate the issue to ensure that the problem is as described.
• We'll decide whether the behavior is an issue or if the behavior is intended.

We wish we could work with everyone directly and assess your issue immediately but we're in the fortunate position of having lots of contributions to work with and only a few humans who are able to do it. We are making progress though and in the meantime, we will keep you in the loop and let you know when we have any questions.

Thanks, from your friendly Umbraco GitHub bot :robot: :slightly_smiling_face:

[andr317c]

Hey! Thanks for reporting this issue. I was able to reproduce this on version 13.1.1. I will go ahead and mark this issue as up for grabs 😄

[github-actions[bot]]

Hi @JeroenRoos,

We're writing to let you know that we would love some help with this issue. We feel that this issue is ideal to flag for a community member to work on it. Once flagged here, folk looking for issues to work on will know to look at yours. Of course, please feel free work on this yourself ;-). If there are any changes to this status, we'll be sure to let you know.

For more information about issues and states, have a look at this blog post.

Thanks muchly, from your friendly Umbraco GitHub bot :-)

[ideo2]

probably this is the issue: