From c5c17fdd9be3a34a8ab5af8712a39df4165e8ec7 Mon Sep 17 00:00:00 2001
From: Fanilo-Nantenaina <r.fanilonantenain.a@gmail.com>
Date: Tue, 13 Jan 2026 10:42:58 +0300
Subject: [PATCH] fix(auth): increase failed login attempt threshold from 5 to
 15

---
 routes/auth.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/routes/auth.py b/routes/auth.py
index 0d18349..5fc2554 100644
--- a/routes/auth.py
+++ b/routes/auth.py
@@ -101,7 +101,7 @@ async def check_rate_limit(
     )
     failed_attempts = result.scalars().all()
 
-    if len(failed_attempts) >= 5:
+    if len(failed_attempts) >= 15:
         return False, "Trop de tentatives échouées. Réessayez dans 15 minutes."
 
     return True, ""
@@ -286,7 +286,7 @@ async def login(
         if user:
             user.failed_login_attempts += 1
 
-            if user.failed_login_attempts >= 5:
+            if user.failed_login_attempts >= 15:
                 user.locked_until = datetime.now() + timedelta(minutes=15)
                 await session.commit()
                 raise HTTPException(