中文EN
ResearchX Docs
English

Account and Authentication

Register, sign in/out, and session behavior

Account and Authentication

MVP Scope

  • Email/password registration
  • Sign in and sign out
  • Re-authentication when session expires
  • Account status control (active / disabled)
  • Public registration toggle (admin-controlled)
  • Linux user binding from the Profile page when enabled by administrators

Standard Flow

  1. Choose login or register at /auth
  2. After success, you are redirected to /workspace
  3. If you receive 401, sign in again

Session Lifetime

  • Standard login creates a 24-hour session by default
  • Login sessions now use sliding expiration, so active use automatically extends the session
  • The login page includes a Keep me signed in for 30 days option for a 30-day sliding session
  • Logging out immediately revokes the current session

Common Issues

  • Email already exists: use login flow
  • Invalid credentials: verify email/password input
  • Too many failed attempts: after 5 failed attempts, the account is temporarily locked for 15 minutes
  • Account permanently locked: contact an administrator to clear the login lock from User Management
  • Account disabled: contact an administrator to reactivate your account
  • Register button unavailable: admin has disabled public registration; contact an admin to create your account

Login Security Policy

  • Failed login attempts are tracked per account
  • After 5 consecutive failures, the account is temporarily locked for 15 minutes
  • If the same account triggers 3 temporary lockouts within the current policy window, the lock escalates to a permanent administrator-only unlock
  • Successful login clears failed-attempt state for that account
  • Failed, blocked, and successful login attempts are written to login audit events together with the request IP address

Admin recovery path: Admin login → lower-left menu → User Management → Unlock login

Linux User Binding

When Linux identity binding is enabled for the deployment, the Profile page shows a Linux User Binding section. This links your ResearchX account to a Linux account in the HPC / Slurm environment so supported projects can run jobs as your Linux identity.

How to use it:

  1. Go to /workspace/profile
  2. Enter the Linux username and password in Linux User Binding
  3. Click Bind/update user
  4. After binding, the page shows username, UID:GID, home directory, and verification time

Notes:

  • Each ResearchX account can bind one Linux user
  • Binding again replaces the current binding
  • Use Revoke to remove the binding
  • The Linux password is used for verification and is not shown on the Profile page
  • Project owners decide whether a project uses the bound identity from the project container settings

Known Limitation

  • Permanent lock escalation currently uses the start time of the latest failure series as an approximation for the 24-hour observation window. This is documented behavior for now, but not a strict rolling-window implementation.

Public Registration Control (Admin)

Administrators can control public registration from the User Management page:

  • Enabled: Anyone can register a new account from the login page
  • Disabled: The register button is grayed out with a notice; only admins can create new accounts via the user management page
  • Bootstrap mode: When no users exist, registration is automatically allowed (bootstrap mode) to create the first user; normal control resumes after

Configuration path: Admin login → lower-left menu → User Management → Registration toggle

On this page

Account and AuthenticationMVP ScopeStandard FlowSession LifetimeCommon IssuesLogin Security PolicyLinux User BindingKnown LimitationPublic Registration Control (Admin)