Like what we’re doing? Star us on GitHub!

Login attempts not working?

edtorba
4 months ago
1 1

Hi all,

got the following setup for the users' collection:

auth: {
  useAPIKey: true,
  tokenExpiration: 86400, // 24h
  maxLoginAttempts: 3,
  lockTime: 900, // 15min
},

As a test did multiple login attempts via graphql-playground where I got the following message in first 3 attempts:

"message": "The email or password provided is incorrect.",

^ That's ok and as expected.

4th attempt

"message": "This user is locked due to having too many failed login attempts.",

^ Fine.

5th attempt

"message": "The email or password provided is incorrect.",

^ Say whaaaat?

On 6th attempt, I set the correct password and got logged in. However, the expected response would be - a locked account.

Question - is lockTime also defined in seconds (docs don't state in what format) as tokenExpiration? If yes, I guess that's a bug then? If not, what's going wrong?

Version 1.2.0

Thanks.

Open the post
Continue the discussion in GitHub
Can't find what you're looking for?
Get help straight from the Payload team with an Enterprise License.Learn More