FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Changing password after lockout doesn't reset failed attempts count

    Scheduled Pinned Locked Moved
    Q&A
    0
    3
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      travis.milum
      last edited by

      We're implementing a mechanism to lock a user out with a user action after a number of failed login attempts. We want this lockout to persist until the user changes their password.

      What we find is that if we create and then delete the lockout action and then the user tries to login again the account is locked after a single failed login attempt. We're expecting that after the lockout action is removed that the user has another number of failed login attempts to go through before a lockout again.

      It would seem like this is a bug, but we can probably work around the issue if there is an API that could be called which would reset the user's failed login count.

      Thanks

      1 Reply Last reply Reply Quote 0
      • joshuaJ
        joshua
        last edited by

        @travis-milum

        Thanks for the feedback. Let me review and report back.

        Thanks,
        Josh

        1 Reply Last reply Reply Quote 0
        • joshuaJ
          joshua
          last edited by joshua

          https://github.com/FusionAuth/fusionauth-issues/issues/1394 - logged for feature tracking. Feel free to add your own comments or observations as you see fit

          1 Reply Last reply Reply Quote 0
          • First post
            Last post