Severity: Warning
File: src/Servy/Validators/ServiceConfigurationValidator.cs
Lines: 170–177
Description:
NativeMethods.ValidateCredentials(dto.UserAccount, dto.Password) performs a real network logon attempt. If the user clicks Save multiple times with a wrong password (or the Manager validator, which lacks a password-match pre-check, passes a typo directly to the domain controller), this can trigger account lockout policies. There is no rate-limiting, debounce, or lockout-prevention logic.
Suggested fix:
Document the lockout risk. Add a debounce or present a warning. The Manager validator should also add a passwords-match check before calling ValidateCredentials, mirroring the Servy UI validator.
Severity: Warning
File:
src/Servy/Validators/ServiceConfigurationValidator.csLines: 170–177
Description:
NativeMethods.ValidateCredentials(dto.UserAccount, dto.Password)performs a real network logon attempt. If the user clicks Save multiple times with a wrong password (or the Manager validator, which lacks a password-match pre-check, passes a typo directly to the domain controller), this can trigger account lockout policies. There is no rate-limiting, debounce, or lockout-prevention logic.Suggested fix:
Document the lockout risk. Add a debounce or present a warning. The Manager validator should also add a passwords-match check before calling
ValidateCredentials, mirroring the Servy UI validator.