Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Bug: AccessTokens authenticator records all accesses to "Auth Token Login Attempts" table #815

Closed
kenjis opened this issue Sep 8, 2023 · 0 comments · Fixed by #843
Closed

Bug: AccessTokens authenticator records all accesses to "Auth Token Login Attempts" table #815

kenjis opened this issue Sep 8, 2023 · 0 comments · Fixed by #843
Assignees
@kenjis
Labels
bug Something isn't working

Comments

@kenjis
Copy link
Member

kenjis commented Sep 8, 2023
edited
Loading

Now that I'm thinking through this more, I don't know that access tokens or JWT really need to be tracked every page view anyway. Tracking login attempts is more for catching bad actors attempting to break into accounts. With PAT and JWT, I don't believe you typically see these same types of attacks, so rapidly expanding a database to very large sizes doesn't seem beneficial.
#195 (comment)

shield/src/Authentication/Authenticators/AccessTokens.php

Lines 53 to 64 in 202ed04

if (! $result->isOK()) {
// Always record a login attempt, whether success or not.
$this->loginModel->recordLoginAttempt(
self::ID_TYPE_ACCESS_TOKEN,
$credentials['token'] ?? '',
false,
$ipAddress,
$userAgent
);
return $result;
}

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@kenjis kenjis

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: AccessTokens authenticator records all accesses to database kenjis/codeigniter-shield
1 participant
@kenjis