| commit | f2ab11aa5b559662d8c52b30444f990942c2371e | |
| author | Jake Dallimore <jake@moodle.com> | |
| Tue, 26 Apr 2022 08:52:20 +0000 (26 16:52 +0800) | ||
| committer | Ilya Tregubov <ilya@moodle.com> | |
| Wed, 4 May 2022 08:45:00 +0000 (4 14:45 +0600) | ||
| tree | 6aec097a965b8d15afac4613cc2dd5f5b0234465 | treesnapshot (tar.gz zip) |
| parent | 240b402523a28d35f6bcf43540176ebede0c014f | commitdiff |
MDL-73736 core_auth: Fix concurrency issue in login_attempt_failed()
This patch wraps the login_failed_count logic in a resource lock and
forces a user preferences cache reload. Each thread must wait for the
lock and must fetch the current count before incrementing it. This
ensures that login_failed_count is correct across threads and that the
lockout threshold is correctly honoured.
Co-Authored-By: Sujith Haridasan <sujith@moodle.com>
This patch wraps the login_failed_count logic in a resource lock and
forces a user preferences cache reload. Each thread must wait for the
lock and must fetch the current count before incrementing it. This
ensures that login_failed_count is correct across threads and that the
lockout threshold is correctly honoured.
Co-Authored-By: Sujith Haridasan <sujith@moodle.com>
| lib/authlib.php | diffblobblamehistory |