This guide walks you through implementing a new security requirement using the RQCODE . Follow the steps carefully to complete the task successfully.
This task demonstrates how to use the RQCODE to implement a security requirement for password lockout. The goal is to create a requirement that locks user accounts after a defined number of failed login attempts, preventing brute-force attacks.
Before starting, ensure you have the following:
- Access to the RQCODE tutorial repository.
- Basic knowledge of Java programming.
To begin, make a fork of the RQCODE GitHub tutorial repository:
- Visit the repository: RQCODE Tutorial GitHub Repository.
- Follow this GitHub tutorial on how to fork a repository if you're unsure how to fork a repository.
- Navigate to the cloned repository folder on your local machine.
- Press the
.key to open the repository in an online VS Code IDE. - Click Run and Debug and then Continue Working On
- Click Create New Code Space
- Choose 2 cores, 8 GB RAM, 32 GB Storage
Follow this GitHub guide on creating a Pull Request from a fork.
It is important to create a Pull Request, as you will need to send the link to your Pull Request in the survey as proof of your work.
The system must lock a user’s account after 5 consecutive failed login attempts.
Your task is to implement the Security Requirement that enforces password lockout after 5 failed login attempts. Follow the steps below:
Your implementation should include the following functionality:
-
Implement the class
PasswordLockoutRequirement(ensure the name matches exactly). It should inherit from theRequirementclass. -
In this class, implement the following methods:
- Track and increment the count of failed login attempts for a specific user.
- Determine whether an account is locked after 5 consecutive failed login attempts.
- Provide a way to reset failed login attempts after a successful login or manual reset.
- Evaluate whether the lockout condition has been met and return the appropriate status using the
check()method.
For guidance, refer to the implementation of PasswordUpdateRequirement. This example demonstrates how to structure and implement a security requirement in RQCODE.
By following these steps, you will successfully integrate the password lockout functionality into the RQCODE framework.
For reference, you can check the implementation of a requirement in the PasswordLockoutRequirement. You might use it as a guide for your own implementation.
- The Main class is pre-implemented. Run it following the GitHub Guide.
- Install the recommended "Extension Pack for Java":
- After successful installation, you will see this window:
- In the terminal, you should be prompted with the following options:
Choose an action:
1. Simulate failed login attempt
2. Reset failed attempts
3. Check lockout status
4. Exit
After running the Main class, you should observe the following behavior:
- Enter
1: Simulate a failed login attempt multiple times. - Enter
3: Check the lockout status after 5 consecutive failed attempts. The system should respond with “Account is locked.” - Enter
2: Reset the failed attempts. Then, enter3again to verify that the account is no longer locked. - Enter
4: Exit the program.
We value your feedback! After completing the implementation, please take a moment to fill out the survey: