From b7c000b78b9af253fb115bbfa5ef0d4c0681abbb Mon Sep 17 00:00:00 2001
From: Lauri Ojansivu <x@xet7.org>
Date: Mon, 11 Mar 2019 19:47:23 +0200
Subject: Changed brute force protection package from eluck:accounts-lockout to
 lucasantoniassi:accounts-lockout that is maintained and works. Added
 Snap/Docker/Source settings.

Thanks to xet7 !

Closes #1572,
closes #1821
---
 start-wekan.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'start-wekan.sh')

diff --git a/start-wekan.sh b/start-wekan.sh
index 184be575..a791944e 100755
--- a/start-wekan.sh
+++ b/start-wekan.sh
@@ -43,6 +43,16 @@ function wekan_repo_check(){
       # Wekan Export Board works when WITH_API=true.
       # If you disable Wekan API with false, Export Board does not work.
       export WITH_API='true'
+      #---------------------------------------------------------------
+      # ==== PASSWORD BRUTE FORCE PROTECTION ====
+      #https://atmospherejs.com/lucasantoniassi/accounts-lockout
+      #Defaults below. Uncomment to change. wekan/server/accounts-lockout.js
+      #export ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3
+      #export ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60
+      #export ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15
+      #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3
+      #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60
+      #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15
       #---------------------------------------------
       # CORS: Set Access-Control-Allow-Origin header. Example: *
       #export CORS=*
-- 
cgit v1.2.3-1-g7c22