From 12838143f344c01f141157b52f9bfdfcd495e043 Mon Sep 17 00:00:00 2001
From: samgibsonmoj <sam.gibson@justice.gov.uk>
Date: Tue, 20 Aug 2024 14:43:35 +0100
Subject: [PATCH 1/2] Fix issue for 'double' access fail count on invalid sign
 in

---
 src/Infrastructure/Services/Identity/CustomSigninManager.cs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/Infrastructure/Services/Identity/CustomSigninManager.cs b/src/Infrastructure/Services/Identity/CustomSigninManager.cs
index 2c32d758..1456a311 100644
--- a/src/Infrastructure/Services/Identity/CustomSigninManager.cs
+++ b/src/Infrastructure/Services/Identity/CustomSigninManager.cs
@@ -20,6 +20,11 @@ public override async Task<SignInResult> PasswordSignInAsync(string userName, st
         
         var passwordCheckResult = await CheckPasswordSignInAsync(user, password, lockoutOnFailure);
 
+        if(passwordCheckResult.Succeeded is false)
+        {
+            return passwordCheckResult;
+        }
+
         if (PasswordChecksOutAndRequiresPasswordReset(passwordCheckResult, user))
         {
             return CustomSignInResult.PasswordResetRequired;

From 3f4485da1a83afa53f83c7583341b85f690a648f Mon Sep 17 00:00:00 2001
From: samgibsonmoj <sam.gibson@justice.gov.uk>
Date: Tue, 20 Aug 2024 14:44:04 +0100
Subject: [PATCH 2/2] Allow reset of user password without roles

---
 src/Server.UI/Pages/Identity/Users/Users.razor | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Server.UI/Pages/Identity/Users/Users.razor b/src/Server.UI/Pages/Identity/Users/Users.razor
index edc0d51a..710ccabb 100644
--- a/src/Server.UI/Pages/Identity/Users/Users.razor
+++ b/src/Server.UI/Pages/Identity/Users/Users.razor
@@ -411,9 +411,9 @@
         _initialised = true;
     }
 
-    private bool CanResetPassword(string[] roles)
+    private bool CanResetPassword(string[] affectedUserRoles)
     {
-        var userRole = _roles.Where(role => roles.Contains(role.Name)).MinBy(role => role.RoleRank);
+        var userRole = _roles.Where(role => affectedUserRoles.Contains(role.Name)).MinBy(role => role.RoleRank);
         var currentUserRole = _roles.Where(role => CurrentRoles.Contains(role.Name)).MinBy(role => role.RoleRank);
         return _canResetPassword && currentUserRole?.RoleRank <= userRole?.RoleRank;
     }