md.asif5/yume_js
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix : users are locked after three failed login attempts.

Browse Source
This commit is contained in:
nabanita.jana
2025-10-21 16:41:54 +05:30
parent 75ebcf8407
commit 96af9ff264
1 changed files with 30 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/controllers/auth.controller.js
View File

@@ -24,18 +24,19 @@ async function login(req, res) {
// --- Step 1: Check if user is already locked --- // --- Step 1: Check if user is already locked ---
const blockedKey = `login:blocked:${customerNo}`; const blockedKey = `login:blocked:${customerNo}`;
const attemptsKey = `login:attempts:${customerNo}`; const attemptsKey = `login:attempts:${customerNo}`;
console.log("hi",blockedKey);
console.log("attempt Key",attemptsKey);
// check DB locked flag
const userCheck = await authService.findUserByCustomerNo(customerNo); const userCheck = await authService.findUserByCustomerNo(customerNo);
if (loginType.toUpperCase() === 'IB') {
// check DB locked flag
if (userCheck && userCheck.locked) { if (userCheck && userCheck.locked) {
await setJson(blockedKey, true, BLOCK_DURATION); await setJson(blockedKey, true, BLOCK_DURATION);
return res.status(423).json({ return res.status(423).json({
error: 'Your account is locked. Please contact the administrator.', error: 'Your account is locked. Please contact the administrator.',
}); });
} }
}
// --- Step 2: Check migration status // --- Step 2: Check migration status
const isMigratedUser = await authService.isMigratedUser(customerNo); const isMigratedUser = await authService.isMigratedUser(customerNo);
@@ -46,35 +47,29 @@ async function login(req, res) {
const user = await authService.validateUser(customerNo, password); const user = await authService.validateUser(customerNo, password);
if (!user) { if (!user) {
// Invalid credentials: increment Redis counter if (loginType.toUpperCase() === 'IB') {
let attempts = (await getJson(attemptsKey)) || 0; let attempts = (await getJson(attemptsKey)) || 0;
attempts += 1; attempts += 1;
if (attempts >= MAX_ATTEMPTS) { if (attempts >= MAX_ATTEMPTS) {
// lock the account in DB
await db.query('UPDATE users SET locked = true WHERE customer_no = $1', [customerNo]); await db.query('UPDATE users SET locked = true WHERE customer_no = $1', [customerNo]);
// mark as blocked in Redis
await setJson(blockedKey, true, BLOCK_DURATION); await setJson(blockedKey, true, BLOCK_DURATION);
// clear attempts counter
await setJson(attemptsKey, 0); await setJson(attemptsKey, 0);
logger.warn(`User ${customerNo} account locked after ${MAX_ATTEMPTS} failed attempts.`);
return res.status(423).json({ return res.status(423).json({
error: 'Your account has been locked due to multiple failed login attempts. Please contact the administrator.', error: 'Your account has been locked due to multiple failed login attempts. Please contact the administrator.',
}); });
} } else {
else {
// Save the incremented attempt count with TTL (optional 15 mins)
await setJson(attemptsKey, attempts, BLOCK_DURATION); await setJson(attemptsKey, attempts, BLOCK_DURATION);
return res.status(401).json({ return res.status(401).json({
error: `Invalid credentials. ${MAX_ATTEMPTS - attempts} attempt(s) remaining.`, error: `Invalid credentials. ${MAX_ATTEMPTS - attempts} attempt(s) remaining.`,
}); });
} }
} else {
return res.status(401).json({ error: 'Invalid credentials.' });
} }
}
// --- Step 4: If login successful, reset Redis attempts --- // --- Step 4: If login successful, reset Redis attempts ---
await setJson(attemptsKey, 0); // reset counter await setJson(attemptsKey, 0); // reset counter