When the user has been blocked on REST request it is not possible to clear the flood via the GUI. It is however possible to clear the flood via the drush command `drush flood_unblock:all`

When logging in via REST two records exist in the flood table:

  1. user.failed_login_ip
  2. user.http_login

It would appear that the module is only deleting user.failed_login_ip and not user.http_login via the GUI

CommentFileSizeAuthor
#7 failed-rest-3124512-7.patch8.42 KBbatigolix
#6 failed-rest-3124512-6.patch4.36 KBbatigolix
#5 failed-rest-3124512-5.patch3.85 KBbatigolix
#3 failed-rest-3124512-3.patch773 bytesbatigolix

Issue fork flood_unblock-3124512

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

sittard created an issue. See original summary.

batigolix’s picture

batigolix
Primary language Dutch
Location Utrecht
commented
Assigned: Unassigned » batigolix

I'll have a crack at it

batigolix’s picture

batigolix
Primary language Dutch
Location Utrecht
commented
Status: Active » Needs review
StatusFileSize
new failed-rest-3124512-3.patch773 bytes

There seem to be 3 events that end up in the flood table: user.failed_login_user, user.http_login (the rest basic auth login) and user.failed_login_ip

user.http_login was not covered by flood_unblock. I extended the query so it is covered as well. Please check the patch.

There may be more events, but I couldn't find a list of them in the core user module.

batigolix’s picture

batigolix
Primary language Dutch
Location Utrecht
commented
Status: Needs review » Needs work

Bummer, the form submit deleting items from flood tables is broken.

batigolix’s picture

batigolix
Primary language Dutch
Location Utrecht
commented
Status: Needs work » Needs review
StatusFileSize
new failed-rest-3124512-5.patch3.85 KB

This should be better. I think there is more work to be done to remove code duplication, but that could be left for another issue.

batigolix’s picture

batigolix
Primary language Dutch
Location Utrecht
commented
StatusFileSize
new failed-rest-3124512-6.patch4.36 KB

One more tiny improvement

batigolix’s picture

batigolix
Primary language Dutch
Location Utrecht
commented
StatusFileSize
new failed-rest-3124512-7.patch8.42 KB

ok, ok, i did remove the duplicate code as well

and that's it: no more patches for today ;)

batigolix’s picture

batigolix
Primary language Dutch
Location Utrecht
commented

I see that this issue is probably not compatible with the changes here: #2928007: Support external Flood (Redis, etc.)

batigolix’s picture

batigolix
Primary language Dutch
Location Utrecht
commented
Assigned: batigolix » fabianderijk

  • batigolix committed c8d0dc3 on 3.0.x 
    Issue #3124512 by batigolix, sittard: Failed REST logins can only be...

batigolix opened merge request !1

  • batigolix committed b2da05b on 3.0.x 
    Issue #3124512 by batigolix: Failed REST logins can only be cleared via...
fabianderijk’s picture

fabianderijk
him/his
Primary language Dutch
Location Alphen aan den Rijn
commented
Status: Needs review » Fixed

Thanks @batigolix, this is now in the 3.0.x branch!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.