- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-04-2018 08:44 AM
I have a request to do:
- Lockout users after 5 failed attempts
- Unlock user after 30 minutes
- Reset failed attempts after 5 minutes.
1 and 2 should be out of box I think using script action: SNC User Lockout Check with Auto Unlock (see script below) I set the value as I understood but my lockout is occurring after 3 failed attempts. Did I set the values wrong? Could there be another place I need to set the values? Any suggestion for number 3?
//
// Check to see if the user has failed to login too many times
// when the limit is reached, lock the user out of the system.
// Also create a trigger to unlock the user after 'N' minutes.
//
lockoutOnFailedLogin();
function lockoutOnFailedLogin() {
var maxUnlockAttempts = gs.getProperty("glide.user.max_unlock_attempts", 5);
var gr = new GlideRecord("sys_user");
if (gr.get("user_name", event.parm1.toString())) {
if (gr.failed_attempts > maxUnlockAttempts)
return;
gr.failed_attempts += 1;
if (gr.failed_attempts > maxUnlockAttempts) {
gr.locked_out = true;
gr.update();
gs.log("User " + event.parm1 + " locked out due to too many invalid login attempts");
gs.addErrorMessage('You have been locked out of the system because of too many failed logon attempts. Please try again in 30 minutes.');
triggerUnlock(gr.sys_id);
} else {
gr.update();
}
}
}
function triggerUnlock(userSysID) {
var unlockIn = gs.getProperty("glide.user.unlock_timeout_in_mins", 30);
var trigger = new GlideRecord("sys_trigger");
trigger.name = "Unlock the user after "+ unlockIn + " mins";
trigger.next_action = getTriggerTime(unlockIn);
trigger.job_id.setDisplayValue('RunScriptJob');
trigger.script = getTriggerScript(userSysID, gs.nowNoTZ());
trigger.document = 'sys_user';
trigger.document_key = userSysID;
trigger.state = 0;
trigger.trigger_type = 0;
trigger.insert();
}
function getTriggerScript(userSysID, now) {
var ret = ""
+ "var gr = new GlideRecord('sys_user');\n"
+ "gr.addQuery('sys_id', '" +userSysID+ "');\n"
+ "gr.addQuery('locked_out', true);\n"
+ "gr.addEncodedQuery('sys_updated_on <= "+now+"');\n"
+ "gr.query();\n"
+ "if (gr.next()) {\n"
+ "gr.locked_out = false;\n"
+ "gr.failed_attempts = 0;\n"
+ "gr.update();\n"
+ "gs.log('Auto-unlocking user '+gr.name);\n"
+ "} else {\n"
+ "gs.log('Unable to auto-unlock user with sys_id: "+userSysID+"');\n"
+ "}";
return ret;
}
function getTriggerTime(minutesToAdd) {
var checkTime = new GlideDateTime(/*now*/);
checkTime.addSeconds(minutesToAdd * 5);
return checkTime;
}
Solved! Go to Solution.
- Labels:
-
Scripting and Coding
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-04-2018 08:36 PM
So you should be able to change property glide.user.max_unlock_attempts to 5 and that should take care of 1 and 2.
You also should be able to change property glide.user.unlock_timeout_in_mins property to 5 and that should take care of 3.
No code changes should be required to make this occur.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-04-2018 08:36 PM
So you should be able to change property glide.user.max_unlock_attempts to 5 and that should take care of 1 and 2.
You also should be able to change property glide.user.unlock_timeout_in_mins property to 5 and that should take care of 3.
No code changes should be required to make this occur.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2020 11:54 PM
What if we do not find this property??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2020 08:43 AM
Generally, if there is a property noted, but doesn't exist. If you want to have the value different, just create the property.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-04-2018 10:31 PM
Hi Mark,
You have 3 requirements here.
- Lockout users after 5 failed attempts
- Unlock user after 30 minutes
- Reset failed attempts after 5 minutes.
Let's take one by one
1. Lockuout users after 5 failed attempts
This is taken care by script action SNC User Lockout Check with Auto Unlock. All you need to do is go to sys_properties and search for the property 'glide.user.max_unlock_attempts' and if not there then create a new one with value as 5, type integer and name glide.user.max_unlock_attempts.
2. Unlock user after 30 minutes
This is also taken care by script action SNC User Lockout Check with Auto Unlock. For this you need another property 'glide.user.unlock_timeout_in_mins', Again go to sys_properties and search for the property 'glide.user.unlock_timeout_in_mins' and if not there then create a new one with value as 30, type integer and name as glide.user.unlock_timeout_in_mins.
Script check for maximum number of invalid login attempt and as soon as it reaches to max count defined in property glide.user.max_unlock_attempts, Then it create a job which will trigger after time defined in property glide.user.unlock_timeout_in_mins. And this job reset two fields locked_out as false and failed_attempts = 0 for user. So That after this job runs user is able to login to instance. In another words it is resetting the failed attempts which is your requirement number 3. So its better to set value of property glide.user.unlock_timeout_in_mins as 5.
Hope this helps.
Regards
Ujjawal
