md.asif5/yume_js
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix : users are locked after three failed login attempts.

Browse Source
This commit is contained in:
nabanita.jana
2025-10-21 16:41:54 +05:30
parent 75ebcf8407
commit 96af9ff264
1 changed files with 30 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
src/controllers/auth.controller.js
View File

@@ -24,17 +24,18 @@ async function login(req, res) {
// --- Step 1: Check if user is already locked --- // --- Step 1: Check if user is already locked ---
const blockedKey = `login:blocked:${customerNo}`; const blockedKey = `login:blocked:${customerNo}`;
const attemptsKey = `login:attempts:${customerNo}`; const attemptsKey = `login:attempts:${customerNo}`;
console.log("hi",blockedKey);
console.log("attempt Key",attemptsKey);
// check DB locked flag
const userCheck = await authService.findUserByCustomerNo(customerNo); const userCheck = await authService.findUserByCustomerNo(customerNo);
if (userCheck && userCheck.locked) {
await setJson(blockedKey, true, BLOCK_DURATION); if (loginType.toUpperCase() === 'IB') {
return res.status(423).json({ // check DB locked flag
error: 'Your account is locked. Please contact the administrator.', if (userCheck && userCheck.locked) {
}); await setJson(blockedKey, true, BLOCK_DURATION);
return res.status(423).json({
error: 'Your account is locked. Please contact the administrator.',
});
}
} }
// --- Step 2: Check migration status // --- Step 2: Check migration status
@@ -46,36 +47,30 @@ async function login(req, res) {
const user = await authService.validateUser(customerNo, password); const user = await authService.validateUser(customerNo, password);
if (!user) { if (!user) {
// Invalid credentials: increment Redis counter if (loginType.toUpperCase() === 'IB') {
let attempts = (await getJson(attemptsKey)) || 0; let attempts = (await getJson(attemptsKey)) || 0;
attempts += 1; attempts += 1;
if (attempts >= MAX_ATTEMPTS) { if (attempts >= MAX_ATTEMPTS) {
// lock the account in DB await db.query('UPDATE users SET locked = true WHERE customer_no = $1', [customerNo]);
await db.query('UPDATE users SET locked = true WHERE customer_no = $1', [customerNo]); await setJson(blockedKey, true, BLOCK_DURATION);
await setJson(attemptsKey, 0);
// mark as blocked in Redis return res.status(423).json({
await setJson(blockedKey, true, BLOCK_DURATION); error: 'Your account has been locked due to multiple failed login attempts. Please contact the administrator.',
});
// clear attempts counter } else {
await setJson(attemptsKey, 0); await setJson(attemptsKey, attempts, BLOCK_DURATION);
return res.status(401).json({
logger.warn(`User ${customerNo} account locked after ${MAX_ATTEMPTS} failed attempts.`); error: `Invalid credentials. ${MAX_ATTEMPTS - attempts} attempt(s) remaining.`,
});
return res.status(423).json({ }
error:'Your account has been locked due to multiple failed login attempts. Please contact the administrator.', } else {
}); return res.status(401).json({ error: 'Invalid credentials.' });
}
else {
// Save the incremented attempt count with TTL (optional 15 mins)
await setJson(attemptsKey, attempts, BLOCK_DURATION);
return res.status(401).json({
error: `Invalid credentials. ${MAX_ATTEMPTS - attempts} attempt(s) remaining.`,
});
} }
} }
// --- Step 4: If login successful, reset Redis attempts --- // --- Step 4: If login successful, reset Redis attempts ---
await setJson(attemptsKey, 0); // reset counter await setJson(attemptsKey, 0); // reset counter