Skip to content
This repository was archived by the owner on Feb 17, 2019. It is now read-only.

Fix #56#57

Open
slytter wants to merge 4 commits into
masterfrom
issue/56/failed
Open

Fix #56#57
slytter wants to merge 4 commits into
masterfrom
issue/56/failed

Conversation

@slytter

@slytter slytter commented Mar 7, 2017

Copy link
Copy Markdown
Contributor

No description provided.

@kparkov kparkov left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple of minor adjustments.

I would also like to see a unit test.

Finally, you should add a status code mention in the README.

Comment thread store/query/auth.js Outdated

const time = 250 * user.failedAttempts;
const lockedTill = moment().add(time, 'ms');
await this.findOneAndUpdate({ email }, { $set: { failedAttempts: user.failedAttempts + 1, locked: lockedTill } });

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's wrong with user.save() in this instance? Why not set the user.locked field directly?

Comment thread store/query/auth.js Outdated
const users = await this.find({ email, password: hash });
if (users.length === 0) throw new Error('Wrong e-mail or password');
if (user.locked && moment().isBefore(user.locked)) {
throw { Error: 'LockError', retry: user.locked };

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change the key to name instead of Error. A true error object has { name: 'ErrorType', message: 'details' }. Sticking to this convention will allow us to replace this object literal with an error instance.

Comment thread api/controllers/login.js Outdated
} catch (e) {
if (e.Error === 'LockError') {
res.set('Retry-After', e.retry);
return res.failure('To many attempts.', 429);

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The message should be changed to:

'Login have been locked for a short cooldown period due to failed login attempts.'

Comment thread api/controllers/login.js Outdated
return res.success(token);
} catch (e) {
if (e.Error === 'LockError') {
res.set('Retry-After', e.retry);

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please format the retry date as an ISO 8601 string, if that is not already the case.

@slytter slytter removed their assignment Jun 6, 2017
@slytter slytter self-assigned this Jun 15, 2017

@kparkov kparkov left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No unit tests were written to validate this change.

@slytter

slytter commented Jul 3, 2017

Copy link
Copy Markdown
Contributor Author

Notice: 4 test are failing in this commit because they are outdated (has been fixed in another issue), and has nothing to do with the newest implemented test.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants