Following is my scenario, I need to run the below test with 5 users for 10 minutes. Flow is login -> verification -> 360screen --> logout. I need all the 5 users to login and run verification and 360 screen for about 10 minutes and logout 1 by one. I dont want the test to run login and logout multiple times. Any suggestions?
Use a during loop. This is a very basic question, so you should take some time to read the documentation and have a look a the Gatling Academy.
Related
Am trying to log into my account,but firstly I need to get a confirmation code sent to my number by text to do so.i haven't received any code even though it is my correct number that it should be texted to.what should I do?
How many time did you tried to resend the confirmation code?
If you done it more than 3 times.
Try again after 24hours. After you get logged in, make sure to setup 2FA instead to your google authenticator or authy.
I have built a flutter app where user is created at backend WEB, in App users can only Login.
What I want to do is if the user attempts multiple failed attempt to login assume for 3 times, I want Login to get disabled for 5 minutes to the user.
help me how to approach it and the best suitable solution.
1.) Create a variable (global variable/ provider) "failed attempts".
2.) On failed attempt increase value =+ 1.
-> When user typed the correct password, delete the current count.
3.) When user failed 3 times -> save CurrentTime in the preference.
4.) Check it before attempting to login again.
-> Current time < (5 Minutes) compared to saved time
-> show popup "Sorry, you have to wait 5 minutes".
As nvoigt pointed out, you can/should store the variables in the backend, to increase security.
I would suggest using storage to store the DateTime of the last failed attempt after N number of failed attempts & checking if current time has passed X days or Y Hours or Z minutes and so on...
Note:
While I am suggesting using the storage for this, it is just out of convinience for you to implement & get going. It is not reliable as the user can change device's date & time settings or can reset/clear storage data.
In case if you are looking for a more secure approach with the same technique use something like firebase DB & Internet time instead of local storage & device time.
What I want to do is if the user attempts multiple failed attempt to login assume for 3 times, I want Login to get disabled for 5 minutes to the user.
This logic must be placed in the backend. When you call the login method on the backend, the backend has to keep track of how many unsuccessful tries there were and then lock the account for a specified time. Make sure you send a specific error code about the account being locked for the period to the frontend, so the frontend can display it and notify the user that trying to login is pointless.
There is no need to block the frontend from trying though. A malicious attacker will work around your protection anyway and a normal user may have reasons to try again (maybe with a different account).
You can use Timer class (link) and set needed delay to it. Block button at incorrect login action and after time runs out set it available again.
Specifically this is for iOS but this could and WILL be relevant to an Android app as well.
I have an app in production use with a login portion that only loads if the user isn't auth'd. Now, I was wondering if I can have have 2 layers of this.
I'm currently checking if the currentUser is nil/null. If not, then I proceed. If so, I take the user to a login view.
I want to essentially have the user login 2 times if 2 layers are both signed out. But in this form:
UserA -> UserA-1
So if user isn't logged into UserA then they can't be logged into UserA-1, if that makes sense.
I'm not sure if Firebase has something already made to handle this or if I have to make my own. If the latter, i'm curious as to what approaches you guys have taken.
It's only possible to have a single user signed in at one time for one app instance. Signing in a second user will implicitly sign out the prior user.
I have configured Google authenticator on Linux and my mfa is working fine, but according to me an MFA token should expire in 30 seconds but even after 30 seconds time I am able to use the token.
If I use the token then it is not reusable but if don't use it within my 30 seconds then I am able to use it after sometime also. Is this normal? I want my token to expire in 30 seconds even I used it or not used it. Can somebody help me on this?
Although your timestep might only be 30sec, the RFC specifies that the validating service should search the OTP value back and forth in time. This is recommended due to the drift of the clock. https://www.rfc-editor.org/rfc/rfc6238#section-6
This is why, most systems (including Google itself) allows one previous OTP, so while the code regenerates every 30 seconds, every OTP remains valid for 60 seconds.
You need to check your server-side settings
you must to set PeriodDiscrepancy to 0
An example would be if a user sat their phone down with my application open and running but there had been no interactions with the application in the last ten minutes, the user should be logged out and have to sign in again. Is this a parameter that can be defined?
There is no pre-defined parameter. You have to check yourself using a timer method and/or by recording the time of the last user interaction.
It's perfectly legal for an app to display its login UIView (again) after 10 minutes, but don't try to exit the app instead.
Quitting an active app, without user action/notification is considered bad form. However, if you must...
When your application starts, start
a timer (NSTimer).
Instrument every method in your
application to call a timer_reset
function.
After 10 minutes call exit (0);
Have a look at the various NSTimer methods.