security: implement user lockout (#1552)

* add data-types required for login security * implement user lockout checking at login * cleanup legacy patterns * expose passwords in test_user * test user lockout after bad attempts * test user service * bump alembic version * save increment to database * add locked_at to datetime transformer on import * do proper test cleanup * implement scheduled task * spelling * document env variables * implement context manager for session * use context manager * implement reset script * cleanup generator * run generator * implement API endpoint for resetting locked users * add button to reset all locked users * add info when account is locked * use ignore instead of expect-error
2025-07-13 16:44:02 -07:00 · 2022-08-13 13:18:12 -08:00 · 2022-08-13 13:18:12 -08:00 · b3c41a4bd0
commit b3c41a4bd0
parent ca64584fd1
35 changed files with 450 additions and 46 deletions
--- a/frontend/api/admin/admin-users.ts
+++ b/frontend/api/admin/admin-users.ts
@ -1,14 +1,19 @@
 import { BaseCRUDAPI } from "../_base";
-import { UserIn, UserOut } from "~/types/api-types/user";
+import { UnlockResults, UserIn, UserOut } from "~/types/api-types/user";

 const prefix = "/api";

 const routes = {
  adminUsers: `${prefix}/admin/users`,
  adminUsersId: (tag: string) => `${prefix}/admin/users/${tag}`,
+  adminResetLockedUsers: (force: boolean) => `${prefix}/admin/users/unlock?force=${force ? "true" : "false"}`,
 };

 export class AdminUsersApi extends BaseCRUDAPI<UserIn, UserOut, UserOut> {
  baseRoute: string = routes.adminUsers;
  itemRoute = routes.adminUsersId;
+
+  async unlockAllUsers(force = false) {
+    return await this.requests.post<UnlockResults>(routes.adminResetLockedUsers(force), {});
+  }
 }