Thanks to visit codestin.com
Credit goes to github.com

Skip to content

KEYCLOAK-17013 Brute force protection: Successfully logged in user should not have to wait up to 5 seconds for event processing #7748

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
stianst merged 1 commit into from
Aug 29, 2022
Merged

KEYCLOAK-17013 Brute force protection: Successfully logged in user should not have to wait up to 5 seconds for event processing #7748

stianst merged 1 commit into from
Aug 29, 2022

Conversation

@reda-alaoui
Copy link
Contributor

@reda-alaoui reda-alaoui commented Jan 31, 2021
edited
Loading

Fix #11695

@reda-alaoui reda-alaoui changed the title KEYCLOAK-17013 Brute force protection: Successfully logged in user should not have to wait at most 5 seconds for event processing KEYCLOAK-17013 Brute force protection: Successfully logged in user should not have to wait up to 5 seconds for event processing Jan 31, 2021
@reda-alaoui
KEYCLOAK-17013 Brute force protection: Successfully logged in user sh…
b6be217 
…ould not have to wait up to 5 seconds for event processing
@abstractj abstractj added missing/tests kind/enhancement Categorizes a PR related to an enhancement labels May 5, 2021
@reda-alaoui
Copy link
Contributor Author

reda-alaoui commented May 5, 2021
edited
Loading

I don't quite understand the missing test label.
Obviously, tests were missing on this area before my patch. Otherwise my patch would have led to a test failure, isn't it? :)
Also, #7954 is pretty similar to this one (an optimization on the same domain) and was merged without any additional test.

For now, it seems nobody knows why the code makes the successfully logged in user wait. Therefore I don't even know what kind of test I could write :)
TLDR: please tell me how to move this fix forward

@abstractj abstractj requested a review from vmuzikar May 31, 2021 13:52
@stianst stianst requested review from hmlnarik and mposolda February 16, 2022 07:35
@stianst
Copy link
Contributor

stianst commented Feb 16, 2022

@mposolda @hmlnarik had a quick look at this one and it looks like DefaultBruteForceProtector is for some reason using a queue to write updates to logging failures to avoid concurrent updates missing an increment. However, this is a completely broken concept as even though a single node is now using a single-thread to update login events, in most scenarios there are multiple nodes in a cluster. So, either we should just remove this queue stuff, and live with the fact that some events may be overwritten, or we should handle this at the SQL/db layer. Wdyt?

@stianst stianst merged commit 3f088bf into keycloak:main Aug 29, 2022
@stianst stianst mentioned this pull request Aug 29, 2022
Closed
@stianst
Copy link
Contributor

stianst commented Aug 29, 2022

Thanks, and sorry it's taken a rather long time to get this one merged. I've opened a follow-up to this one here:
#14084

@reda-alaoui reda-alaoui deleted the keycloak-17013 branch December 8, 2022 17:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vmuzikar vmuzikar Awaiting requested review from vmuzikar

@hmlnarik hmlnarik Awaiting requested review from hmlnarik

@mposolda mposolda Awaiting requested review from mposolda

Assignees

No one assigned

Labels

kind/enhancement Categorizes a PR related to an enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Brute force protection: Successfully logged in user should not have to wait up to 5 seconds for event processing

3 participants

@reda-alaoui @stianst @abstractj