Tweak password reset security question handling

* Require all three answers to be correct (previously only two had to be) * Give the user three attempts instead of just two Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
2025-07-19 12:49:01 +02:00 · 2019-07-17 10:45:52 +12:00 · 2019-07-17 10:45:52 +12:00 · 436596159f
commit 436596159f
parent 2b98f751e6
1 changed files with 4 additions and 4 deletions
--- a/layerindex/auth_forms.py
+++ b/layerindex/auth_forms.py
@ -115,11 +115,11 @@ class SecurityQuestionPasswordResetForm(SetPasswordForm):
        return self.clean_answer_util("security_question_3", "answer_3")

    def clean(self):
-        # We require two correct security questions. If less than two are correct, the user gets
-        # one additional attempt before their account is locked out.
+        # We require three correct security question answers. The user gets
+        # three attempts before their account is locked out.
        answer_attempts = self.user.userprofile.answer_attempts
-        if self.correct_answers < 2:
-            if answer_attempts == 0:
+        if self.correct_answers < 3:
+            if answer_attempts < 2:
                self.user.userprofile.answer_attempts = self.user.userprofile.answer_attempts + 1
                self.user.userprofile.save()
                raise forms.ValidationError("One or more security answers are incorrect.", code="incorrect_answers")