[Koha] No indication to patron that they have exceeded the allowed failed login attempts
Arturo Longoria
Arturo.Longoria at sll.texas.gov
Tue Mar 19 10:12:05 NZDT 2019
Hello,
I'm not sure if I've stumbled upon a bug, or if I'm not using the FailedLoginAttempts system preference correctly -- could someone offer any feedback? I'd be happy to file a bug report if it is indeed a bug!
Our library is on 18.05.10. Our FailedLoginAttempts preference is set to 5. When I purposely enter the wrong password to an account, I can see that the login_attempts column for the user is incremented. But when it goes past 5, I never see the message alerting me that I've exceeded my login attempts and need to reset my password. Instead, I keep seeing the same standard message warning me about it: "You entered an incorrect username or password. Please try again! [...]"
The bug indicates that I should be prompted to reset my password, but that never happens (https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18314). And if I enter the correct password after exceeding 5 login attempts, I'm still blocked but without any useful feedback, so a patron would never know what's happening even if they eventually remembered their password. Upon resetting the password via the staff client, I can finally log in with the correct pw.
Am I missing something? Or is this a bug?
Thank you!
Arturo Longoria
Reference Librarian/Web Manager
Texas State Law Library
www.sll.texas.gov
More information about the Koha
mailing list