Account Locking for mongoose user schema

npm install mongoose-account-locking
1 downloads in the last week
4 downloads in the last month

Mongoose Account Locking - Useful for Mongoose User Schema with locking

This mongoose plugin is based on the post by Jeremy Martin’s DevSmash Blog

How it works?

  • A user’s account should be “locked” after some number of consecutive failed login attempts
  • A user’s account should become unlocked once a sufficient amount of time has passed
  • The User model should expose the reason for a failed login attempt to the application (though not necessarily to the end user)


npm install mongoose-account-locking

How to use?

After define your Mongoose user schema, just add mongoose-account-locking as plugin to your user schema


You can also pass options when adding plugin

var options = {
    , maxLoginAttempts = 5
    , lockTime = 2 * 60 * 60 * 1000
    , username = 'username'
    , password = 'password';
User.plugin(locking, options)


  • maxLoginAttempts : Maximum number of allowable failed logins

  • lockTime : Amount of duration that account will be locked after exceeding the maxLoginAttemts

  • username : username key that is used in User schema. By default, it is 'username'. If you are using email as username, you can set to 'email'

  • password : password key that is used in User schema. By default, it is 'password'.

You can authenticate user as follows

// Create Model based on User Schema
var User = mongoose.model('User', UserSchema);

// Authenticate username and password
// If success, callback receive user
// If failure, callback receive err or reason
User.getAuthenticated('username', 'MyPassword', function(err, user, reason) {
    // Write your code here


Refer examples folder for sample code

To verify the code, you have to run the sample.js 5 times. After 5th time, it will lock the account. It wont allow you to access the account for next 2 hours.



MIT License

npm loves you