Automatically closed - issue fixed for 2 weeks with no activity.
After multiple failed login attempts (default set to 5 tries), a user can no longer login until a certain amount is time passed (default set to 6 hours), and instead sees the message "There have been more than 5 failed login attempts for this account. It is temporarily blocked. Try again later or request a new password.". When a user uses the one-time login link to log in, then changes his/her password and logs out, the temporary block is still in place, the user cannot still cannot log in until the window has passed.
There is no way (other than removing the flood records from the database, or through contrib solutions #67 π Nothing clears the "5 failed login attempts" security message when a user resets their own password Fixed ) to remove the temporary ban (implemented through the Flood API) from the account.
This issue is about lifting the ban after a successful login through the reset password functionality. There is a separate issue to lift the ban after an account's password is changed ( π User login flood lock doesn't clear when reset password as admin Fixed ).
D7 issue: π [D7] Nothing clears the "5 failed login attempts" security message when a user resets their own password Fixed
When a user logs in using the one-time login link, the temporary ban on the account should be lifted. The IP-based ban, if present, should remain in place ( #35 π Nothing clears the "5 failed login attempts" security message when a user resets their own password Fixed ).
Patch review.
None.
None.
None.
I have a user who forgot his password, and he started getting the "5 failed attempts" message. So I go in and reset the password manually as an admin.
But the new password will not work, and he continues to get the "5 failed attempts" message. The only thing we could do was delete his user, then recreate it.
Once their password has been changed in the interface by an admin, it should clear the security block, correct? Or is there a manual way to clear the security block? Because the user still says "active".
Fixed
9.5
Last updated
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Automatically closed - issue fixed for 2 weeks with no activity.