Merge pull request #4 from jellyfin/master

updating local master

1 files changed, 10 insertions, 2 deletions

diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index ee90b3558..4cf703add 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -448,11 +448,19 @@ namespace Emby.Server.Implementations.Library
 
             user.Policy.InvalidLoginAttemptCount = newValue;
 
-            var maxCount = user.Policy.IsAdministrator ? 3 : 5;
+            // Check for users without a value here and then fill in the default value
+            // also protect from an always lockout if misconfigured
+            if (user.Policy.LoginAttemptsBeforeLockout == null || user.Policy.LoginAttemptsBeforeLockout == 0)
+            {
+                user.Policy.LoginAttemptsBeforeLockout = user.Policy.IsAdministrator ? 5 : 3;
+            }
+
+            var maxCount = user.Policy.LoginAttemptsBeforeLockout;
 
             var fireLockout = false;
 
-            if (newValue >= maxCount)
+            // -1 can be used to specify no lockout value
+            if (maxCount != -1 && newValue >= maxCount)
             {
                 _logger.LogDebug("Disabling user {0} due to {1} unsuccessful login attempts.", user.Name, newValue);
                 user.Policy.IsDisabled = true;