Uploaded image for project: 'ui-users'
  1. ui-users
  2. UIU-590

Frontend: Security: Handling Failed login attempts via Folio Login Screen - Lock Account

    XMLWordPrintable

Details

    • Story
    • Status: Closed (View Workflow)
    • P3
    • Resolution: Done
    • None
    • None
    • EPAM-Veg Sprint 1, EPAM-Veg Sprint 2, EPAM-Veg Sprint 3, EPAM-Veg Sprint 7
    • 2
    • Vega

    Description

      As a person responsible for the security of the Folio platform
      I want to prevent brute force attacks of the Folio platform when a user attempts to log in to Folio and fails.

      Requirement

      • Apply to user logging in with local username/password
      • After the 3rd failed login attempt then display a message on Folio login screen [You have entered the wrong username or password for the third time. You have two more tries to login before your account will be locked.
      • After 5 failed consecutive login attempts then lock user's Folio account and display a message on Folio login screen [For security, purposes, your account has been locked. Please contact your Folio System Administrator to reset your password.]
      • To unlock an account, Folio administrator must change the user status = active on the User's record.

      Screenshot

      Acceptance Criteria

      Given I am attempting to login to Folio
      When I fail three times to login
      Then the following message should display on the Folio login screen [You have entered the wrong username or password for the third time. You have two more tries to login before your account will be locked.]

      Given I am attempting to login to Folio
      When I failed 5 consecutive times to login
      Then a message should display For security purposes, your account has been locked. Please contact your Folio System Administrator to reset your password.

      Give my Folio account is locked
      When I attempt to login again
      Then the following message displays For security purposes, your account has been locked. Please try again or contact your Folio System Administrator.

      Given a Folio user account is locked
      When the Folio system administrator resets the user status = active on that user account
      The user should be able to attempt to login to Folio

      TestRail: Results

        Attachments

          Issue Links

            clones

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. UIU-591 Frontend: Indicate on User Detail record that the User is inactive due to failed login attempts

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed
            has to be done after

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODLOGIN-103 Backend: Security: Handling Failed login attempts via Folio Login Screen - Lock Account

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed
            is blocked by

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODLOGIN-86 Create/Extend password storage to support retaining last 10 changed passwords a user has saved

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. MODLOGIN-89 Fix user blocking

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODUSERS-101 SPIKE - Determine the approach for updating user record in an anonymous request

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. RMB-320 Updating records containing metadata causes exceptions in database trigger

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed
            is cloned by

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODLOGIN-54 Show notification on the login page when a user account is blocked.

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed
            relates to

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODLOGIN-41 Backend - Security: Handling: Failed login attempts - Lock Account

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODLOGIN-42 Security: Counting Failed login attempts

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            New Feature - New feature requests UXPROD-39 Local password management

            • P2 - normal priority level, must be included in the current development cycle
            • Closed
            requires

            Bug - A problem which impairs or prevents the functions of the product. RMB-353 Metadata without user id

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Activity

              People

                Unassigned Unassigned
                kgambrell Khalilah Gambrell
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases