堆栈内存溢出
  简体   繁体   English

如何限制用户登录尝试 Angular.js (typescript)

[英]How to limit user login attempts Angular.js (typescript)

 原文  2018-11-05 03:22:48       javascript/ angularjs/ typescript/ mean-stack/ login-control

问题描述

My code limits the user login attempts but when the page is refreshed it resets the user count.我的代码限制了用户登录尝试,但是当页面刷新时,它会重置用户计数。

login() {
/* Only attempt login if user has less than 5 login attempts */
if (this.failedAttempts < 4) {


  this.auth.login(this.credentials).subscribe(() => {
    this.router.navigateByUrl('/');
    this.alert.success('Welcome! Thanks for logging in!');
  }, (err) => {
    this.failedAttempts++;
    console.error(err);
    this.alert.error('Login failed. Invalid email or password.');
  });
  /*If user reaches 5 failed attempts refresh number of failed attempts after 5 minutes and disable submit button*/
} else if (this.failedAttempts < 4) {
} else {
  /*increments number of times locked out */
  this.numLockedOut++;

  this.alert.error('Login failed. Invalid email or password. Locked out for ' + (this.numLockedOut * 300000) / 60000 + ' minutes');
  this.btnDisable = true;
  setTimeout(() => this.failedAttempts = 0, this.numLockedOut * 300000);
  setTimeout(() => this.btnDisable = false, this.numLockedOut * 300000);
}

} }

How do I settimeout() without restarting the clock on page refresh ?如何在不重新启动页面刷新时钟的情况下设置settimeout()

2 个解决方案

解决方案1
 1  2020-10-27 07:43:02

I suggest you to implement this via login API (REST API).我建议您通过登录 API (REST API) 实现这一点。

When the UI sends a login request to the API, it can track the number of failure login attempts.当 UI 向 API 发送登录请求时,它可以跟踪登录尝试失败的次数。

// maintain login failure count against username; maybe in a database or in a Map
// loginFailureCount(username, count, expiryTime)

if (loginIsBlocked(username) {
   return login-response-with-login-blocked-message
} 

if (loginfailure) {
   incrementLoginFailureCount(username, expiryTime);
} else {
   resetLoginFailureCount(username);
}
// send the loginFailureCount(username) in the API response if login failed

Now the API supports failure count as well as locked message.现在 API 支持失败计数和锁定消息。

// In the UI show the failure count or locked message if the login response is a failure

解决方案2
 0  2018-11-05 03:27:18

You almost definitely want to be recording failed login attempts on your server, rather than in the browser.您几乎肯定希望在您的服务器上而不是在浏览器中记录失败的登录尝试。 Even if you get this code working, it would be trivial for someone to edit the Javascript in their browser and make as many login attempts as they want.即使你让这段代码正常工作,有人在他们的浏览器中编辑 Javascript 并根据需要进行尽可能多的登录尝试也是微不足道的。

If you did have your server recording attempted logins for a given username, then the response from the server could tell you that the number of login attempts has exceeded the allowed amount and the angular code could simply relay that information to the user.如果您确实让服务器记录了给定用户名的尝试登录,那么来自服务器的响应可能会告诉您登录尝试的次数已超过允许的数量,并且角度代码可以简单地将该信息转发给用户。 This would also solve your problem of the attempt count not persisting between page visits.这也将解决您的尝试计数在页面访问之间不存在的问题。 :) :)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何检查用户是否在 Angular.js 中处于活动状态? - How to check if the user is active in Angular.js? 使用angular.js管理用户登录中的会话和cookie - Manage session and cookies in user login using angular.js WP JSON API Angular.js用户登录 - WP JSON API Angular.js user login 如何限制使用 Angular.js/Javascript 单击的复选框 - How to limit check box clicked using Angular.js/Javascript Angular.js如何在登录控制器中设置常量 - Angular.js How can i set a constant in the login controller angular.js:Typescript类构造函数“这是未定义的” - angular.js: Typescript class constructor “this is undefined” 如何使用访问令牌机制在angular.js中重定向用户? - How to redirect a user in angular.js using access token mechanism? Angular.js:如何根据用户输入更改div宽度 - Angular.js: How to change div width based on user input 如何缩小angular.js? - How to minify angular.js? Angular.JS Redirect未登录用户 - Angular.JS Redirect not logged in user
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM