Login attempts not working?

default discord avatar
10 months ago
1 1

Hi all,

got the following setup for the users' collection:

auth: {
  useAPIKey: true,
  tokenExpiration: 86400, // 24h
  maxLoginAttempts: 3,
  lockTime: 900, // 15min

As a test did multiple login attempts via graphql-playground where I got the following message in first 3 attempts:

"message": "The email or password provided is incorrect.",

^ That's ok and as expected.

4th attempt

"message": "This user is locked due to having too many failed login attempts.",

^ Fine.

5th attempt

"message": "The email or password provided is incorrect.",

^ Say whaaaat?

On 6th attempt, I set the correct password and got logged in. However, the expected response would be - a locked account.

Question - is lockTime also defined in seconds (docs don't state in what format) as tokenExpiration? If yes, I guess that's a bug then? If not, what's going wrong?

Version 1.2.0


Open the post
Continue the discussion in GitHub
Like what we're doing?
Star us on GitHub!


Connect with the Payload Community on Discord



Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.