TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 14:47:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(session/v2): user password lockout error response (#9233)

Browse Source 
# Which Problems Are Solved

Adds `failed attempts` field to the grpc response when a user enters
wrong password when logging in

FYI:

this only covers the senario above; other senarios where this is not
applied are:
SetPasswordWithVerifyCode
setPassword
ChangPassword
setPasswordWithPermission

# How the Problems Are Solved 

Created new grpc message `CredentialsCheckError` -
`proto/zitadel/message.proto` to include `failed_attempts` field.

Had to create a new package -
`github.com/zitadel/zitadel/internal/command/errors` to resolve cycle
dependency between `github.com/zitadel/zitadel/internal/command` and
`github.com/zitadel/zitadel/internal/command`.

# Additional Changes

- none

# Additional Context

- Closes https://github.com/zitadel/zitadel/issues/9198

---------

Co-authored-by: Iraq Jaber <IraqJaber@gmail.com>
This commit is contained in:
kkrime
2025-01-29 10:29:00 +00:00
committed by GitHub
parent 21f00c1e6b
commit 5eeff97ffe
6 changed files with 118 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
proto/zitadel/message.proto
View File

@@ -5,11 +5,17 @@ package zitadel.v1;
option go_package = "github.com/zitadel/zitadel/pkg/grpc/message";
message ErrorDetail {
string id = 1;
string message = 2;
string id = 1;
string message = 2;
}
message CredentialsCheckError {
string id = 1;
string message = 2;
int32 failed_attempts = 3;
}
message LocalizedMessage {
string key = 1;
string localized_message = 2;
}
string key = 1;
string localized_message = 2;
}

4
proto/zitadel/session/v2/session_service.proto
View File

@@ -379,7 +379,7 @@ message Checks {
];
optional CheckPassword password = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "\"Checks the password and updates the session on success. Requires that the user is already checked, either in the previous or the same request.\"";
description: "\"Checks the password and updates the session on success. Requires that the user is already checked, either in the previous or the same request. On failed password check id: \"COMMAND-3M0fs\" wll be returned. On user locked out id: \"COMMAND-JLK35\"/\"COMMAND-SFA3t\" will be returned\"";
}
];
optional CheckWebAuthN web_auth_n = 3 [
@@ -493,4 +493,4 @@ message CheckOTP {
example: "\"3237642\"";
}
];
}
}