feat: add login attempt counter#82
Merged
smarcet merged 2 commits intohotfix/user-prevalidation-feedbackfrom Jul 14, 2025
Merged
feat: add login attempt counter#82smarcet merged 2 commits intohotfix/user-prevalidation-feedbackfrom
smarcet merged 2 commits intohotfix/user-prevalidation-feedbackfrom
Conversation
Change-Id: Icd5ceb7f886ffa918449c872047ce4f279ee9c81
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a login attempt counter, exposes related session variables to the frontend, and updates backend logic to track and reset failed attempts.
- Add
max_login_failed_attemptsanduser_is_activesession values in the login view - Enhance React form to display dynamic error messages based on login attempt counts and lock status
- Persist and reset
login_failed_attemptin the user model and propagate values via the controller
Reviewed Changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| resources/views/auth/login.blade.php | Inject new session variables (maxLoginFailedAttempts, user_is_active) into JS config |
| resources/js/login/login.js | Use loginAttempts, maxLoginFailedAttempts, and userIsActive to conditionally render errors |
| app/libs/Auth/Models/User.php | Initialize login_failed_attempt in activate() and verifyEmail() |
| app/libs/Auth/Factories/UserFactory.php | Remove unused import |
| app/Services/SecurityPolicies/LockUserCounterMeasure.php | Simplify null check on $user |
| app/Http/Controllers/UserController.php | Expose new config values (max_login_failed_attempts, user_is_active) in JSON responses |
Comments suppressed due to low confidence (4)
resources/views/auth/login.blade.php:70
- The config property uses snake_case (
user_is_active) while other properties use camelCase. Rename touserIsActivefor consistency with the rest of the JS config.
config.user_is_active = {{Session::get("user_is_active")}};
app/Http/Controllers/UserController.php:513
- The value for
user_verifiedis sometimes a boolean (true) and sometimes an integer (1). For consistency and clearer API design, use a boolean in all cases.
$response_data['user_verified'] = 1;
app/libs/Auth/Models/User.php:1857
- Setting
login_failed_attemptto 10 inactivate()may immediately lock the user again. Verify whether this should be reset to 0 instead to fully clear prior failures.
$this->login_failed_attempt = 10;
resources/js/login/login.js:819
- Server response keys are snake_case (
login_attempts,max_login_failed_attempts) but props are accessed as camelCase. This mismatch may cause undefined values; ensure prop names align with the data shape (either rename server keys or adjust prop accessors).
loginAttempts={this.props?.loginAttempts}
romanetar
requested changes
Jul 14, 2025
app/libs/Auth/Models/User.php
Outdated
| if(!$this->active) { | ||
| $this->active = true; | ||
| $this->spam_type = self::SpamTypeHam; | ||
| $this->login_failed_attempt = 10; |
Contributor
There was a problem hiding this comment.
Please extract this to a constant
Change-Id: Ib765702819565ec82e1bc60361aee27aa492350b
smarcet
added a commit
that referenced
this pull request
Jul 14, 2025
…78) * feat: propagate can_login to UI and give more feedback Signed-off-by: romanetar <roman_ag@hotmail.com> * feat: add more feedback to UI on inactive and/or unverified accounts Signed-off-by: romanetar <roman_ag@hotmail.com> * fix: login flow ui tweaks Signed-off-by: romanetar <roman_ag@hotmail.com> * fix: PR review feedback Signed-off-by: romanetar <roman_ag@hotmail.com> * feat: add login attempt counter (#82) * feat: add login attempt counter Change-Id: Icd5ceb7f886ffa918449c872047ce4f279ee9c81 * fix: remove hard coded test value Change-Id: Ib765702819565ec82e1bc60361aee27aa492350b --------- Signed-off-by: romanetar <roman_ag@hotmail.com> Co-authored-by: sebastian marcet <smarcet@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Change-Id: Icd5ceb7f886ffa918449c872047ce4f279ee9c81
ref https://tipit.avaza.com/project/view/376250#!tab=task-pane&task=3818781