wekan/server/methods/lockoutSettings.js

import { AccountsLockout } from 'meteor/wekan-accounts-lockout';
import { ReactiveCache } from '/imports/reactiveCache';
import LockoutSettings from '/models/lockoutSettings';

Meteor.methods({
  async reloadAccountsLockout() {
    // Check if user has admin rights
    const userId = Meteor.userId();
    if (!userId) {
      throw new Meteor.Error('error-invalid-user', 'Invalid user');
    }
    const user = await ReactiveCache.getUser(userId);
    if (!user || !user.isAdmin) {
      throw new Meteor.Error('error-not-allowed', 'Not allowed');
    }

    try {
      // Get configurations from database
      const knownUsersConfig = {
        failuresBeforeLockout: (await LockoutSettings.findOneAsync('known-failuresBeforeLockout'))?.value || 3,
        lockoutPeriod: (await LockoutSettings.findOneAsync('known-lockoutPeriod'))?.value || 60,
        failureWindow: (await LockoutSettings.findOneAsync('known-failureWindow'))?.value || 15
      };

      const unknownUsersConfig = {
        failuresBeforeLockout: (await LockoutSettings.findOneAsync('unknown-failuresBeforeLockout'))?.value || 3,
        lockoutPeriod: (await LockoutSettings.findOneAsync('unknown-lockoutPeriod'))?.value || 60,
        failureWindow: (await LockoutSettings.findOneAsync('unknown-failureWindow'))?.value || 15
      };

      // Initialize the AccountsLockout with configuration
      const accountsLockout = new AccountsLockout({
        knownUsers: knownUsersConfig,
        unknownUsers: unknownUsersConfig,
      });

      // Start the accounts lockout mechanism
      accountsLockout.startup();

      return true;
    } catch (error) {
      console.error('Failed to reload accounts lockout:', error);
      throw new Meteor.Error('error-reloading-settings', 'Error reloading settings');
    }
  }
});
Feature: Added brute force login protection settings to Admin Panel/People/Locked Users. Added filtering of Admin Panel/People/People: All Users/Locked Users Only/Active/Not Active. Added visual indicators: red lock icon for locked users, green check for active users, and red X for inactive users. Added "Unlock All" button to quickly unlock all brute force locked users. Added ability to toggle user active status directly from the People page. Moved lockout settings from environment variables to database so admins can configure the lockout thresholds directly in the UI. Thanks to xet7. 2025-08-05 00:31:43 +03:00			`import { AccountsLockout } from 'meteor/wekan-accounts-lockout';`
			`import { ReactiveCache } from '/imports/reactiveCache';`
			`import LockoutSettings from '/models/lockoutSettings';`

			`Meteor.methods({`
Migrate accounts-lockout server files to async for Meteor 3.0 - lockedUsers.js: async getLockedUsers, unlockUser, unlockAllUsers - lockoutSettings.js: async reloadAccountsLockout with findOneAsync - accounts-lockout-config.js: async startup with findOneAsync - models/lockoutSettings.js: upsert → upsertAsync 2026-01-29 21:29:56 +02:00			`async reloadAccountsLockout() {`
Feature: Added brute force login protection settings to Admin Panel/People/Locked Users. Added filtering of Admin Panel/People/People: All Users/Locked Users Only/Active/Not Active. Added visual indicators: red lock icon for locked users, green check for active users, and red X for inactive users. Added "Unlock All" button to quickly unlock all brute force locked users. Added ability to toggle user active status directly from the People page. Moved lockout settings from environment variables to database so admins can configure the lockout thresholds directly in the UI. Thanks to xet7. 2025-08-05 00:31:43 +03:00			`// Check if user has admin rights`
			`const userId = Meteor.userId();`
			`if (!userId) {`
			`throw new Meteor.Error('error-invalid-user', 'Invalid user');`
			`}`
Update ReactiveCache call sites to use async/await for Meteor 3.0 Part 3 of ReactiveCache async migration: - Add await before all ReactiveCache.getX() calls - Make functions containing ReactiveCache calls async - Convert forEach/map/filter loops with async callbacks to for...of - Update model helpers, Meteor methods, JsonRoutes handlers - Update collection hooks (.before/.after insert/update/remove) - Update .allow() callbacks to async Files updated across models/ and server/ directories: - Model files: cards, boards, lists, swimlanes, activities, users, checklists, checklistItems, customFields, attachments, integrations, cardComments, settings files, creators, exporters, and more - Server files: publications, methods, notifications, routes, migrations 2026-02-01 00:54:38 +02:00			`const user = await ReactiveCache.getUser(userId);`
Feature: Added brute force login protection settings to Admin Panel/People/Locked Users. Added filtering of Admin Panel/People/People: All Users/Locked Users Only/Active/Not Active. Added visual indicators: red lock icon for locked users, green check for active users, and red X for inactive users. Added "Unlock All" button to quickly unlock all brute force locked users. Added ability to toggle user active status directly from the People page. Moved lockout settings from environment variables to database so admins can configure the lockout thresholds directly in the UI. Thanks to xet7. 2025-08-05 00:31:43 +03:00			`if (!user \|\| !user.isAdmin) {`
			`throw new Meteor.Error('error-not-allowed', 'Not allowed');`
			`}`

