AshAuthentication.Strategy.Totp.AuditLogPreparation
(ash_authentication v5.0.0-rc.8)
Copy Markdown
View Source
Preparation that checks the audit log for failed TOTP attempts.
When brute_force_strategy: {:audit_log, :my_audit_log} is configured,
this preparation queries the audit log for failed TOTP attempts within
a time window. If the number of failures exceeds the configured maximum,
the request is denied with an AuthenticationFailed error.
The window and max failures are configured via DSL options:
audit_log_window- time window for counting failures (default: 5 minutes)audit_log_max_failures- maximum allowed failures before blocking (default: 5)
Failures are counted across ALL TOTP actions (sign_in, verify, confirm_setup) for the same user, not per-action.