From 89e21996048b51dcb9e05f4d975e7dca1cbcf473 Mon Sep 17 00:00:00 2001
From: Clinton Graham <ctgraham@pitt.edu>
Date: Fri, 27 Aug 2021 17:29:42 -0400
Subject: [PATCH] Fix limit retry feature

---
 features/LimitRetry.inc.php                                 | 6 +++++-
 .../{DisabledLogin.inc.php => DisabledLoginHandler.inc.php} | 0
 2 files changed, 5 insertions(+), 1 deletion(-)
 rename handlers/{DisabledLogin.inc.php => DisabledLoginHandler.inc.php} (100%)

diff --git a/features/LimitRetry.inc.php b/features/LimitRetry.inc.php
index 63b4389..09265a8 100644
--- a/features/LimitRetry.inc.php
+++ b/features/LimitRetry.inc.php
@@ -60,8 +60,12 @@ private function _handleTemplateDisplay() : void {
 			$time = $user->getFailedTime();
 
 			// Discard old bad password attempts
+			// When the memory has expired
 			if ($count && $time < time() - $this->_lockExpiresSeconds) {
-				$badpwFailedLoginsDao->resetCount($user);
+				// And the user is not currently locked
+				if ($user->getCount() < $this->_maxRetries || $user->getFailedTime() <= time() - $this->_lockSeconds) {
+					$badpwFailedLoginsDao->resetCount($user);
+				}
 			}
 
 			// Update the count to represent this failed attempt
diff --git a/handlers/DisabledLogin.inc.php b/handlers/DisabledLoginHandler.inc.php
similarity index 100%
rename from handlers/DisabledLogin.inc.php
rename to handlers/DisabledLoginHandler.inc.php