Do not convert calculated lockedOutUntil time to UTC#17007
Do not convert calculated lockedOutUntil time to UTC#17007AndyButland merged 2 commits intov13/devfrom
Conversation
|
I had a look at this one @Migaroez as can see it's not been reviewed yet. Unfortunately I couldn't get it to work for me. What I found was that if I run locally - so local time is CET (i.e. UTC + 1) - if I was logged out as a member I couldn't login again after the one minute configured The reason I believe is that the lockout end, defined on Microsoft's So that seems like the original code was correct in trying to set this to universal time. The problem seemed to be that the dates set on I've amended this to explicitly set the kind to local before doing the conversion to UTC, and that seems to work. My expectation is that this is kind of a plaster on the problem that we are getting these "invalid" dates here (i.e. server time, but with a Can you see what you think please? And re-verify the fix? |
…dentityMapDefinition for members.
e9de110 to
ce097df
Compare
|
Seems to work perfectly now, thx @AndyButland |
AndyButland
left a comment
There was a problem hiding this comment.
Great, I'll approve and merge then. Thanks for checking it over again.
…17007 for 16 (#20441) * Port PR #17007 * Update src/Umbraco.Infrastructure/Security/IdentityMapDefinition.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Prerequisites
Fixes #16988
Description
Back when Identity was upgraded to identity core, an oversight was made in the code conversion that ended up in a UTC time being stored inside a dateTimeOffset which results in Identity
LockoutEndvalue being set to values that do not correspond to the intend with the following timezone rangesDefaultLockoutTimeInMinutes.Testing
Umbraco::CMS::Security::MemberDefaultLockoutTimeInMinutessetting to a managable time (like 1 minute)Umbraco::CMS::Security::MemberPassword::MaxFailedAccessAttemptsBeforeLockoutsetting