Skip to content

Refactor login lockout feedback/senan#78

Open
techguysenan wants to merge 118 commits intoHardhat-Enterprises:mainfrom
techguysenan:refactor-login-lockout-feedback/senan
Open

Refactor login lockout feedback/senan#78
techguysenan wants to merge 118 commits intoHardhat-Enterprises:mainfrom
techguysenan:refactor-login-lockout-feedback/senan

Conversation

@techguysenan
Copy link
Copy Markdown

@techguysenan techguysenan commented Apr 2, 2026

Description

This PR improves the authentication security and user experience by refactoring the login lockout mechanism.

Changes Made

Replaced legacy loginAttempts usage with security.failedLogins and security.lockUntil
Added dynamic tracking of failed login attempts
Implemented account lockout after threshold is reached
Added attemptsLeft feedback in login responses
Reset failure counters on successful login
Removed outdated loginAttempts reset logic

Testing

Tested using Postman with valid and invalid login credentials
Verified correct responses:
401 for invalid credentials
423 for locked accounts
429 from rate limiter
Confirmed database updates in MongoDB Atlas:
failedLogins increments correctly
lockUntil set when threshold reached

Outcome

This improves backend security by preventing brute-force attacks and enhances user experience by providing clear feedback during login failures.

Oko8 and others added 30 commits April 3, 2025 14:35
@Oko8
feat(spam): add spam text checker
510c939
@Oko8
Feat(spam) added massege analysis for dictionary of keywords and phra…
29e13d6 
…ses,Common scam email domains or patterns,Common URL patterns and use of special characters
@s223519677
Merge branch 'dev' into main
b604950
@s223519677 @Oko8 @dec1belPP
Trusted Contacts Model & API Endpoints (Hardhat-Enterprises#21)
d6b742c 
Co-authored-by: OKO8 <okoraforokechukwu@gmail.com>
Co-authored-by: Pasindu P <99115820+dec1belPP@users.noreply.github.com>
@dec1belPP
feat(scan): add /scan endpoint
4e3760f
@dec1belPP
Security & Rate Limiting (Hardhat-Enterprises#43)
bc4d50a 
Co-authored-by: Pasindu P <99115820+dec1belPP@users.noreply.github.com>
@dec1belPP
Merge branch 'dev' into ml-microservice/pasindu
0126ea6
@s223519677
Merge branch 'dev' into main
5b3d429
Update spam.controller.js
daadca5
Update index.js
3db102e 
added space to bodyParserfrom
Update spam.route.js
ca4d7b5 
change to ES module
Merge pull request Hardhat-Enterprises#4 from s223519677/main
1fdbb56 
FEAT(spam): add spam checker
@dec1belPP
Merge branch 'dev' into ml-microservice/pasindu
0ba25fc
Update index.js
f75b46d
Merge pull request Hardhat-Enterprises#50 from dec1belPP/ml-microserv…
5102542 
…ice/pasindu

