src/AccountLockout.js

// This class handles the Account Lockout Policy settings.
import Parse from 'parse/node';

export class AccountLockout {
  constructor(user, config) {
    this._user = user;
    this._config = config;
  }

  /**
   * set _failed_login_count to value
   */
  _setFailedLoginCount(value) {
    const query = {
      username: this._user.username
    };

    const updateFields = {
      _failed_login_count: value
    };

    return this._config.database.update('_User', query, updateFields);
  }

  /**
   * check if the _failed_login_count field has been set
   */
  _isFailedLoginCountSet() {
    const query = {
      username: this._user.username,
      _failed_login_count: { $exists: true }
    };

    return this._config.database.find('_User', query)
      .then(users => {
        if (Array.isArray(users) && users.length > 0) {
          return true;
        } else {
          return false;
        }
      });
  }

  /**
   * if _failed_login_count is NOT set then set it to 0
   * else do nothing
   */
  _initFailedLoginCount() {
    return this._isFailedLoginCountSet()
      .then(failedLoginCountIsSet => {
        if (!failedLoginCountIsSet) {
          return this._setFailedLoginCount(0);
        }
      });
  }

  /**
   * increment _failed_login_count by 1
   */
  _incrementFailedLoginCount() {
    const query = {
      username: this._user.username
    };

    const updateFields = {_failed_login_count: {__op: 'Increment', amount: 1}};

    return this._config.database.update('_User', query, updateFields);
  }

  /**
   * if the failed login count is greater than the threshold
   * then sets lockout expiration to 'currenttime + accountPolicy.duration', i.e., account is locked out for the next 'accountPolicy.duration' minutes
   * else do nothing
   */
  _setLockoutExpiration() {
    const query = {
      username: this._user.username,
      _failed_login_count: { $gte: this._config.accountLockout.threshold }
    };

    const now = new Date();

    const updateFields = {
      _account_lockout_expires_at: Parse._encode(new Date(now.getTime() + this._config.accountLockout.duration * 60 * 1000))
    };

    return this._config.database.update('_User', query, updateFields)
      .catch(err => {
        if (err && err.code && err.message && err.code === 101 && err.message === 'Object not found.') {
          return; // nothing to update so we are good
        } else {
          throw err; // unknown error
        }
      });
  }

  /**
   * if _account_lockout_expires_at > current_time and _failed_login_count > threshold
   *   reject with account locked error
   * else
   *   resolve
   */
  _notLocked() {
    const query = {
      username: this._user.username,
      _account_lockout_expires_at: { $gt: Parse._encode(new Date()) },
      _failed_login_count: {$gte: this._config.accountLockout.threshold}
    };

    return this._config.database.find('_User', query)
      .then(users => {
        if (Array.isArray(users) && users.length > 0) {
          throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Your account is locked due to multiple failed login attempts. Please try again after ' + this._config.accountLockout.duration + ' minute(s)');
        }
      });
  }

  /**
   * set and/or increment _failed_login_count
   * if _failed_login_count > threshold
   *   set the _account_lockout_expires_at to current_time + accountPolicy.duration
   * else
   *   do nothing
   */
  _handleFailedLoginAttempt() {
    return this._initFailedLoginCount()
      .then(() => {
        return this._incrementFailedLoginCount();
      })
      .then(() => {
        return this._setLockoutExpiration();
      });
  }

  /**
   * handle login attempt if the Account Lockout Policy is enabled
   */
  handleLoginAttempt(loginSuccessful) {
    if (!this._config.accountLockout) {
      return Promise.resolve();
    }
    return this._notLocked()
      .then(() => {
        if (loginSuccessful) {
          return this._setFailedLoginCount(0);
        } else {
          return this._handleFailedLoginAttempt();
        }
      });
  }

