Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-16645

Changing authentication failure strategies does not work properly

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 11.6
    • Fix Version/s: 11.7-rc-1
    • Component/s: Security
    • Labels:
      None
    • Environment:
      Windows 10 Pro 64 bit, Firefox 68, using a local instance of XWiki 11.6 on Oracle 12c
    • Tests:
      Unit
    • Difficulty:
      Unknown
    • Documentation:
      N/A
    • Documentation in Release Notes:
      N/A
    • Similar issues:

      Description

      STEPS TO REPRODUCE

      1. Login as Admin
      2. Go to Administer Wiki > Users & Rights > Authentication
      3. On 'Failure Strategies' select CAPTCHA (default setting) and Save
      4. Create an user (e.g. U1)
      5. Logout
      6. Try to login with user's name (U1) and a wrong password 3 times
      7. Fill in the username and correct password
      8. Fill the CAPTCHA
      9. Click Log-in
      10. Login as Admin
      11. Go to Administer Wiki > Users & Rights > Authentication
      12. On 'Failure Strategies' select 'Disable account' and Save
      13. Logout
      14. Try to login with user's name (U1) and a wrong password 3 times

      EXPECTED RESULTS

      As 'Disable account' is currently selected on 'Failure Strategies', a message is displayed informing the user that his account is disabled.

      ACTUAL RESULTS

      The CAPTCHA failure strategy is still displayed, although on 'Failure Strategies' is selected 'Disable account' (confirmed by logging in with Admin).

      Vice versa, if the first time (before any failure strategy is triggered) is selected 'Disable account' and then after a login failure is selected 'CAPTCHA', the 'Disable account' strategy is still enforced.

      It is to be mentioned also that when 'Disable account' strategy is selected and the user account is being disabled (due to multiple login failures), a 'null' is displayed above Log-in button (screenshot attached).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                surli Simon Urli
                Reporter:
                iandriuta Ilie Andriuta
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: