Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"Block failed login attempts by Username" prevents new users from registering #21523

Open
Nowa-Ammerlaan opened this issue Apr 10, 2021 · 3 comments

Comments

@Nowa-Ammerlaan
Copy link

Description:

During registration a username is not set for the user, (email, password and name is set, username is not), the user only selects their username after first login. However, if "Block failed login attempts by Username" is enabled, new users cannot complete this first login. Their username is unknown and therefore the blocking policy rejects the login:

I20210410-20:48:31.111(0) Failed login detected - Username[unknown]

This effectively prevents users from registering, an admin has to set their username for them manually in order for the user to be able to login.

Steps to reproduce:

  1. Enable "Block failed login attempts by Username"
  2. Complete registration form
  3. Click the register button

Expected behavior:

The user should be able to set their username and complete the registration process. This could either be accomplished by requesting the user to set an username before first login, or by making an exception to the "Block failed login attempts by Username" policy for the situation where the username is unknown.

Actual behavior:

The to-be-registerd user is not prompted to set their username, and is not able to complete the registration process.

Server Setup Information:

  • Version of Rocket.Chat Server: 3.12.3
  • Operating System:
  • Deployment Method: Trial version on the cloud
  • Number of Running Instances: 1
  • DB Replicaset Oplog:
  • NodeJS Version: 12.18.4
  • MongoDB Version: 4.4.3

Client Setup Information

  • Desktop App or Browser Version: Firefox 87.0
  • Operating System: Gentoo Linux 5.11.7

Additional context

Relevant logs:

I20210410-20:48:31.111(0) Failed login detected - Username[unknown]
@ankar84
Copy link

ankar84 commented Apr 12, 2021

@AndrewAmmerlaan can you check if enabling Login Fallback on LDAP settings (if you use it) helps?

@Nowa-Ammerlaan
Copy link
Author

@AndrewAmmerlaan can you check if enabling Login Fallback on LDAP settings (if you use it) helps?

LDAP is disabled on this server. The issue was discovered using the regular registration/login interface.

@tazire
Copy link

tazire commented Oct 2, 2021

I'm currently having this issue. just to add to this if you leave the "Block failed login attempts by Username" active and work around this by having admins add the username it will allow access however it will not auto add the default channels.

Obviously fix the actual issue and the workaround issue isn't a problem. I have deactivated the block to allow registrations.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants