Reset invalid login counter on successfull login

5 years ago · 221b831bb2
parent 2919cf28ea
commit 221b831bb2
2 changed files with 18 additions and 31 deletions
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@ -353,11 +353,11 @@ namespace Emby.Server.Implementations.Library
                    UpdateUser(user);
                }

-                UpdateInvalidLoginAttemptCount(user, 0);
+                ResetInvalidLoginAttemptCount(user);
            }
            else
            {
-                UpdateInvalidLoginAttemptCount(user, user.Policy.InvalidLoginAttemptCount + 1);
+                IncrementInvalidLoginAttemptCount(user);
            }

            _logger.LogInformation("Authentication request for {0} {1}.", user.Name, success ? "has succeeded" : "has been denied");
@ -509,41 +509,28 @@ namespace Emby.Server.Implementations.Library
                : PasswordHash.ConvertToByteString(new PasswordHash(user.EasyPassword).Hash);
        }

-        private void UpdateInvalidLoginAttemptCount(User user, int newValue)
+        private void ResetInvalidLoginAttemptCount(User user)
        {
-            if (user.Policy.InvalidLoginAttemptCount == newValue || newValue <= 0)
-            {
-                return;
-            }
-
-            user.Policy.InvalidLoginAttemptCount = newValue;
-
-            // Check for users without a value here and then fill in the default value
-            // also protect from an always lockout if misconfigured
-            if (user.Policy.LoginAttemptsBeforeLockout == null || user.Policy.LoginAttemptsBeforeLockout == 0)
-            {
-                user.Policy.LoginAttemptsBeforeLockout = user.Policy.IsAdministrator ? 5 : 3;
-            }
-
-            var maxCount = user.Policy.LoginAttemptsBeforeLockout;
-
-            var fireLockout = false;
+            user.Policy.InvalidLoginAttemptCount = 0;
+            UpdateUserPolicy(user, user.Policy, false);
+        }

-            // -1 can be used to specify no lockout value
-            if (maxCount != -1 && newValue >= maxCount)
+        private void IncrementInvalidLoginAttemptCount(User user)
+        {
+            int invalidLogins = ++user.Policy.InvalidLoginAttemptCount;
+            int maxInvalidLogins = user.Policy.LoginAttemptsBeforeLockout;
+            if (maxInvalidLogins > 0
+                && invalidLogins >= maxInvalidLogins)
            {
-                _logger.LogDebug("Disabling user {0} due to {1} unsuccessful login attempts.", user.Name, newValue);
                user.Policy.IsDisabled = true;
-
-                fireLockout = true;
+                UserLockedOut?.Invoke(this, new GenericEventArgs<User>(user));
+                _logger.LogWarning(
+                    "Disabling user {UserName} due to {Attempts} unsuccessful login attempts.",
+                    user.Name,
+                    invalidLogins);
            }

            UpdateUserPolicy(user, user.Policy, false);
-
-            if (fireLockout)
-            {
-                UserLockedOut?.Invoke(this, new GenericEventArgs<User>(user));
-            }
        }

        /// <summary>
--- a/MediaBrowser.Model/Users/UserPolicy.cs
+++ b/MediaBrowser.Model/Users/UserPolicy.cs
@ -66,7 +66,7 @@ namespace MediaBrowser.Model.Users
        public bool EnableAllFolders { get; set; }

        public int InvalidLoginAttemptCount { get; set; }
-        public int? LoginAttemptsBeforeLockout { get; set; }
+        public int LoginAttemptsBeforeLockout { get; set; }

        public bool EnablePublicSharing { get; set; }