Number of login authentication attempts

Help
1

When I set the number of login authentication attempts to 5, if the user fails to authenticate 5 times, there is no message that the user has been suspended. I tried to add such a message on the front end, I hope to add an error code or use it for the front end.

This is an example of my project and front-end code, the effect is not very ideal.

useAuth.ts
/**
   * Get user status via email
   * @param email - User Email
   * @returns {Promise<"active" | "suspended" | null>} User Status
   */
  const getUserStatusByEmail = async (email: string): Promise<"active" | "suspended" | null> => {
    try {
      const users = await $directus.request(
        $user.readUsers({
          filter: { email: { _eq: email } },
          fields: ["status"],
          limit: 1,
        })
      );
      if (users && users.length > 0) {
        return users[0]?.status as "active" | "suspended";
      }
      return null;
    } catch (error) {
      return null;
    }
  };

LoginForm.vue
const status = await getUserStatusByEmail(email.value);
  if (status === "suspended") {
    toast.add({
      title: "Login",
      description: "Your login has been suspended due to too many login attempts. Please contact the administrator.",
      icon: "hugeicons:alert-02",
      color: "error",
    });
    return;
  }
2

Hey, thanks for writing in! And welcome to the community :waving_hand:

I’d have to check with the engineering team to be 100% certain, but I believe this may be intentionally designed as a security feature.

If there’s an attacker using some type of brute force attack, knowing that an account has been suspended could actually be an advantage to them - it confirms the account exists and that their attempts are having an impact.

By keeping the response consistent regardless of account status, it helps protect against information disclosure that could be useful for attackers.

If it’s behavior you’d like to change, though, feel free to create a feature request or GitHub issue in our Directus repository.

The team is always open to feedback and suggestions for improving the platform! :sign_of_the_horns: