5 login failures, limiting login practice

One Restrict login practices

Design thinking

1.0 background

Recently, I have been developing the function module functions of the open management platform of liaoshitong institution .

This module involves registering 、 Sign in 、 Entry and other functions .

The technologies involved are SpringBoot、Mybatis、Spring Security、Jwt、Npm、vue-cli、vue-router、vuex、element-ui

1.1 Ideas

Back end thinking ：

There are several cases of login failure ：

• The captcha is invalid

• Verification code error

• User password input error

The above three situations are progressive , The third kind of words belongs to spring security Level certification . So we need to judge how many login failures occur before the third one , If exceeded 5 Once directly limit , Unable to enter the third authentication .

1.2 How to achieve ？

Add a " User system access table " .

This table records the user account number 、 Sign in IP、 Place of entry 、 Browser type 、 Access time 、 Login status successful or failed .

Whether a user logs in to the system successfully or unsuccessfully is recorded in this table .

Before entering the third user authentication , Perform five failed verifications .

1. Using paging   user name + Failed status reverse order query 
2. When the query result has 5, At this time, we need to judge whether the input fails five times in a day .
long firstTime = loginList.get(4).getLoginTime().getTime();
long lastTime = loginList.get(0).getLoginTime().getTime();
long nowTime = new Date().getTime();
long limitTime = Integer.parseInt(policys[1]) * 60 * 60 * 1000;// Limit one day 
if((firstTime + limitTime > lastTime) && (lastTime + limitTime > nowTime)){" Too many failures , Login has been restricted "));
throw new CustomException(" Too many failures , Login has been restricted ");}

That is to say If you find out 5 Failed login records , We have to decide whether it is the number of failures in a day .

So the earliest record + One day > The latest record , The latest record + One day > Now? , If these two conditions are true, it means the number of failures in a day .