senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
veza/veza-backend-api/internal/core/auth
History
senke 44517da6f6 [BE-SEC-007] security: Implement account lockout after failed login attempts 
- Created AccountLockoutService to track failed login attempts
- Accounts are locked after 5 failed attempts within 15 minutes
- Lockout duration: 30 minutes (auto-unlock)
- Service uses Redis for persistence (fail-open if Redis unavailable)
- Integrated into AuthService Login method:
  * Check account lockout status before login
  * Record failed attempts (even for non-existent users to prevent enumeration)
  * Reset failed attempts counter on successful login
  * Auto-unlock expired accounts
- Added SetAccountLockoutService method to AuthService
- Service initialized in router when Redis is available

Phase: PHASE-4
Priority: P1
Progress: 9/267 (3.4%)
2025-12-24 12:10:41 +01:00
..
handler.go stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
service.go [BE-SEC-007] security: Implement account lockout after failed login attempts 2025-12-24 12:10:41 +01:00