[PR #2747] [CLOSED] Lock accounts after X login failures, configurable #3142

New issue

Closed

opened 2026-03-03 09:26:10 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 09:26:10 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/2747
Author: @Willena
Created: 9/16/2022
Status: ❌ Closed

Base: main ← Head: feature/limit_user_atemps

📝 Commits (1)

485e21d Implement max login attempts

📊 Changes

12 files changed (+46 additions, -6 deletions)

View changed files

➕ migrations/mysql/2022-09-15-002500_add_login_attempts/down.sql (+0 -0)
➕ migrations/mysql/2022-09-15-002500_add_login_attempts/up.sql (+1 -0)
➕ migrations/postgresql/2022-09-15-002500_add_login_attempts/down.sql (+0 -0)
➕ migrations/postgresql/2022-09-15-002500_add_login_attempts/up.sql (+1 -0)
➕ migrations/sqlite/2022-09-15-002500_add_login_attempts/down.sql (+0 -0)
➕ migrations/sqlite/2022-09-15-002500_add_login_attempts/up.sql (+1 -0)
📝 src/api/identity.rs (+34 -6)
📝 src/config.rs (+3 -0)
📝 src/db/models/user.rs (+3 -0)
📝 src/db/schemas/mysql/schema.rs (+1 -0)
📝 src/db/schemas/postgresql/schema.rs (+1 -0)
📝 src/db/schemas/sqlite/schema.rs (+1 -0)

📄 Description

I saw this feature request in #246

The implementation reuse the user enabling feature to lock the account. It simply automatically disable the user when the number of retries is reach. When locked, only an admin can re-enable the user account.

A new column has been added to the user schema to store the number of failed attempts.
It is configurable with the login_max_retry configuration key. The default value is 0 which disable automatic account locking

Any remarks tips and comments are welcomed as I'm not yet familiar with rust and currently trying to learn it

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/2747 **Author:** [@Willena](https://github.com/Willena) **Created:** 9/16/2022 **Status:** ❌ Closed **Base:** `main` ← **Head:** `feature/limit_user_atemps` --- ### 📝 Commits (1) - [`485e21d`](https://github.com/dani-garcia/vaultwarden/commit/485e21d95f428eb5b87b969cf9125dc1a47fb9b8) Implement max login attempts ### 📊 Changes **12 files changed** (+46 additions, -6 deletions) <details> <summary>View changed files</summary> ➕ `migrations/mysql/2022-09-15-002500_add_login_attempts/down.sql` (+0 -0) ➕ `migrations/mysql/2022-09-15-002500_add_login_attempts/up.sql` (+1 -0) ➕ `migrations/postgresql/2022-09-15-002500_add_login_attempts/down.sql` (+0 -0) ➕ `migrations/postgresql/2022-09-15-002500_add_login_attempts/up.sql` (+1 -0) ➕ `migrations/sqlite/2022-09-15-002500_add_login_attempts/down.sql` (+0 -0) ➕ `migrations/sqlite/2022-09-15-002500_add_login_attempts/up.sql` (+1 -0) 📝 `src/api/identity.rs` (+34 -6) 📝 `src/config.rs` (+3 -0) 📝 `src/db/models/user.rs` (+3 -0) 📝 `src/db/schemas/mysql/schema.rs` (+1 -0) 📝 `src/db/schemas/postgresql/schema.rs` (+1 -0) 📝 `src/db/schemas/sqlite/schema.rs` (+1 -0) </details> ### 📄 Description I saw this feature request in #246 The implementation reuse the user enabling feature to lock the account. It simply automatically disable the user when the number of retries is reach. When locked, only an admin can re-enable the user account. A new column has been added to the user schema to store the number of failed attempts. It is configurable with the `login_max_retry` configuration key. The default value is 0 which disable automatic account locking *Any remarks tips and comments are welcomed as I'm not yet familiar with rust and currently trying to learn it* --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>