(identifier string, success bool)
| 251 | } |
| 252 | |
| 253 | func (auth *AuthService) RecordLoginAttempt(identifier string, success bool) { |
| 254 | if auth.config.LoginMaxRetries <= 0 || auth.config.LoginTimeout <= 0 { |
| 255 | return |
| 256 | } |
| 257 | |
| 258 | auth.loginMutex.Lock() |
| 259 | defer auth.loginMutex.Unlock() |
| 260 | |
| 261 | if len(auth.loginAttempts) >= MaxLoginAttemptRecords { |
| 262 | if auth.lockdown != nil && auth.lockdown.Active { |
| 263 | return |
| 264 | } |
| 265 | go auth.lockdownMode() |
| 266 | return |
| 267 | } |
| 268 | |
| 269 | attempt, exists := auth.loginAttempts[identifier] |
| 270 | if !exists { |
| 271 | attempt = &LoginAttempt{} |
| 272 | auth.loginAttempts[identifier] = attempt |
| 273 | } |
| 274 | |
| 275 | attempt.LastAttempt = time.Now() |
| 276 | |
| 277 | if success { |
| 278 | attempt.FailedAttempts = 0 |
| 279 | attempt.LockedUntil = time.Time{} // Reset lock time |
| 280 | return |
| 281 | } |
| 282 | |
| 283 | attempt.FailedAttempts++ |
| 284 | |
| 285 | if attempt.FailedAttempts >= auth.config.LoginMaxRetries { |
| 286 | attempt.LockedUntil = time.Now().Add(time.Duration(auth.config.LoginTimeout) * time.Second) |
| 287 | tlog.App.Warn().Str("identifier", identifier).Int("timeout", auth.config.LoginTimeout).Msg("Account locked due to too many failed login attempts") |
| 288 | } |
| 289 | } |
| 290 | |
| 291 | func (auth *AuthService) IsEmailWhitelisted(email string) bool { |
| 292 | return utils.CheckFilter(strings.Join(auth.config.OauthWhitelist, ","), email) |
no test coverage detected