Extending Login Attempts

kick

Well-known member
At the moment there are options for what to do with the exceeded number of authorizations or two-factor authorization. But at the same time there are no settings for this. If we expand all this, then we will encounter a violation of the standards:
If a class extension is required to extend core methods then it must be extended properly, rather than overridden, by calling the parent method.
But why not set up an array with a minimum check? It will be convenient for everyone and those who want to configure and set their parameters. Just like shutting down the whole system. Some people don't need it. At the moment, it looks like a little crutch with little customization. Nor is it possible to change the value or time.
PHP:
public function getAttemptLimits()
    {
        return [
            ['type' => 'user', 'time' => 60 * 5, 'count' => 4],
            ['type' => 'user', 'time' => 60 * 30, 'count' => 8],
            ['type' => 'ip',   'time' => 60 * 5, 'count' => 8],
            ['type' => 'ip',   'time' => 60 * 30, 'count' => 16]
        ];
    }
 
Upvote 23
Top