Login attempts not working?

default discord avatar
edtorba
10 months ago
1 1

Hi all,

got the following setup for the users' collection:

auth: {
  useAPIKey: true,
  tokenExpiration: 86400, // 24h
  maxLoginAttempts: 3,
  lockTime: 900, // 15min
},

As a test did multiple login attempts via graphql-playground where I got the following message in first 3 attempts:

"message": "The email or password provided is incorrect.",

^ That's ok and as expected.

4th attempt

"message": "This user is locked due to having too many failed login attempts.",

^ Fine.

5th attempt

"message": "The email or password provided is incorrect.",

^ Say whaaaat?

On 6th attempt, I set the correct password and got logged in. However, the expected response would be - a locked account.

Question - is lockTime also defined in seconds (docs don't state in what format) as tokenExpiration? If yes, I guess that's a bug then? If not, what's going wrong?

Version 1.2.0

Thanks.

Open the post
Continue the discussion in GitHub
Like what we're doing?
Star us on GitHub!

Star

Connect with the Payload Community on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.