New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User Auth: Add IP ban for bad login attempts #15209

Closed

balloob opened this issue Jun 29, 2018 · 1 comment · Fixed by #15551

Labels

auth

Member

balloob commented Jun 29, 2018

We need to port the IP ban logic from API password to user auth.

balloob added auth p2 to do labels

Contributor

awarecan commented Jun 29, 2018 •

edited

Loading

I think current implement still work. However it will report false positive in case access_token expired or after server restart etc.

EDIT: For now, failed login attempt with access_token will be logged, but failed login attempt with password would not.

This was referenced Jul 7, 2018

Restarting hass while viewing in browser generates a "Login attempt or request with invalid authentication" before succeeding #15338

Closed

Check access token expires before we use it. home-assistant/frontend#1444

Merged

Check access token expires before we use home-assistant/home-assistant-js-websocket#21

Merged

awarecan mentioned this issue

Add ipban for failed login attempt in new login flow #15551

Merged

2 tasks

ghost added in progress and removed to do labels

balloob closed this as completed in #15551

ghost removed the in progress label

home-assistant locked and limited conversation to collaborators

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.