I have tested by specifying the above value, and it seems the logic is not correct. I can perform N number of unsuccessful attempts and when I provided the correct password it shows the flash message "Account locked".
Once the account is locked, the pgAdmin4 server needs to restart, can we make it time-bound? I mean after N minutes user can try again, so no need to restart the pgAdmin4 server.
On Wed, Jul 14, 2021 at 9:29 PM Florian Sabonchi <sabonchi@posteo.de> wrote:
Hi I have a patch for bug #6337, in this patch you have the possibility to set in the configuration file the value MAX_LOGIN_ATTEMPTS which sets the number of failed login attempts that are allowed. If this value is exceeded the account is locked and can be reset by an administrator. By setting the variable to the value zero this feature is deactivated this is necessary if the account of the administrator was locked.
Comment:
Unfortunately the test cases fail because there seems to be a bug with the migration, but unfortunately I was not able to locate this bug.
Unfortunately, in my opinion, the documentation does not sufficiently explain how to correctly create the migrations.
I would be very happy if you could expand the documentation in the future what this concerns and create a detailed guide to create a migration. (This also concerns the instructions for the integration test)