configurable user lockout

This commit is contained in:
Phallacy 2019-03-16 00:18:52 -07:00
parent 221389089c
commit 1ee016c997
2 changed files with 14 additions and 3 deletions

View File

@ -219,7 +219,7 @@ namespace Emby.Server.Implementations.Library
//This is some regex that matches only on unicode "word" characters, as well as -, _ and @
//In theory this will cut out most if not all 'control' characters which should help minimize any weirdness
// Usernames can contain letters (a-z + whatever else unicode is cool with), numbers (0-9), dashes (-), underscores (_), apostrophes ('), and periods (.)
return Regex.IsMatch(username, "^[\\w-'._@]*$");
return Regex.IsMatch(username, @"^[\w-'._@]*$");
}
private static bool IsValidUsernameCharacter(char i)
@ -448,11 +448,19 @@ namespace Emby.Server.Implementations.Library
user.Policy.InvalidLoginAttemptCount = newValue;
var maxCount = user.Policy.IsAdministrator ? 3 : 5;
// Check for users without a value here and then fill in the default value
// also protect from an always lockout if misconfigured
if (user.Policy.LoginAttemptsBeforeLockout == null || user.Policy.LoginAttemptsBeforeLockout == 0)
{
user.Policy.LoginAttemptsBeforeLockout = user.Policy.IsAdministrator ? 5 : 3;
}
var maxCount = user.Policy.LoginAttemptsBeforeLockout;
var fireLockout = false;
if (newValue >= maxCount)
// -1 can be used to specify no lockout value
if (maxCount != -1 && newValue >= maxCount)
{
_logger.LogDebug("Disabling user {0} due to {1} unsuccessful login attempts.", user.Name, newValue);
user.Policy.IsDisabled = true;

View File

@ -66,6 +66,7 @@ namespace MediaBrowser.Model.Users
public bool EnableAllFolders { get; set; }
public int InvalidLoginAttemptCount { get; set; }
public int? LoginAttemptsBeforeLockout { get; set; }
public bool EnablePublicSharing { get; set; }
@ -104,6 +105,8 @@ namespace MediaBrowser.Model.Users
AccessSchedules = Array.Empty<AccessSchedule>();
LoginAttemptsBeforeLockout = -1;
EnableAllChannels = true;
EnabledChannels = Array.Empty<string>();