Module: Devise::Models::Lockable
- Includes:
- Activatable
- Defined in:
- lib/devise/models/lockable.rb
Overview
Handles blocking a user access after a certain number of attempts. Lockable accepts two different strategies to unlock a user after it’s blocked: email and time. The former will send an email to the user when the lock happens, containing a link to unlock it’s account. The second will unlock the user automatically after some configured time (ie 2.hours). It’s also possible to setup lockable to use both email and time strategies.
Configuration:
maximum_attempts: how many attempts should be accepted before blocking the user.
unlock_strategy: unlock the user account by :time, :email or :both.
unlock_in: the time you want to lock the user after to lock happens. Only
available when unlock_strategy is :time or :both.
Defined Under Namespace
Modules: ClassMethods
Class Method Summary collapse
Instance Method Summary collapse
-
#active? ⇒ Boolean
Overwrites active? from Devise::Models::Activatable for locking purposes by verifying whether an user is active to sign in or not based on locked?.
-
#inactive_message ⇒ Object
Overwrites invalid_message from Devise::Models::Authenticatable to define the correct reason for blocking the sign in.
-
#lock ⇒ Object
Lock an user setting it’s locked_at to actual time.
-
#lock! ⇒ Object
Lock an user also saving the record.
-
#locked? ⇒ Boolean
Verifies whether a user is locked or not.
-
#resend_unlock! ⇒ Object
Resend the unlock instructions if the user is locked.
-
#send_unlock_instructions ⇒ Object
Send unlock instructions by email.
-
#unlock! ⇒ Object
Unlock an user by cleaning locket_at and failed_attempts.
-
#valid_for_authentication?(attributes) ⇒ Boolean
Overwrites valid_for_authentication? from Devise::Models::Authenticatable for verifying whether an user is allowed to sign in or not.
Class Method Details
.included(base) ⇒ Object
23 24 25 26 27 |
# File 'lib/devise/models/lockable.rb', line 23 def self.included(base) base.class_eval do extend ClassMethods end end |
Instance Method Details
#active? ⇒ Boolean
Overwrites active? from Devise::Models::Activatable for locking purposes by verifying whether an user is active to sign in or not based on locked?
75 76 77 |
# File 'lib/devise/models/lockable.rb', line 75 def active? super && !locked? end |
#inactive_message ⇒ Object
Overwrites invalid_message from Devise::Models::Authenticatable to define the correct reason for blocking the sign in.
81 82 83 84 85 86 87 |
# File 'lib/devise/models/lockable.rb', line 81 def if locked? :locked else super end end |
#lock ⇒ Object
Lock an user setting it’s locked_at to actual time.
30 31 32 33 34 35 36 |
# File 'lib/devise/models/lockable.rb', line 30 def lock self.locked_at = Time.now if unlock_strategy_enabled?(:email) generate_unlock_token send_unlock_instructions end end |
#lock! ⇒ Object
Lock an user also saving the record.
39 40 41 42 |
# File 'lib/devise/models/lockable.rb', line 39 def lock! lock save(false) end |
#locked? ⇒ Boolean
Verifies whether a user is locked or not.
55 56 57 |
# File 'lib/devise/models/lockable.rb', line 55 def locked? locked_at && !lock_expired? end |
#resend_unlock! ⇒ Object
Resend the unlock instructions if the user is locked.
65 66 67 68 69 70 71 |
# File 'lib/devise/models/lockable.rb', line 65 def resend_unlock! if_locked do generate_unlock_token unless unlock_token.present? save(false) send_unlock_instructions end end |
#send_unlock_instructions ⇒ Object
Send unlock instructions by email
60 61 62 |
# File 'lib/devise/models/lockable.rb', line 60 def send_unlock_instructions ::DeviseMailer.deliver_unlock_instructions(self) end |
#unlock! ⇒ Object
Unlock an user by cleaning locket_at and failed_attempts.
45 46 47 48 49 50 51 52 |
# File 'lib/devise/models/lockable.rb', line 45 def unlock! if_locked do self.locked_at = nil self.failed_attempts = 0 self.unlock_token = nil save(false) end end |
#valid_for_authentication?(attributes) ⇒ Boolean
Overwrites valid_for_authentication? from Devise::Models::Authenticatable for verifying whether an user is allowed to sign in or not. If the user is locked, it should never be allowed.
92 93 94 95 96 97 98 99 100 101 |
# File 'lib/devise/models/lockable.rb', line 92 def valid_for_authentication?(attributes) if result = super self.failed_attempts = 0 else self.failed_attempts += 1 lock if failed_attempts > self.class.maximum_attempts end save(false) if changed? result end |