I’ve implemented bruteForceProtection which blocks a user after X amount of failed login attempts. I’ve also created a Forget Password page that allows users to receive a temp password via email.
However, with these two combination, I’ve encountered an issue where a user forgot his password and got locked after several attempts. He then proceed to use Forget Password and received his temp password but are not able to use the temp password due to the username still being blocked by bruteForceProtection.
How do I make my Forget Password reset the blocked username after sending the temp password? I can’t seem to find where the blocked username is being stored.