rp
01/12/2022, 5:25 AMisLockedOut
, clearLoginAttemptCount
, getLoginAttemptCount
, lockOutEmail
and setLoginAttemptCount
to talk to your own db.
- The isLockedOut
function will return true
if the email is locked and it's been <= 10 mins since the email was locked (as per your requirement).
- Sending WRONG_CREDENTIALS_ERROR
if isLockedOut
, will display that the entered credentials are incorrect on the frontend. This might be the best thing to do from a security point of view, but you can also throw an error and catch it in your own app error handler and then send a custom response to the frontend.
- You can even override other functions like createResetPasswordToken
to check if the email is locked out and if it is, then prevent the user from doing a password reset flow.