Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added brute-force protection #410

Merged
merged 15 commits into from
Oct 14, 2024
Merged

Added brute-force protection #410

merged 15 commits into from
Oct 14, 2024

Conversation

KizerovDmitriy
Copy link
Contributor

@KizerovDmitriy KizerovDmitriy commented Oct 8, 2024
edited
Loading

GreenCityUser PR

Added brute-force protection to application.

  • Integrated a new service to track and block accounts when a user enters incorrect credentials beyond the allowed number of attempts. This service helps to prevent brute-force attacks by monitoring and limiting login attempts.
  • Implemented CAPTCHA validation to detect bots and prevent automated login attempts. If the CAPTCHA is invalid after a set number of tries, the account is blocked.
  • Created an email template that will be sent to the user when their account is blocked, providing instructions on how to reset their password and unlock their account.
  • Added unit tests to cover the brute-force protection functionality, including tracking, blocking, and unblocking logic.
  • Introduced new environment variables to configure the maximum number of allowed attempts (maxAttempts) and the block duration (blockTime), allowing dynamic adjustment of security settings.
  • Modified the signIn method to incorporate the new logic for checking account statuses and updating login attempts.

Issue Link 📋

#7583

PR Checklist Forms

(to be filled out by PR submitter)

  • Code is up-to-date with the dev branch.
  • You've successfully built and run the tests locally.
  • There are new or updated unit tests validating the change.
  • JIRA/ Github Issue number & title in PR title (ISSUE-XXXX: Ticket title)
  • This template filled (above this section).
  • Sonar's report does not contain bugs, vulnerabilities, security issues, code smells ar duplication
  • NEED_REVIEW and READY_FOR_REVIEW labels are added.
  • All files reviewed before sending to reviewers

@KizerovDmitriy KizerovDmitriy self-assigned this Oct 8, 2024
@RomaMocherniuk
Copy link

Please increase code coverage
image

RomaMocherniuk
RomaMocherniuk approved these changes Oct 9, 2024
View reviewed changes
Copy link

@RomaMocherniuk RomaMocherniuk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some minor comments

@KizerovDmitriy
changed unblock account link
9a0c34f 
refactored unlockAccount endpoint
refactored tests
refactored logic in OwnSecurityService
RomaMocherniuk
RomaMocherniuk reviewed Oct 14, 2024
View reviewed changes
core/pom.xml Outdated Show resolved Hide resolved
RomaMocherniuk
RomaMocherniuk reviewed Oct 14, 2024
View reviewed changes
service-api/pom.xml Outdated Show resolved Hide resolved
@KizerovDmitriy
resolved PR comments
94547ec 
refactor logic to generate token
added captcha to management login page
@KizerovDmitriy
added test for jwtTools
c7575b4
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Oct 14, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
95.5% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@KizerovDmitriy KizerovDmitriy merged commit 669f26c into dev Oct 14, 2024
3 checks passed
@KizerovDmitriy KizerovDmitriy deleted the brute-force-authentication branch October 14, 2024 10:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@IliaWithHat IliaWithHat IliaWithHat approved these changes

@holotsvan holotsvan holotsvan approved these changes

@urio999 urio999 urio999 approved these changes

@lukovskyj lukovskyj lukovskyj approved these changes

@K4sik K4sik K4sik approved these changes

@RomaMocherniuk RomaMocherniuk Awaiting requested review from RomaMocherniuk

Assignees

@KizerovDmitriy KizerovDmitriy

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@KizerovDmitriy @RomaMocherniuk @K4sik @lukovskyj @urio999 @holotsvan @IliaWithHat