Feature: Added brute force login protection settings to Admin Panel/People/Locked Users. Part 2.

Thanks to xet7 !
2025-09-22 01:50:48 +02:00 · 2025-08-08 12:36:17 +03:00 · 2025-08-08 12:36:17 +03:00 · 1c47f98f59
commit 1c47f98f59
parent 51b0544752
3 changed files with 69 additions and 5 deletions
--- a/client/components/settings/peopleBody.css
+++ b/client/components/settings/peopleBody.css
@ -117,19 +117,22 @@ table tr:nth-child(even) {

 .unlock-all-btn {
  margin-left: 15px;
-  background-color: #e67e22;
-  color: white;
-  border: none;
+  background-color: white;
+  color: #4d4d4d;
+  border: 1px solid rgba(0,0,0,.15);
  border-radius: 2px;
-  padding: 5px 10px;
+  padding: 0 10px;
  cursor: pointer;
  display: flex;
  align-items: center;
  gap: 5px;
+  height: 28px;
+  min-width: 90px;
+  /* box-shadow: 0 1px 6px rgba(0,0,0,.3); */
 }

 .unlock-all-btn:hover {
-  background-color: #d35400;
+  background-color: #f2f2f2;
 }

 .account-active-status {
@ -173,3 +176,7 @@ table tr:nth-child(even) {
 .js-toggle-lock-status {
  cursor: pointer;
 }
+
+.unlock-all-btn .fa {
+  color: #4d4d4d;
+}
--- a/docs/Security/Security-Disclosure.md
+++ b/docs/Security/Security-Disclosure.md
--- a/docs/Security/brute-force-protection.md
+++ b/docs/Security/brute-force-protection.md
@ -0,0 +1,57 @@
+# Brute Force Protection in WeKan
+
+WeKan includes a robust brute force login protection system that helps prevent unauthorized access attempts by temporarily locking accounts after multiple failed login attempts.
+
+## Features
+
+- **Configurable Settings**: Administrators can configure lockout settings directly in the Admin Panel
+- **Different Rules for Known and Unknown Users**: Separate settings for registered users and unknown login attempts
+- **Visual Indicators**: Red lock icons identify locked users in the interface
+- **Unlock Capabilities**: Admins can unlock individual users or all locked users at once
+
+## Administration
+
+### Accessing Brute Force Protection Settings
+
+1. Navigate to **Admin Panel** > **People** > **Locked Users**
+2. Here you can view and modify all brute force protection settings
+
+### Settings Available
+
+#### Known Users (Registered Users)
+- **Failures Before Lockout**: Number of failed attempts before an account is locked (default: 3)
+- **Lockout Period**: Duration in seconds that an account remains locked (default: 60)
+- **Failure Window**: Time window in seconds during which failed attempts are counted (default: 15)
+
+#### Unknown Users (Non-existent Usernames)
+- **Failures Before Lockout**: Number of failed attempts before the IP is blocked (default: 3)
+- **Lockout Period**: Duration in seconds that an IP remains blocked (default: 60)
+- **Failure Window**: Time window in seconds during which failed attempts are counted (default: 15)
+
+### Managing Locked Users
+
+The **Locked Users** tab in the Admin Panel shows all currently locked users with:
+- Username
+- Email address
+- Number of failed attempts
+- Remaining lock time
+
+#### Unlocking Users
+
+There are two ways to unlock users:
+
+1. **Individual Unlock**: Click the red lock icon next to a specific user to unlock them
+2. **Unlock All**: Click the "Unlock All" button to unlock all currently locked users at once
+
+### User Filtering
+
+In the **People** section of the Admin Panel, you can filter users by lock status:
+
+1. Use the dropdown menu to select "Locked Users Only"
+2. This will show only users who are currently locked out due to failed login attempts
+
+## Security Recommendations
+
+- Use the default settings as a starting point and adjust based on your security requirements
+- Consider increasing the lockout period for high-security environments
+- Regularly check the locked users list to identify potential attack patterns