Add new configuration to indefinitely lock the user util admin unlock

.changeset/cuddly-jeans-hope.md

@@ -0,0 +1,6 @@
+---
+"@wso2is/admin.server-configurations.v1": patch
+"@wso2is/console": patch
+---
+
+Support the feature indefinitely lock user until admin unlocks

apps/console/src/extensions/i18n/models/extensions.ts

@@ -3145,6 +3145,7 @@ export interface Extensions {
                     form: {
                         fields: {
                             accountLockIncrementFactor: FormAttributes;
+                            enableIndefiniteUserLockduration: FormAttributes;
                             accountLockTime: FormAttributes;
                             enable: FormAttributes;
                             maxFailedAttempts: FormAttributes;

apps/console/src/extensions/i18n/resources/en-US/extensions.ts

@@ -3773,6 +3773,12 @@ export const extensions: Extensions = {
                                         "with 1 or 2 digits."
                                 }
                             },
+                            enableIndefiniteUserLockduration: {
+                                hint:
+                                    "The account will be locked indefinitely after max failed attempts until the account " +
+                                    "is manually unlocked by an admin",
+                                label: "Enable indefinite user lock duration"
+                            },
                             accountLockTime: {
                                 hint:
                                     "This specifies the initial duration that the account will be locked for. " +

features/admin.server-configurations.v1/forms/login-attempt-security-form.tsx

@@ -146,6 +146,7 @@ export const LoginAttemptSecurityConfigurationFrom: FunctionComponent<
     const [ lockDuration, setLockDuration ] = useState<string>(undefined);
     const [ lockIncrementRatio, setLockIncrementRatio ] = useState<string>(undefined);
     const [ notifyUserOnAccountLockIncrement, setNotifyUserOnAccountLockIncrement ] = useState<boolean>(undefined);
+    const [ enableIndefiniteUserLockduration, setenableIndefiniteUserLockduration ] = useState<boolean>(undefined);
     const [ accordionActiveIndex, setAccordionActiveIndex ] = useState<string | number>(undefined);
 
     /**
@@ -173,6 +174,7 @@ export const LoginAttemptSecurityConfigurationFrom: FunctionComponent<
                         accountLockTime: property.value
                     };
                     setLockDuration(property.value);
+                    setenableIndefiniteUserLockduration(parseInt(property.value) === 0);
                 } else if (property.name === ServerConfigurationsConstants.ACCOUNT_LOCK_TIME_INCREMENT_FACTOR) {
                     resolvedInitialValues = {
                         ...resolvedInitialValues,
@@ -269,8 +271,9 @@ export const LoginAttemptSecurityConfigurationFrom: FunctionComponent<
             // Check for invalid input.
             errors.accountLockTime = t("extensions:manage.serverConfigurations.accountSecurity." +
                 "loginAttemptSecurity.form.fields.accountLockTime.validations.invalid");
-        } else if ((parseInt(values.accountLockTime, 10) < GovernanceConnectorConstants
-            .LOGINS_ATTEMPT_SECURITY_FORM_FIELD_CONSTRAINTS.ACCOUNT_LOCK_TIME_MIN_VALUE)
+        } else if (((parseInt(values.accountLockTime, 10) < GovernanceConnectorConstants
+            .LOGINS_ATTEMPT_SECURITY_FORM_FIELD_CONSTRAINTS.ACCOUNT_LOCK_TIME_MIN_VALUE) &&
+            !enableIndefiniteUserLockduration)
             || (parseInt(values.accountLockTime, 10) > GovernanceConnectorConstants
                 .LOGINS_ATTEMPT_SECURITY_FORM_FIELD_CONSTRAINTS.ACCOUNT_LOCK_TIME_MAX_VALUE)) {
             // Check for invalid range.
@@ -325,6 +328,11 @@ export const LoginAttemptSecurityConfigurationFrom: FunctionComponent<
         setAccordionActiveIndex(newIndex);
     };
 
+    const updateEnableIndefiniteAccountLockDuration = (value: any) => {
+        setenableIndefiniteUserLockduration(value);
+        setLockDuration("0");
+    };
+
     /**
      * Renders sample info section with example configuration details.
      *
@@ -472,6 +480,25 @@ export const LoginAttemptSecurityConfigurationFrom: FunctionComponent<
                             "loginAttemptSecurity.form.fields.maxFailedAttempts.hint")
                     }
                 </Hint>
+                <Field.Checkbox
+                    ariaLabel="enableIndefiniteUserLockduration"
+                    name="enableIndefiniteUserLockduration"
+                    label={ t("extensions:manage.serverConfigurations.accountSecurity." +
+                        "loginAttemptSecurity.form.fields.enableIndefiniteUserLockduration.label") }
+                    listen={ (value: boolean) => updateEnableIndefiniteAccountLockDuration(value) }
+                    checked={ enableIndefiniteUserLockduration }
+                    required={ false }
+                    readOnly={ readOnly }
+                    disabled={ !isConnectorEnabled }
+                    width={ 10 }
+                    data-testid={ `${testId}-enable-indefinite-user-lock-duration` }
+                />
+                <Hint className={ "mb-5" }>
+                    {
+                        t("extensions:manage.serverConfigurations.accountSecurity." +
+                            "loginAttemptSecurity.form.fields.enableIndefiniteUserLockduration.hint")
+                    }
+                </Hint>
                 <Field.Input
                     ariaLabel="accountLockTime"
                     inputType="number"
@@ -501,7 +528,7 @@ export const LoginAttemptSecurityConfigurationFrom: FunctionComponent<
                             .LOGINS_ATTEMPT_SECURITY_FORM_FIELD_CONSTRAINTS.ACCOUNT_LOCK_TIME_MIN_LENGTH
                     }
                     width={ 10 }
-                    disabled={ !isConnectorEnabled }
+                    disabled={ !isConnectorEnabled || enableIndefiniteUserLockduration }
                     labelPosition="right"
                     data-testid={ `${testId}-account-lock-time` }
                     readOnly={ readOnly }