@sgiehl opened this Pull Request on June 16th 2021 Member

Description:

When using logme feature the brute force detection on login level might not work correctly.

Review

  • [ ] Functional review done
  • [ ] Potential edge cases thought about (behavior of the code with strange input, with strange internal state or possible interactions with other Matomo subsystems)
  • [ ] Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
  • [ ] Security review done see checklist
  • [ ] Code review done
  • [ ] Tests were added if useful/possible
  • [ ] Reviewed for breaking changes
  • [ ] Developer changelog updated if needed
  • [ ] Documentation added if needed
  • [ ] Existing documentation updated if needed
@sgiehl commented on June 17th 2021 Member

As the parameter names are defined in Login plugin I don't think it would
make sense to move it. Also testing might only make sense by adding more UI
tests or maybe some kind of integration tests. Only testing that method
won't help if the parameter name can be changed somewhere else (eg in logme
method or login action form)

@diosmosis commented on June 17th 2021 Member

I guess we could potentially add assertions to an existing login/logme test (for example, "assert that a new entry was added to the brute force log"). I'll merge this for now, if needed we can modify the test later.

This Pull Request was closed on June 17th 2021
Powered by GitHub Issue Mirror