AshAuthentication.AddOn.AuditLog.BruteForcePreparation
(ash_authentication v5.0.0-rc.8)
Copy Markdown
View Source
Preparation that checks the audit log for failed authentication attempts.
When brute_force_strategy: {:audit_log, :my_audit_log} is configured on a
strategy, this preparation queries the audit log for failed attempts within
a time window. If the number of failures exceeds the configured maximum,
the request is denied with an AuthenticationFailed error.
The window and max failures are configured via DSL options on the strategy:
audit_log_window- time window for counting failures (default: 5 minutes)audit_log_max_failures- maximum allowed failures before blocking (default: 5)
Used by both the TOTP and recovery code strategies.