Changing password after lockout doesn't reset failed attempts count

We're implementing a mechanism to lock a user out with a user action after a number of failed login attempts. We want this lockout to persist until the user changes their password.

What we find is that if we create and then delete the lockout action and then the user tries to login again the account is locked after a single failed login attempt. We're expecting that after the lockout action is removed that the user has another number of failed login attempts to go through before a lockout again.

It would seem like this is a bug, but we can probably work around the issue if there is an API that could be called which would reset the user's failed login count.

Thanks

Any followup on this one?

Hmm. Can you list out the webhooks that are restricted this way?

We just updated recently.

Currently using a developer license which includes a Reactor license as well. But when enabling the user.password.update webhook in a tenant it does not save and shows the error 'Reactor license required'

Is it possible to fire the user.email.verified webhook when the user clicks the set password link in their email?

Scenario is

1. User account and registration are created via api. Application is configured to require email verifications, the api request uses sendSetPasswordEmail = true, and skipRegistrationVerification = true
2. They receive an email to set their password
3. User clicks the link and is shown the password change view
   -- at this point since the user clicked the link I'd like to be able to confirm that the email is valid
4. User enters new password
5. user.email.verified webhook sent.