search

znuny / Znuny4OTRS-PasswordPolicy

An extension to improve the password policy in OTRS.
https://www.znuny.com/add-ons/password-policy
4 stars 4 forks source link

Bug - Customer User won't be locked after multiple failed logins #8

Closed rkaldung closed 2 years ago

rkaldung commented 3 years ago

Expected behavior

Set setting PasswordMaxLoginFailed affectes CustomerUser login.

Actual behavior

Despite the setting PasswordMaxLoginFailed and way more login attempts the CustomerUser does not become invalid-temporary like agents.

How to reproduce

Steps to reproduce the behavior:

  1. Configure a value PasswordMaxLoginFailed
  2. Login in multiple times (>PasswordMaxLoginFailed) as a CustomerUser with a wrong password.
  3. Check that the CustomerUser is still valid.

Environment

Additional information

PasswordMaxLoginFailed is a setting form the Framework and not found in any file related to CustomerUser. It's expected to work with datasources not read-only and type DB (or wherever the valid flag can be changed)

rkaldung commented 2 years ago

Will be implemented into with the next release, 6.0.37