289174 – account locked due to unsaved password

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 289174 - account locked due to unsaved password

Summary: account locked due to unsaved password

Status:	RESOLVED FIXED

Alias:	None

Product:	z_Archived
Classification:	Eclipse Foundation
Component:	Mylyn (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P1 critical (vote)
Target Milestone:	3.6
Assignee:	Frank Becker
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	208839
	Show dependency tree

Reported:	2009-09-11 01:21 EDT by Steffen Pingel
Modified:	2011-05-28 17:31 EDT (History)
CC List:	2 users (show)

See Also:

Attachments
patch V1 (4.76 KB, patch) 2011-05-22 14:02 EDT, Frank Becker	no flags	Details \| Diff
mylyn/context/zip (15.04 KB, application/octet-stream) 2011-05-22 14:02 EDT, Frank Becker	no flags	Details
patch V2 (4.82 KB, patch) 2011-05-22 15:03 EDT, Frank Becker	no flags	Details \| Diff
mylyn/context/zip (3.81 KB, application/octet-stream) 2011-05-22 15:03 EDT, Frank Becker	no flags	Details
patch V3 (7.88 KB, patch) 2011-05-28 17:28 EDT, Frank Becker	no flags	Details \| Diff
mylyn/context/zip (4.44 KB, application/octet-stream) 2011-05-28 17:28 EDT, Frank Becker	no flags	Details
Show Obsolete (4) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Steffen Pingel

2009-09-11 01:21:40 EDT

I added bugzilla.mozilla.org to the list of repositories and restarted Eclipse without checking save password. After a few failed background synchronizations my account was locked due to excessive login failures.

This is the email I got:

Your Bugzilla account was locked, as the maximum number (5) of
failed logins was exceeded. To unlock your account, visit the following link:

https://bugzilla.mozilla.org/token.cgi?t=...&a=unlock_account

The login attempts occurred from these IP addresses:

xxx.xxx.xxx.xxx at 2009-09-10 21:30:22
xxx.xxx.xxx.xxx at 2009-09-10 21:30:22

Comment 1 Robert Elves

2009-09-11 23:20:50 EDT

Wow. I've never seen that happen before.  Guess I'll need to implement bug#208839 sooner then later.

Comment 2 David Shepherd

2010-04-28 14:20:34 EDT

In Bugzilla 3.6 the following feature was added:
* Users are now locked out of their accounts for 30 minutes after trying five bad passwords in a row during login.

If your password is missing or mangled when you start eclipse then you can easily hit this limit, by opening a few tasks.  If your BugMail is turned off (BugMail is somewhat redundant when you use Mylyn) then you will not receive any email and there is no way to unlock your account, aside from waiting.  In 3.6 I'm not sure if the email would allow you to unlock your account or just makes you wait for 30 minutes.  

Bug #208839 seems more important given these recent changes to Bugzilla, IMO.

Comment 3 Steffen Pingel

2010-04-28 14:23:35 EDT

Rob, can you please consider prioritizing this bug accordingly? This may require some support in the framework to track failed attempts accross operations.

Comment 4 Steffen Pingel

2011-05-15 17:30:29 EDT

I just experienced the same problem with bugs.eclipse.org.

We need to do something about this. The connector should at least stop authenticating when the login fails to avoid locking the account. Frank, it'd be great if you could look into this for 3.6 if you have some time.

Comment 5 Frank Becker

2011-05-22 05:37:17 EDT

(In reply to comment #4)
> I just experienced the same problem with bugs.eclipse.org.
> 
> We need to do something about this. The connector should at least stop
> authenticating when the login fails to avoid locking the account. Frank, it'd be
> great if you could look into this for 3.6 if you have some time.

OK I try to find the source of this problem

Comment 6 Frank Becker

2011-05-22 14:02:29 EDT

Created attachment 196297 [details]
patch V1

Steffen,
is it OK that I define ERROR_EMPTY_PASSWORD in mylyn/tasks/core/RepositoryStatus for fix this issue?

Comment 7 Frank Becker

2011-05-22 14:02:31 EDT

Created attachment 196298 [details]
mylyn/context/zip

Comment 8 Frank Becker

2011-05-22 15:03:16 EDT

Created attachment 196299 [details]
patch V2

Sorry patch V1 introduce some errors in the junit tests

Comment 9 Frank Becker

2011-05-22 15:03:18 EDT

Created attachment 196300 [details]
mylyn/context/zip

Comment 10 Steffen Pingel

2011-05-28 11:03:37 EDT

Thanks! Can you add a test case? Otherwise, please feel free to go ahead an commit this patch.

Comment 11 Frank Becker

2011-05-28 17:28:01 EDT

Created attachment 196835 [details]
patch V3

committed patch

Comment 12 Frank Becker

2011-05-28 17:28:03 EDT

Created attachment 196836 [details]
mylyn/context/zip

Comment 13 Frank Becker

2011-05-28 17:31:44 EDT

test case is now in HEAD!

So we can close this bug.