Merge pull request #2561 from TomSpeak/patch-3

BUG FailedLoginCount reset

security/Member.php

@@ -1412,6 +1412,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
 			if($this->FailedLoginCount >= self::config()->lock_out_after_incorrect_logins) {
 				$lockoutMins = self::config()->lock_out_delay_mins;
 				$this->LockedOutUntil = date('Y-m-d H:i:s', time() + $lockoutMins*60);
+				$this->FailedLoginCount = 0;
 				$this->write();
 			}
 		}

tests/security/MemberTest.php

@@ -698,6 +698,52 @@ class MemberTest extends FunctionalTest {
 		);
 	}
 
+	public function testFailedLoginCount() {
+		$maxFailedLoginsAllowed = 3;
+		//set up the config variables to enable login lockouts
+		Config::nest();
+		Config::inst()->update('Member', 'lock_out_after_incorrect_logins', $maxFailedLoginsAllowed);
+
+		$member = $this->objFromFixture('Member', 'test');
+		$failedLoginCount = $member->FailedLoginCount;
+
+		for ($i = 1; $i < $maxFailedLoginsAllowed; ++$i) {
+			$member->registerFailedLogin();
+
+			$this->assertEquals(
+				++$failedLoginCount,
+				$member->FailedLoginCount,
+				'Failed to increment $member->FailedLoginCount'
+			);
+
+			$this->assertFalse(
+				$member->isLockedOut(),
+				"Member has been locked out too early"
+			);
+		}
+
+		//fail login until max login attempts is reached
+		$member->FailedLoginCount = 0;
+		for ($i = 0; $i < $maxFailedLoginsAllowed; ++$i) {
+			$member->registerFailedLogin();
+		}
+		//check to see if they've been locked out
+		$this->assertTrue(
+			$member->isLockedOut(),
+			'Member was not locked out when max logins met'
+		);
+
+		//after they're locked out, need to check FailedLoginCount was reset to 0
+		$this->assertEquals(
+			$member->FailedLoginCount,
+			0,
+			'Failed login count was not reset after lockout'
+		);
+
+		//test all done, unnest config
+		Config::unnest();
+	}
+
 }
 class MemberTest_ViewingAllowedExtension extends DataExtension implements TestOnly {