By default you have 3 attempts to log into Dradis before your account is locked, to prevent brute-force attacks on your Dradis instance. Depending on your team, Dradis deployment type, and your workflow, you may want to increase or decrease the maximum login attempts allowed by Dradis before an account is locked. To change the max login attempt count:
Reminder: local changes will be overwritten the next time you upgrade. If you make any local changes, make sure to re-apply them every time you upgrade Dradis.
If a user exceeds the allowed number of login attempts to Dradis, their account will be locked. In that case, to unlock the account, the account password will need to be reset. This can be done by the user themselves using the Forgot my Password! option on the Dradis login page.
This presupposes that you have configured the mail server for Dradis. If you have not done so, an Admin can edit the account to reset the user's password, and you can reset the user's count of login attempts through the command line. You will need to locate the user ID of the specific user (e.g. /pro/admin/users/123/edit; you can see this when logged in as your other Admin user, browsing to the "Users" tab, and hovering over the "Edit" button for your locked user) and sub it in for 123 in the example below:
$ cd /opt/dradispro/dradispro/current/ $ RAILS_ENV=production bundle exec rails console irb> u = User.find(123) irb> u.preferences.failed_auth_count = 0 irb> u.save irb> exit
Next help article: Increase session timeout period →