}

export default AccountLockout;
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`// This class handles the Account Lockout Policy settings.`
Adds liniting into the workflow (#3082) * initial linting of src * fix indent to 2 spaces * Removes unnecessary rules * ignore spec folder for now * Spec linting * Fix spec indent * nits * nits * no no-empty rule 2016-11-24 15:47:41 -05:00			`import Parse from 'parse/node';`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00
			`export class AccountLockout {`
			`constructor(user, config) {`
			`this._user = user;`
			`this._config = config;`
			`}`

			`/**`
			`* set _failed_login_count to value`
			`*/`
			`_setFailedLoginCount(value) {`
Enable prefer-const lint rule (#3202) 2016-12-07 15:17:05 -08:00			`const query = {`
Adds liniting into the workflow (#3082) * initial linting of src * fix indent to 2 spaces * Removes unnecessary rules * ignore spec folder for now * Spec linting * Fix spec indent * nits * nits * no no-empty rule 2016-11-24 15:47:41 -05:00			`username: this._user.username`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`};`

			`const updateFields = {`
			`_failed_login_count: value`
			`};`

			`return this._config.database.update('_User', query, updateFields);`
			`}`

			`/**`
			`* check if the _failed_login_count field has been set`
			`*/`
			`_isFailedLoginCountSet() {`
Code maintenance, small refactors (#3811) * Removes promise wrapping in AccountLockoutPolicy * Use bcrypt promises as globally available 2017-05-14 19:37:42 -04:00			`const query = {`
			`username: this._user.username,`
			`_failed_login_count: { $exists: true }`
			`};`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00
Code maintenance, small refactors (#3811) * Removes promise wrapping in AccountLockoutPolicy * Use bcrypt promises as globally available 2017-05-14 19:37:42 -04:00			`return this._config.database.find('_User', query)`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`.then(users => {`
			`if (Array.isArray(users) && users.length > 0) {`
Code maintenance, small refactors (#3811) * Removes promise wrapping in AccountLockoutPolicy * Use bcrypt promises as globally available 2017-05-14 19:37:42 -04:00			`return true;`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`} else {`
Code maintenance, small refactors (#3811) * Removes promise wrapping in AccountLockoutPolicy * Use bcrypt promises as globally available 2017-05-14 19:37:42 -04:00			`return false;`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`}`
			`});`
			`}`

			`/**`
			`* if _failed_login_count is NOT set then set it to 0`
			`* else do nothing`
			`*/`
			`_initFailedLoginCount() {`
Code maintenance, small refactors (#3811) * Removes promise wrapping in AccountLockoutPolicy * Use bcrypt promises as globally available 2017-05-14 19:37:42 -04:00			`return this._isFailedLoginCountSet()`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`.then(failedLoginCountIsSet => {`
			`if (!failedLoginCountIsSet) {`
			`return this._setFailedLoginCount(0);`
			`}`
			`});`
			`}`

			`/**`
			`* increment _failed_login_count by 1`
			`*/`
			`_incrementFailedLoginCount() {`
			`const query = {`
Adds liniting into the workflow (#3082) * initial linting of src * fix indent to 2 spaces * Removes unnecessary rules * ignore spec folder for now * Spec linting * Fix spec indent * nits * nits * no no-empty rule 2016-11-24 15:47:41 -05:00			`username: this._user.username`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`};`

