Isura, as per my understanding, in most of the cases 'inactive' user are
treated as non-existing users.
So from the domain model side we should have a method to .....
get the active users (since this the default case, we can even name
the method as getUsers() )
and another method to ....
get the user including inactive users
When it comes to operations, we anyway have to have an interceptor in the
authentication flow to refuse locked users (inative users will no even be
considered)
On Fri, Jan 20, 2017 at 3:32 PM, Isura Karunaratne <[email protected]> wrote:
> Hi all,
>
>
> We are working on implementing account lock/disable features for IS 6.0.0.
>
> *Account Lock: *
>
> - User *must not *be able to login to the system.
> - Admin user *can* update the user attributes and assign roles
> (account is active)
> - User cannot start a password recovery flow.
>
> *Account Disable: *
>
> - User *must not* be able to login to the system.
> - Admin user *can not* update the user attributes and cannot assign
> roles until enabling the account. (inactive state)
> - User cannot start a password recovery flow.
>
>
>
> *When will the account be locked?*
>
>
>
> - Self Signup users until account confirmation
> - Try to login with invalid credentials more than configured number of
> attempts. Then the account will be locked configured amount of time. (Like
> 5 minutes). This lock time will be increased if the user locked again based
> on a configuration.
> - Provide invalid answers more than configured number of attempts,
> when password recovery
> - User onboarding with Email/SMS verification flow.
> - When admin needs to block the user to login to the system
> - When admin initiated password reset flow starts.
>
>
>
> *When will the account be disabled?*
>
>
>
>
>
> - When admin needs to inactivate user.
>
>
>
> What is the best way handle account disable check? We can do this from a
> inceptor level, then we need to check account disable in each operation.
>
> Thanks
> Isura.
>
>
>
>
>
> *Isura Dilhara Karunaratne*
> Senior Software Engineer | WSO2
> Email: [email protected]
> Mob : +94 772 254 810 <+94%2077%20225%204810>
> Blog : http://isurad.blogspot.com/
>
>
>
>
> _______________________________________________
> Architecture mailing list
> [email protected]
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
--
*Best Regards*
*Rushmin Fernando*
*Technical Lead*
WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
mobile : +94775615183
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
