Change Remaining login attempts message type from error to warning.

Open on Drupal.org →

Created on 1 November 2023, 8 months ago

Problem/Motivation

Change Remaining login attempts message type from error to warning.

Technically the message is not an error, it can be as a warning.

Steps to reproduce

Login to site without TFA setup you will be greeted with a message to set up TFA, but it is of error type but I think it is not correct.

Proposed resolution

Change message type from error to warning when there are still attempts to login without TFA.

Remaining tasks

update code.

User interface changes

API changes

Data model changes

📌 Task

Status

Active

Version

2.0

Component

User interface

Created by

🇮🇳India Bhanu951

Live updates comments and jobs are added and updated live.

Sign in to follow issues

Comments & Activities

Issue created by @Bhanu951
Comment 8 months ago →
🇺🇸United States cmlara
Adding some context here for discussion. I'm not really firmly draw to this one way or the other at the moment.

Arguments for Error:
The account is required to have TFA but doesn't, this could be seen as the account in an 'error' condition.
The user will be locked out if they do not take action.
It requires administrative interaction to resolve the situation if a user fails to setup TFA when required.
We want users to see this and take action as soon as possible.
A logout could happen at any time.

Arguments for Warning:
Nothing has failed yet, this is just a notice that the user needs to take action.
A user can continue until they are logged out which could be some time in the future.
✨ Force user to setup TFA when required and there are no remaining skips Needs work could reduce the risk the risk of a lockout/admin intervention reducing the need for the severity.

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024