[OGo-Bugs][Bug 1917] automatic account locking on failed login attempts is broken

bugs@opengroupware.org bugs@opengroupware.org
Wed, 26 Sep 2007 13:18:12 +0200 (CEST) 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug
report.

http://bugzilla.opengroupware.org/bugzilla/show_bug.cgi?id=1917





------- Additional Comments From sebastia@l00-bugdead-prods.de  2007-09-26 13:15 -------
>From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.7 (like Gecko) SUSE

Description of problem:
With autolock accounts for failed login attemtps enabled like this:

HandleFailedAuthorizations YES
MinutesBetweenFailedLogins 15
FailedLoginCount 3
FailedLoginLockInfoMailAddress ogoroot

after the first failed login attempt, all login attempts, not only for the account that entered a wrong password, are not working anymore until the webui is restarted.

on subsequent attemtps, regardless whether with correct or incorrect password, the following shows up in the logs:



Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.enable HandleFailedAuthorizations 
2.login with wrong password
3.see unable to login with subsequent attempts
    

Actual Results:  HandleFailedAuthorizations is broken

Expected Results:  HandleFailedAuthorizations should work

Additional info:

The sourcecode for the failed-login feature is in OGoContextManager+FailedLogin.m and needs quite some cleanup ...

------- Additional Comments From sebastia@l00-bugdead-prods.de  2007-09-26 13:18 -------
I forgot the logs when someone tries to login after the account is locked:

Sep 26 13:00:50 ogo-webui-1.1 [22463]: OGoContextManager: could not begin 
database transaction
Sep 26 13:00:50 ogo-webui-1.1 [22463]: >DirectAction> access denied for user 
ogouser.
Sep 26 13:00:50 ogo-webui-1.1 [22463]: <<0x0x7eb84584[WOForm]>>D Note: 
session-id is requested, but no session is active?
212.204.56.174 - - [26/Sep/2007:13:00:50 
GMT] "POST /OpenGroupware.woa/x/login?da=&o=1190804439 HTTP/1.1" 200 1519/143 
0.294 5362 71% -




------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.