Hi Clemens, Cool. +1 to publish it on contrib + exo (either xwiki-contrib or xwiki-attric if you don’t plan to maintain it).
Thanks -Vincent > On 17 Aug 2019, at 21:40, Clemens Klein-Robbenhaar > <robbenh...@green-meadows.de> wrote: > > Hi devs. > > I noticed that the recent 11.6.x series have introduced a way to deal with > attempts to guess a users password by introducing a strategy to handle > repeated login failures. I should have payed attention before this was > published because I have been implementing something similar because of > several user requests. > > Anyway, my alternative solution has been finished in parallel, and I wonder > if there is any interest of hosting this as a contrib project. > > The implementation differs in the following details: > > - it does not use the new AuthenticationFailureEvents and the introduced > component API, instead it implements its own XWikiAuthService > - this means it works for 10.x, too (which my users are mostly running) > - otoh it does not work with e.g. the LDAPAuthenticator > - it also allows to block IPs (not that I care much about, but some people > want this) > - it unblocks the user after a given time frame without having an Admin to > intervene > > I guess I can migrate at least most of it into the new > AuthenticationFailureStrategy to have a showcase for a different > implementation, but for now it is a separate and already slightly outdated > implementation. > > I think I will upload the results to e.x.o anyway (with a big note that this > is superseded since XWiki 11.6), but is there any interest of hosting this as > an xwiki-contrib project, maybe with the name 'authenticator-blocking', > package 'org.xwiki.contrib.blockingauth' and maybe even a Jira project like > 'BLOCKINGAUTH' ? > > Best, > Clemens >