Time ban on users pressing a certain button more than 3 times

Time ban on users pressing a certain button more than 3 times

  

Hi All,


I am trying to stop people from constantly calling upon an API call, I want to give them three chances to get the required details correct and if they do not get it right within this time then they should be timed out for around 5 minuets. Any ideas on how to do this that does not involve storing it on local storage. I want to be able to use an Environment level setting. 

Hello Daniel,

The ban is personalized per user. What do you mean when you talk about "Environment level setting"?

Cheers.

Solution

The way i would solve this:

- Create a table with 2 columns: Userid and timestamp

- Encapsulate the API-call in a server-action

- When calling this server action:

    - Check if there are 3 records in the new table for this user

   - IF so: check if the oldest is more than x-minutes old

          - If so reject the call

- If not more then 3 records: create record with userid and currdatetime and call the api

- Else delete oldest timestamp for this user and create new record for this user with currdatetime

- Call the API

The x-minutes you could store in site-property.




Solution

Joost Rutten wrote:

The way i would solve this:

- Create a table with 2 columns: Userid and timestamp

- Encapsulate the API-call in a server-action

- When calling this server action:

    - Check if there are 3 records in the new table for this user

   - IF so: check if the oldest is more than x-minutes old

          - If so reject the call

- If not more then 3 records: create record with userid and currdatetime and call the api

- Else delete oldest timestamp for this user and create new record for this user with currdatetime

- Call the API

The x-minutes you could store in site-property.




I would only want to block them out for 5 minuets and then they would be able to attempt to use the API call again, is there a function i could use to set the amount of time they can't see/use that button? 


Eduardo Jauch wrote:

Hello Daniel,

The ban is personalized per user. What do you mean when you talk about "Environment level setting"?

Cheers.

Apologies for not getting back to you sooner, I had worked out a way to do it shortly after posting the question I am now storing a counter in the outsystems database which increments up by one when the call fails, the thing I am struggling with now which you may be able to help me with is putting a lock out time on that user from using that call for 5 minuets. I basically want to stop them from using the API call for 5 minuets refreshing the counter after the 5 minuets is up.  


Hi Daniel,

You need to add a timestamp to your record with the counter in database, setting the experiation period for the ban.

Every time the user tries to use the API "successfully", you check in your logic to find if there is an active ban.
If not, you let it do it. If there is still an active ban (time not expired) you deny access.

If the user gets something wrong, you update the counter, and than if the counter is higher than 3, you set the time to release the ban.

I think this should work.

Cheers.

Daniel Sunner wrote:

is there a function i could use to set the amount of time they can't see/use that button? 


You can create that function with the logic i described above, leaving the api-call and record-update out of it. Maker a function of it, returning a boolean. Call this function to determine if the button should be enabled.