Module: Sorcery::Model::Submodules::BruteForceProtection
- Defined in:
- lib/sorcery/model/submodules/brute_force_protection.rb
Overview
This module helps protect user accounts by locking them down after too many failed attemps to login were detected. This is the model part of the submodule which provides configuration options and methods for locking and unlocking the user.
Defined Under Namespace
Modules: ClassMethods, InstanceMethods
Class Method Summary collapse
Class Method Details
.included(base) ⇒ Object
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
# File 'lib/sorcery/model/submodules/brute_force_protection.rb', line 9 def self.included(base) base.sorcery_config.class_eval do attr_accessor :failed_logins_count_attribute_name, # failed logins attribute name. :lock_expires_at_attribute_name, # this field indicates whether user # is banned and when it will be active again. :consecutive_login_retries_amount_limit, # how many failed logins allowed. :login_lock_time_period, # how long the user should be banned. # in seconds. 0 for permanent. :unlock_token_attribute_name, # Unlock token attribute name :unlock_token_email_method_name, # Mailer method name :unlock_token_mailer_disabled, # When true, dont send unlock token via email :unlock_token_mailer # Mailer class end base.sorcery_config.instance_eval do @defaults.merge!(:@failed_logins_count_attribute_name => :failed_logins_count, :@lock_expires_at_attribute_name => :lock_expires_at, :@consecutive_login_retries_amount_limit => 50, :@login_lock_time_period => 60 * 60, :@unlock_token_attribute_name => :unlock_token, :@unlock_token_email_method_name => :send_unlock_token_email, :@unlock_token_mailer_disabled => false, :@unlock_token_mailer => nil) reset! end base.sorcery_config.before_authenticate << :prevent_locked_user_login base.sorcery_config.after_config << :define_brute_force_protection_fields base.extend(ClassMethods) base.send(:include, InstanceMethods) end |