			`try {`
			`// Get configurations from database`
			`const knownUsersConfig = {`
Migrate accounts-lockout server files to async for Meteor 3.0 - lockedUsers.js: async getLockedUsers, unlockUser, unlockAllUsers - lockoutSettings.js: async reloadAccountsLockout with findOneAsync - accounts-lockout-config.js: async startup with findOneAsync - models/lockoutSettings.js: upsert → upsertAsync 2026-01-29 21:29:56 +02:00			`failuresBeforeLockout: (await LockoutSettings.findOneAsync('known-failuresBeforeLockout'))?.value \|\| 3,`
			`lockoutPeriod: (await LockoutSettings.findOneAsync('known-lockoutPeriod'))?.value \|\| 60,`
			`failureWindow: (await LockoutSettings.findOneAsync('known-failureWindow'))?.value \|\| 15`
Feature: Added brute force login protection settings to Admin Panel/People/Locked Users. Added filtering of Admin Panel/People/People: All Users/Locked Users Only/Active/Not Active. Added visual indicators: red lock icon for locked users, green check for active users, and red X for inactive users. Added "Unlock All" button to quickly unlock all brute force locked users. Added ability to toggle user active status directly from the People page. Moved lockout settings from environment variables to database so admins can configure the lockout thresholds directly in the UI. Thanks to xet7. 2025-08-05 00:31:43 +03:00			`};`

			`const unknownUsersConfig = {`
Migrate accounts-lockout server files to async for Meteor 3.0 - lockedUsers.js: async getLockedUsers, unlockUser, unlockAllUsers - lockoutSettings.js: async reloadAccountsLockout with findOneAsync - accounts-lockout-config.js: async startup with findOneAsync - models/lockoutSettings.js: upsert → upsertAsync 2026-01-29 21:29:56 +02:00			`failuresBeforeLockout: (await LockoutSettings.findOneAsync('unknown-failuresBeforeLockout'))?.value \|\| 3,`
			`lockoutPeriod: (await LockoutSettings.findOneAsync('unknown-lockoutPeriod'))?.value \|\| 60,`
			`failureWindow: (await LockoutSettings.findOneAsync('unknown-failureWindow'))?.value \|\| 15`
Feature: Added brute force login protection settings to Admin Panel/People/Locked Users. Added filtering of Admin Panel/People/People: All Users/Locked Users Only/Active/Not Active. Added visual indicators: red lock icon for locked users, green check for active users, and red X for inactive users. Added "Unlock All" button to quickly unlock all brute force locked users. Added ability to toggle user active status directly from the People page. Moved lockout settings from environment variables to database so admins can configure the lockout thresholds directly in the UI. Thanks to xet7. 2025-08-05 00:31:43 +03:00			`};`

			`// Initialize the AccountsLockout with configuration`
			`const accountsLockout = new AccountsLockout({`
			`knownUsers: knownUsersConfig,`
			`unknownUsers: unknownUsersConfig,`
			`});`

			`// Start the accounts lockout mechanism`
			`accountsLockout.startup();`

			`return true;`
			`} catch (error) {`
			`console.error('Failed to reload accounts lockout:', error);`
			`throw new Meteor.Error('error-reloading-settings', 'Error reloading settings');`
			`}`
			`}`
			`});`