Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[gateway] send en email when the account is blocked #2613

Closed
Produits opened this issue Sep 13, 2019 · 0 comments · Fixed by gravitee-io/gravitee-access-management#736
Closed

[gateway] send en email when the account is blocked #2613

Produits opened this issue Sep 13, 2019 · 0 comments · Fixed by gravitee-io/gravitee-access-management#736
Assignees
@tcompiegne
Labels
project: AM type: feature
Milestone
AM - 3.1.0

Comments

@Produits
Copy link

Produits commented Sep 13, 2019
edited
Loading

I have enabled Brut Force detection and it works fine.

However, telling the person that the account they are trying to access is blocked gives them the information that the account exists, which is important information in the event of a fraudulent access attempt.
Is it possible to add options for:

  • have the same answer when the account is blocked as when the password is incorrect or an account does not exist (do not have error_code=account_locked)
  • send an email to the user to let him know that his account is blocked with, why not, a link to unblock it).

Thank you.
@tcompiegne tcompiegne changed the title [AM] email when the account is blocked [gateway] send en email when the account is blocked Sep 13, 2019
@tcompiegne tcompiegne added this to the AM - 3.0.0 milestone Feb 14, 2020
@tcompiegne tcompiegne mentioned this issue Mar 27, 2020
Merged
@tcompiegne tcompiegne self-assigned this Apr 8, 2020
@tcompiegne tcompiegne modified the milestones: AM - 3.0.0, AM - 3.1.0 May 19, 2020
jhaeyaert pushed a commit to gravitee-io/gravitee-access-management that referenced this issue Jul 9, 2020
@tcompiegne @jhaeyaert
feat(account): send recovery email if the user account has been locked
d05c447 
closes gravitee-io/issues#2613
jhaeyaert pushed a commit to gravitee-io/gravitee-access-management that referenced this issue Jul 9, 2020
@tcompiegne @jhaeyaert
feat(account): send recovery email if the user account has been locked
0b6392c 
closes gravitee-io/issues#2613
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tcompiegne tcompiegne

Labels
project: AM type: feature
Projects
None yet
Milestone
AM - 3.1.0
2 participants
@tcompiegne @Produits