AshAuthentication.Strategy.Totp.AuditLogChange
(ash_authentication v5.0.0-rc.7)
Copy Markdown
View Source
Change that checks the audit log for failed TOTP attempts before update actions.
This is the change variant of AuditLogPreparation for use with update actions
like confirm_setup.
When brute_force_strategy: {:audit_log, :my_audit_log} is configured,
this change queries the audit log for failed TOTP attempts within
a time window. If the number of failures exceeds the configured maximum,
the request is denied with an AuthenticationFailed error.
The window and max failures are configured via DSL options:
audit_log_window- time window for counting failures (default: 5 minutes)audit_log_max_failures- maximum allowed failures before blocking (default: 5)
Failures are counted across ALL TOTP actions (sign_in, verify, confirm_setup) for the same user, not per-action.