feat(ml-microservice): add /scan endpoint
@GP-Cyber64
Trigger SonarCloud analysis
aa00fab
@GP-Cyber64
Trigger SonarCloud analysis
d958d66
@pareek354
Added full feedback backend: created model, controller, and route for…
68e1fd9 
… /api/feedback; tested with Postman and ensured data is saved to MongoDB successfully.
@Moderndo
feat: add screenshots
820bf09
@Moderndo
Resolve merge: prefer feature versions of package.json and src/index.js
49fe5b7
@pareek354
Implement enhanced login security features: add login activity tracki…
65d951f 
…ng, IP/device checks, and account lockout mechanism; update dependencies and add utility functions for IP handling and user agent analysis.
feat(auth): add PIN login endpoint + signup PIN support
c90f2ac
@RaveenDilaksha
feat: implemented WHOIS API integration
6ae0d71
@RaveenDilaksha
feat: helper & dns summary feature added
a0af436
@RAGHAVVX55
feat: PIN Login Authentication Implemented (Backend)
51fa7be
@RAGHAVxDEAKIN
fix: secure PIN login with best practices + bug fixes
52a7ff2
@RAGHAVxDEAKIN
fix: remove .DS_Store files and finalize backend changes (PIN + Passw…
6b42508 
…ord login)
@RAGHAVxDEAKIN
Update .env.example
5d4326b
@RAGHAVxDEAKIN
Update .env.example
27d326a
@nimsara27
feat(api): implement basic request and response for exporting detecti…
5959f45 
…ons as csv
Ed-ward-Harris and others added 30 commits September 18, 2025 22:02
@Ed-ward-Harris
Merge pull request Hardhat-Enterprises#67 from ananthkt20/dev
3fcc98f 
feat(ml+api): add FastAPI ML service, /api/reports endpoint, training pipeline & advice
@Ed-ward-Harris
Merge branch 'dev' into dev
5811940
@Ed-ward-Harris
Merge pull request Hardhat-Enterprises#54 from pareek354/dev
d2c6750 
Added full feedback backend, Implement enhanced login security features
@anshulthakur101
Fix: remove duplicate FAQ route, keep /api/faq
0104aa5
@anshulthakur101
Fix: cleaned up index.js after conflict resolution
5df80e7
@anshulthakur101
Fix: updated index.js to match latest dev and added FAQ route
f889dfa
@Ed-ward-Harris
Merge branch 'dev' into Errorhandler
312e956
@Ed-ward-Harris
Update index.js
17c14d1
@Ed-ward-Harris
Merge pull request Hardhat-Enterprises#61 from GP-Cyber64/Errorhandler
1228bbd 
Global Error Handler
@Moderndo
Merge branch 'dev' into feature/ai-chat-api
66a2329
@anshulthakur101
Fix: merged latest dev index.js and added FAQ route
c851c8d
@Ed-ward-Harris
Merge pull request Hardhat-Enterprises#66 from anshulthakur101/dev
3917695 
Integrate FAQ backend: routes and seed data
@Moderndo
fix: restore README and revert security middleware
39958a0
@Ed-ward-Harris
Create InputValidation.md
f507f83
@Moderndo
fix: restore root README to original state
7e09429
@Moderndo
fix: revert rate limiter middleware to original state
0adcf94
@Moderndo
refactor: clean up index.js (removed duplicates, structured middlewar…
290f48a 
…es/routes)
@Moderndo
Update index.js
9958040
@Moderndo
Update index.js
c754aa5
@Ed-ward-Harris
Update index.js
5b65582
@Ed-ward-Harris
Merge pull request Hardhat-Enterprises#53 from Moderndo/feature/ai-ch…
989aca9 
…at-api

feat: add screenshots
@swagboyswastik @Mahir18-GIT
feat(auth): rebasing dev into the featured branch
dd5cbb6
@swagboyswastik @Mahir18-GIT
chore: update lockfile after npm install
14dbebb
@Mahir18-GIT
chore(deps): regenerate package-lock.json after merge/rebase
7a6f351
@Mahir18-GIT
docs(env): update .env.example with email + backup-code vars (Mailtra…
19fa782 
…p option)
@Mahir18-GIT
fix(auth): protect backup-code generate/regenerate with JWT (authMidd…
7f09f29 
…leware)
@Mahir18-GIT
chore(deps): add zod and ua-parser-js (fix module-not-found)
d582ada
@Mahir18-GIT
feat(email): respect EMAIL_SECURE and default example to Gmail (465/TLS)
ef88b7c
@Ed-ward-Harris
Merge pull request Hardhat-Enterprises#68 from Mahir18-GIT/feature/ba…
63cfc1f 
…ckup-codes

Feature-Backup codes support for authentication flow
@techguysenan
feat(auth): refactor login lockout logic and add remaining attempts f…
a0eecc3 
…eedback
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.