diff options
| author | Phallacy <Dragoonmac@gmail.com> | 2019-03-16 00:18:52 -0700 |
|---|---|---|
| committer | Phallacy <Dragoonmac@gmail.com> | 2019-03-16 00:18:52 -0700 |
| commit | 1ee016c99745ed4a29f8995de1478ab6a6e410e9 (patch) | |
| tree | 79d9fa34f3b76ab171c667750f97052ec0de2869 | |
| parent | 221389089cc9ca4b69907d6bf3e9d38bf94393ea (diff) | |
configurable user lockout
| -rw-r--r-- | Emby.Server.Implementations/Library/UserManager.cs | 14 | ||||
| -rw-r--r-- | MediaBrowser.Model/Users/UserPolicy.cs | 3 |
2 files changed, 14 insertions, 3 deletions
diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs index efb1ef4a5..e20af003d 100644 --- a/Emby.Server.Implementations/Library/UserManager.cs +++ b/Emby.Server.Implementations/Library/UserManager.cs @@ -219,7 +219,7 @@ namespace Emby.Server.Implementations.Library //This is some regex that matches only on unicode "word" characters, as well as -, _ and @ //In theory this will cut out most if not all 'control' characters which should help minimize any weirdness // Usernames can contain letters (a-z + whatever else unicode is cool with), numbers (0-9), dashes (-), underscores (_), apostrophes ('), and periods (.) - return Regex.IsMatch(username, "^[\\w-'._@]*$"); + return Regex.IsMatch(username, @"^[\w-'._@]*$"); } private static bool IsValidUsernameCharacter(char i) @@ -448,11 +448,19 @@ namespace Emby.Server.Implementations.Library user.Policy.InvalidLoginAttemptCount = newValue; - var maxCount = user.Policy.IsAdministrator ? 3 : 5; + // Check for users without a value here and then fill in the default value + // also protect from an always lockout if misconfigured + if (user.Policy.LoginAttemptsBeforeLockout == null || user.Policy.LoginAttemptsBeforeLockout == 0) + { + user.Policy.LoginAttemptsBeforeLockout = user.Policy.IsAdministrator ? 5 : 3; + } + + var maxCount = user.Policy.LoginAttemptsBeforeLockout; var fireLockout = false; - if (newValue >= maxCount) + // -1 can be used to specify no lockout value + if (maxCount != -1 && newValue >= maxCount) { _logger.LogDebug("Disabling user {0} due to {1} unsuccessful login attempts.", user.Name, newValue); user.Policy.IsDisabled = true; diff --git a/MediaBrowser.Model/Users/UserPolicy.cs b/MediaBrowser.Model/Users/UserPolicy.cs index 27ce23778..5415fd5e8 100644 --- a/MediaBrowser.Model/Users/UserPolicy.cs +++ b/MediaBrowser.Model/Users/UserPolicy.cs @@ -66,6 +66,7 @@ namespace MediaBrowser.Model.Users public bool EnableAllFolders { get; set; } public int InvalidLoginAttemptCount { get; set; } + public int? LoginAttemptsBeforeLockout { get; set; } public bool EnablePublicSharing { get; set; } @@ -104,6 +105,8 @@ namespace MediaBrowser.Model.Users AccessSchedules = Array.Empty<AccessSchedule>(); + LoginAttemptsBeforeLockout = -1; + EnableAllChannels = true; EnabledChannels = Array.Empty<string>(); |