From cf6c8799ab86278c827d4236a7a89163c61c29b9 Mon Sep 17 00:00:00 2001
From: William Carroll <wpcarro@gmail.com>
Date: Tue, 28 Jul 2020 21:33:58 +0100
Subject: Restrict users from multiple failed login attempts

I'm not resetting the failed LoginAttempt count, which is a low priority for
now, but necessary eventually.
---
 src/init.sql | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/init.sql')

diff --git a/src/init.sql b/src/init.sql
index 1439bd338835..117a3bd06f90 100644
--- a/src/init.sql
+++ b/src/init.sql
@@ -9,6 +9,7 @@ BEGIN TRANSACTION;
 DROP TABLE IF EXISTS Accounts;
 DROP TABLE IF EXISTS Trips;
 DROP TABLE IF EXISTS Sessions;
+DROP TABLE IF EXISTS LoginAttempts;
 
 CREATE TABLE Accounts (
 -- TODO(wpcarro): Add CHECK(..) constraint
@@ -38,4 +39,11 @@ CREATE TABLE Sessions (
   FOREIGN KEY (username) REFERENCES Accounts ON DELETE CASCADE
 );
 
+CREATE TABLE LoginAttempts (
+  username TEXT NOT NULL UNIQUE,
+  numAttempts INTEGER NOT NULL,
+  PRIMARY KEY (username),
+  FOREIGN KEY (username) REFERENCES Accounts ON DELETE CASCADE
+);
+
 COMMIT;
-- 
cgit 1.4.1