			`const updateFields = {_failed_login_count: {__op: 'Increment', amount: 1}};`

			`return this._config.database.update('_User', query, updateFields);`
			`}`

			`/**`
Add no trailing whitespace and force eol at end of file. (#3154) 2016-12-01 10:24:46 -08:00			`* if the failed login count is greater than the threshold`
			`* then sets lockout expiration to 'currenttime + accountPolicy.duration', i.e., account is locked out for the next 'accountPolicy.duration' minutes`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`* else do nothing`
			`*/`
			`_setLockoutExpiration() {`
Code maintenance, small refactors (#3811) * Removes promise wrapping in AccountLockoutPolicy * Use bcrypt promises as globally available 2017-05-14 19:37:42 -04:00			`const query = {`
			`username: this._user.username,`
			`_failed_login_count: { $gte: this._config.accountLockout.threshold }`
			`};`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00
Code maintenance, small refactors (#3811) * Removes promise wrapping in AccountLockoutPolicy * Use bcrypt promises as globally available 2017-05-14 19:37:42 -04:00			`const now = new Date();`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00
Code maintenance, small refactors (#3811) * Removes promise wrapping in AccountLockoutPolicy * Use bcrypt promises as globally available 2017-05-14 19:37:42 -04:00			`const updateFields = {`
			`_account_lockout_expires_at: Parse._encode(new Date(now.getTime() + this._config.accountLockout.duration * 60 * 1000))`
			`};`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00
Code maintenance, small refactors (#3811) * Removes promise wrapping in AccountLockoutPolicy * Use bcrypt promises as globally available 2017-05-14 19:37:42 -04:00			`return this._config.database.update('_User', query, updateFields)`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`.catch(err => {`
			`if (err && err.code && err.message && err.code === 101 && err.message === 'Object not found.') {`
Code maintenance, small refactors (#3811) * Removes promise wrapping in AccountLockoutPolicy * Use bcrypt promises as globally available 2017-05-14 19:37:42 -04:00			`return; // nothing to update so we are good`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`} else {`
Code maintenance, small refactors (#3811) * Removes promise wrapping in AccountLockoutPolicy * Use bcrypt promises as globally available 2017-05-14 19:37:42 -04:00			`throw err; // unknown error`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`}`
			`});`
			`}`

			`/**`
			`* if _account_lockout_expires_at > current_time and _failed_login_count > threshold`
			`* reject with account locked error`
			`* else`
			`* resolve`
			`*/`
			`_notLocked() {`
Code maintenance, small refactors (#3811) * Removes promise wrapping in AccountLockoutPolicy * Use bcrypt promises as globally available 2017-05-14 19:37:42 -04:00			`const query = {`
			`username: this._user.username,`
			`_account_lockout_expires_at: { $gt: Parse._encode(new Date()) },`
			`_failed_login_count: {$gte: this._config.accountLockout.threshold}`
			`};`

			`return this._config.database.find('_User', query)`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`.then(users => {`
			`if (Array.isArray(users) && users.length > 0) {`
Code maintenance, small refactors (#3811) * Removes promise wrapping in AccountLockoutPolicy * Use bcrypt promises as globally available 2017-05-14 19:37:42 -04:00			`throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Your account is locked due to multiple failed login attempts. Please try again after ' + this._config.accountLockout.duration + ' minute(s)');`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`}`
			`});`
			`}`

			`/**`
			`* set and/or increment _failed_login_count`
			`* if _failed_login_count > threshold`
			`* set the _account_lockout_expires_at to current_time + accountPolicy.duration`
Add no trailing whitespace and force eol at end of file. (#3154) 2016-12-01 10:24:46 -08:00			`* else`
			`* do nothing`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`*/`
			`_handleFailedLoginAttempt() {`
Code maintenance, small refactors (#3811) * Removes promise wrapping in AccountLockoutPolicy * Use bcrypt promises as globally available 2017-05-14 19:37:42 -04:00			`return this._initFailedLoginCount()`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`.then(() => {`
			`return this._incrementFailedLoginCount();`
			`})`
			`.then(() => {`
			`return this._setLockoutExpiration();`
			`});`
			`}`

			`/**`
			`* handle login attempt if the Account Lockout Policy is enabled`
			`*/`
			`handleLoginAttempt(loginSuccessful) {`
			`if (!this._config.accountLockout) {`
			`return Promise.resolve();`
			`}`
Code maintenance, small refactors (#3811) * Removes promise wrapping in AccountLockoutPolicy * Use bcrypt promises as globally available 2017-05-14 19:37:42 -04:00			`return this._notLocked()`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`.then(() => {`
			`if (loginSuccessful) {`
			`return this._setFailedLoginCount(0);`
			`} else {`
			`return this._handleFailedLoginAttempt();`
			`}`
			`});`
			`}`

			`}`

			`export default AccountLockout;`