From 6b4a69b7898ab6a98d89291d459e2f4fddc8ee52 Mon Sep 17 00:00:00 2001 From: Jayram Date: Mon, 8 Feb 2021 19:15:42 +0530 Subject: [PATCH 1/3] docs: add annotations for ENABLE_MAX_FAILED_LOGIN_ATTEMPTS feature flag --- lms/envs/common.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/lms/envs/common.py b/lms/envs/common.py index c2fa5e5935..bf00176f76 100644 --- a/lms/envs/common.py +++ b/lms/envs/common.py @@ -387,6 +387,18 @@ FEATURES = { ], # Turn off account locking if failed login attempts exceeds a limit + # .. toggle_name: FEATURES['ENABLE_MAX_FAILED_LOGIN_ATTEMPTS'] + # .. toggle_implementation: DjangoSetting + # .. toggle_default: True + # .. toggle_description: This feature will keep track of the number of failed login attempts on a given user's + # email. If the number of consecutive failed login attempts - without a successful login at some point - reaches + # a configurable threshold (default 6), then the account will be locked for a configurable amount of seconds + # (30 minutes) which will prevent additional login attempts until this time period has passed. If a user + # successfully logs in, all the counter which tracks the number of failed attempts will be reset back to 0. If + # set to False then account locking will be disabled for failed login attempts. + # .. toggle_use_cases: open_edx + # .. toggle_creation_date: 2014-01-30 + # .. toggle_tickets: https://github.com/edx/edx-platform/pull/2331 'ENABLE_MAX_FAILED_LOGIN_ATTEMPTS': True, # Hide any Personally Identifiable Information from application logs From 7d479a814870e61dee8fd7097508e0a06f2107ca Mon Sep 17 00:00:00 2001 From: Jayram Date: Mon, 8 Feb 2021 19:19:27 +0530 Subject: [PATCH 2/3] docs: add annotations for MAX_FAILED_LOGIN_ATTEMPTS_ALLOWED settings --- lms/envs/common.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lms/envs/common.py b/lms/envs/common.py index bf00176f76..4149381424 100644 --- a/lms/envs/common.py +++ b/lms/envs/common.py @@ -3386,6 +3386,11 @@ FILE_UPLOAD_STORAGE_BUCKET_NAME = 'SET-ME-PLEASE (ex. bucket-name)' FILE_UPLOAD_STORAGE_PREFIX = 'submissions_attachments' ##### ACCOUNT LOCKOUT DEFAULT PARAMETERS ##### +# .. setting_name: MAX_FAILED_LOGIN_ATTEMPTS_ALLOWED +# .. setting_default: 6 +# .. setting_description: Specifies the maximum failed login attempts allowed to users. Once the user reaches this +# failure threshold then the account will be locked for a configurable amount of seconds (30 minutes) which will +# prevent additional login attempts until this time period has passed. MAX_FAILED_LOGIN_ATTEMPTS_ALLOWED = 6 MAX_FAILED_LOGIN_ATTEMPTS_LOCKOUT_PERIOD_SECS = 30 * 60 From 67c5cca44b960a69fead93b3fabe44685a3c3ff9 Mon Sep 17 00:00:00 2001 From: Jayram Date: Mon, 8 Feb 2021 19:26:29 +0530 Subject: [PATCH 3/3] docs: add annotations for MAX_FAILED_LOGIN_ATTEMPTS_LOCKOUT_PERIOD_SECS settings docs: added related settings description for login attempts --- lms/envs/common.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lms/envs/common.py b/lms/envs/common.py index 4149381424..8a8585695b 100644 --- a/lms/envs/common.py +++ b/lms/envs/common.py @@ -3390,8 +3390,16 @@ FILE_UPLOAD_STORAGE_PREFIX = 'submissions_attachments' # .. setting_default: 6 # .. setting_description: Specifies the maximum failed login attempts allowed to users. Once the user reaches this # failure threshold then the account will be locked for a configurable amount of seconds (30 minutes) which will -# prevent additional login attempts until this time period has passed. +# prevent additional login attempts until this time period has passed. This setting is related with +# MAX_FAILED_LOGIN_ATTEMPTS_LOCKOUT_PERIOD_SECS and only used when ENABLE_MAX_FAILED_LOGIN_ATTEMPTS is enabled. MAX_FAILED_LOGIN_ATTEMPTS_ALLOWED = 6 + +# .. setting_name: MAX_FAILED_LOGIN_ATTEMPTS_LOCKOUT_PERIOD_SECS +# .. setting_default: 30 * 60 +# .. setting_description: Specifies the lockout period in seconds for consecutive failed login attempts. Once the user +# reaches the threshold of the login failure, then the account will be locked for the given amount of seconds +# (30 minutes) which will prevent additional login attempts until this time period has passed. This setting is +# related with MAX_FAILED_LOGIN_ATTEMPTS_ALLOWED and only used when ENABLE_MAX_FAILED_LOGIN_ATTEMPTS is enabled. MAX_FAILED_LOGIN_ATTEMPTS_LOCKOUT_PERIOD_SECS = 30 * 60