Add account unlock on password reset (#7146)

* added account unlock on password reset

* added account policy option

* added changelog entry

* Added docs entry

* moved changelog entry to correct position

* improved tests to ensure requesting password reset email does not unlock account

* run prettier

src/Options/Definitions.js

@@ -570,6 +570,12 @@ module.exports.AccountLockoutOptions = {
     help: 'number of failed sign-in attempts that will cause a user account to be locked',
     action: parsers.numberParser('threshold'),
   },
+  unlockOnPasswordReset: {
+    env: 'PARSE_SERVER_ACCOUNT_LOCKOUT_UNLOCK_ON_PASSWORD_RESET',
+    help: 'Is true if the account lock should be removed after a successful password reset.',
+    action: parsers.booleanParser,
+    default: false,
+  },
 };
 module.exports.PasswordPolicyOptions = {
   doNotAllowUsername: {

src/Options/docs.js

@@ -126,6 +126,7 @@
  * @interface AccountLockoutOptions
  * @property {Number} duration number of minutes that a locked-out account remains locked out before automatically becoming unlocked.
  * @property {Number} threshold number of failed sign-in attempts that will cause a user account to be locked
+ * @property {Boolean} unlockOnPasswordReset Is true if the account lock should be removed after a successful password reset.
  */
 
 /**

src/Options/index.js

@@ -301,6 +301,9 @@ export interface AccountLockoutOptions {
   duration: ?number;
   /* number of failed sign-in attempts that will cause a user account to be locked */
   threshold: ?number;
+  /* Is true if the account lock should be removed after a successful password reset.
+  :DEFAULT: false */
+  unlockOnPasswordReset: ?boolean;
 }
 
 export interface PasswordPolicyOptions {