diff --git a/thehive/app/org/thp/thehive/controllers/v1/Conversion.scala b/thehive/app/org/thp/thehive/controllers/v1/Conversion.scala
index e286f1f49f..19a471ef16 100644
--- a/thehive/app/org/thp/thehive/controllers/v1/Conversion.scala
+++ b/thehive/app/org/thp/thehive/controllers/v1/Conversion.scala
@@ -356,10 +356,26 @@ object Conversion {
       .withFieldComputed(_._id, _._id.toString)
       .withFieldConst(_.organisations, Nil)
       .withFieldComputed(_.avatar, user => user.avatar.map(avatar => s"/api/v1/user/${user._id}/avatar/$avatar"))
+      .withFieldConst(_.extraData, JsObject.empty)
       .enableMethodAccessors
       .transform
   )
 
+  implicit val userWithStatsOutput: Renderer.Aux[(RichUser, JsObject), OutputUser] =
+    Renderer.toJson[(RichUser, JsObject), OutputUser] { userWithExtraData =>
+      userWithExtraData
+        ._1
+        .into[OutputUser]
+        .withFieldComputed(_.permissions, _.permissions.asInstanceOf[Set[String]])
+        .withFieldComputed(_.hasKey, _.apikey.isDefined)
+        .withFieldComputed(_._id, _._id.toString)
+        .withFieldConst(_.organisations, Nil)
+        .withFieldComputed(_.avatar, user => user.avatar.map(avatar => s"/api/v1/user/${user._id}/avatar/$avatar"))
+        .withFieldConst(_.extraData, userWithExtraData._2)
+        .enableMethodAccessors
+        .transform
+    }
+
   implicit val userWithOrganisationOutput: Renderer.Aux[(RichUser, Seq[(Organisation with Entity, String)]), OutputUser] =
     Renderer.toJson[(RichUser, Seq[(Organisation with Entity, String)]), OutputUser] { userWithOrganisations =>
       val (user, organisations) = userWithOrganisations
@@ -370,6 +386,7 @@ object Conversion {
         .withFieldComputed(_.hasKey, _.apikey.isDefined)
         .withFieldConst(_.organisations, organisations.map { case (org, role) => OutputOrganisationProfile(org._id.toString, org.name, role) })
         .withFieldComputed(_.avatar, user => user.avatar.map(avatar => s"/api/v1/user/${user._id}/avatar/$avatar"))
+        .withFieldConst(_.extraData, JsObject.empty)
         .enableMethodAccessors
         .transform
     }
diff --git a/thehive/app/org/thp/thehive/services/LocalPasswordAuthSrv.scala b/thehive/app/org/thp/thehive/services/LocalPasswordAuthSrv.scala
index 6881b6f95c..7bee453db3 100644
--- a/thehive/app/org/thp/thehive/services/LocalPasswordAuthSrv.scala
+++ b/thehive/app/org/thp/thehive/services/LocalPasswordAuthSrv.scala
@@ -40,10 +40,17 @@ class LocalPasswordAuthSrv(db: Database, userSrv: UserSrv, localUserSrv: LocalUs
         false
     }
 
-  private def timeElapsed(user: User with Entity): Boolean =
+  def timeElapsed(user: User with Entity): Boolean =
     user.lastFailed.fold(true)(lf => resetAfter.fold(false)(ra => (System.currentTimeMillis - lf.getTime) > ra.toMillis))
 
-  private def maxAttemptsReached(user: User with Entity) =
+  def lockedUntil(user: User with Entity): Option[Date] =
+    if (maxAttemptsReached(user))
+      user.lastFailed.map { lf =>
+        resetAfter.fold(new Date(Long.MaxValue))(ra => new Date(ra.toMillis + lf.getTime))
+      }
+    else None
+
+  def maxAttemptsReached(user: User with Entity) =
     (for {
       ma <- maxAttempts
       fa <- user.failedAttempts