Uploaded image for project: 'ui-users'
  1. ui-users
  2. UIU-590

Frontend: Security: Handling Failed login attempts via Folio Login Screen - Lock Account

    XMLWordPrintable

Details

    • Story
    • Status: Closed (View Workflow)
    • P3
    • Resolution: Done
    • None
    • None
    • EPAM-Veg Sprint 1, EPAM-Veg Sprint 2, EPAM-Veg Sprint 3, EPAM-Veg Sprint 7
    • 2
    • Vega

    Description

      As a person responsible for the security of the Folio platform
      I want to prevent brute force attacks of the Folio platform when a user attempts to log in to Folio and fails.

      Requirement

      • Apply to user logging in with local username/password
      • After the 3rd failed login attempt then display a message on Folio login screen [You have entered the wrong username or password for the third time. You have two more tries to login before your account will be locked.
      • After 5 failed consecutive login attempts then lock user's Folio account and display a message on Folio login screen [For security, purposes, your account has been locked. Please contact your Folio System Administrator to reset your password.]
      • To unlock an account, Folio administrator must change the user status = active on the User's record.

      Screenshot

      Acceptance Criteria

      Given I am attempting to login to Folio
      When I fail three times to login
      Then the following message should display on the Folio login screen [You have entered the wrong username or password for the third time. You have two more tries to login before your account will be locked.]

      Given I am attempting to login to Folio
      When I failed 5 consecutive times to login
      Then a message should display For security purposes, your account has been locked. Please contact your Folio System Administrator to reset your password.

      Give my Folio account is locked
      When I attempt to login again
      Then the following message displays For security purposes, your account has been locked. Please try again or contact your Folio System Administrator.

      Given a Folio user account is locked
      When the Folio system administrator resets the user status = active on that user account
      The user should be able to attempt to login to Folio

      TestRail: Results

        Attachments

          Issue Links

            Activity

              People

                Unassigned Unassigned
                kgambrell Khalilah Gambrell
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases