Joshua Ryder
0126b7e835
When an admin manually unlocks an account, both the account-level lockout and all IP-based rate limits for the login endpoint are now cleared. This ensures legitimate users can immediately attempt to login after being unlocked, without being blocked by stale rate limit cache entries. Changes: - Added clearAllRateLimitsForEndpoint() function to database utils - Modified unlock endpoint to clear login rate limits after unlocking - Updated success message to reflect rate limit clearing - Enhanced logging to track rate limit clearing operations Fixes issue where users would see "Too many login attempts" message even with correct credentials after admin unlock, due to persistent IP rate limit cache from previous failed attempts. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
21 KiB
21 KiB