Skip to content
Snippets Groups Projects
Commit 1e69a241 authored by Dmitry Ivanov's avatar Dmitry Ivanov
Browse files

fix(auth): check if user exists in auth attempts tracker 

This patch fixes a possible DOS by checking whether the user exists
before creating a record for its unsuccessful auth attempt. This is
due to the fact that `box.session.on_auth` will be called even for
unknown users (this helps vanilla users log such events).
parent 2c9a13f3
No related branches found
No related tags found
1 merge request!766feat(audit): add authentication events
Checking pipeline status
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment