Bug OP-1563: Setting duration a user is blocked after max failed login attempts reached to high value causes 500 on login

View differences

Updated by Robin Wagner over 11 years ago

**Preconditions**

- Setting “brute\_force\_block\_minutes” set to high number, e.g. 40000000000000000000 (Bignum)

**Actual**

- No user can login any more as a 500 is produced



ArgumentError (comparison of Float with ActiveSupport::Duration failed):
app/models/user.rb:885:in `<'
app/models/user.rb:885:in `last_failed_login_within_block_time?'
app/models/user.rb:398:in `failed_too_many_recent_login_attempts?'
app/models/user.rb:870:in `block_user_if_too_many_recent_attempts_failed'
app/models/user.rb:855:in `prevent_brute_force_attack'
app/models/user.rb:244:in `try_to_login'

**Expected**

- No 500 on login.
- limiting the setting to something reasonable.

Back

Content

View differences