We're implementing a mechanism to lock a user out with a user action after a number of failed login attempts. We want this lockout to persist until the user changes their password.
What we find is that if we create and then delete the lockout action and then the user tries to login again the account is locked after a single failed login attempt. We're expecting that after the lockout action is removed that the user has another number of failed login attempts to go through before a lockout again.
It would seem like this is a bug, but we can probably work around the issue if there is an API that could be called which would reset the user's failed login count.
Thanks