feat(session/v2): user password lockout error response (#9233)

# Which Problems Are Solved Adds `failed attempts` field to the grpc response when a user enters wrong password when logging in FYI: this only covers the senario above; other senarios where this is not applied are: SetPasswordWithVerifyCode setPassword ChangPassword setPasswordWithPermission # How the Problems Are Solved Created new grpc message `CredentialsCheckError` - `proto/zitadel/message.proto` to include `failed_attempts` field. Had to create a new package - `github.com/zitadel/zitadel/internal/command/errors` to resolve cycle dependency between `github.com/zitadel/zitadel/internal/command` and `github.com/zitadel/zitadel/internal/command`. # Additional Changes - none # Additional Context - Closes https://github.com/zitadel/zitadel/issues/9198 --------- Co-authored-by: Iraq Jaber <IraqJaber@gmail.com>
2025-08-14 19:57:37 +00:00 · 2025-01-29 10:29:00 +00:00
parent 21f00c1e6b
commit 5eeff97ffe
6 changed files with 118 additions and 11 deletions
--- a/proto/zitadel/session/v2/session_service.proto
+++ b/proto/zitadel/session/v2/session_service.proto
@@ -379,7 +379,7 @@ message Checks {
  ];
  optional CheckPassword password = 2 [
    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      description: "\"Checks the password and updates the session on success. Requires that the user is already checked, either in the previous or the same request.\"";
+      description: "\"Checks the password and updates the session on success. Requires that the user is already checked, either in the previous or the same request. On failed password check id: \"COMMAND-3M0fs\" wll be returned. On user locked out id: \"COMMAND-JLK35\"/\"COMMAND-SFA3t\" will be returned\"";
    }
  ];
  optional CheckWebAuthN web_auth_n = 3 [
@@ -493,4 +493,4 @@ message CheckOTP {
      example: "\"3237642\"";
    }
  ];
-}
+}