Sha256: ed35f6e02b5c8b3c8ef5d72f95708f44d2ce60adb2a80a48a8bab2574be33fee
Contents?: true
Size: 1.12 KB
Versions: 1
Compression:
Stored size: 1.12 KB
Contents
require 'authenticate/callbacks/brute_force'
module Authenticate
module Model
# Protect from brute force attacks.
# Lock accounts that have too many failed consecutive logins.
# Todo: email user to allow faster unlocking via token.
module BruteForce
extend ActiveSupport::Concern
def self.required_fields(klass)
[:failed_logins_count, :lock_expires_at]
end
def register_failed_login!
self.failed_logins_count ||= 0
self.failed_logins_count += 1
lock! if self.failed_logins_count >= max_bad_logins
end
def lock!
self.update_attribute(:lock_expires_at, Time.now.utc + lockout_period)
end
def unlock!
self.update_attributes({failed_logins_count: 0, lock_expires_at: nil})
end
def locked?
!unlocked?
end
def unlocked?
self.lock_expires_at.nil?
end
private
def max_bad_logins
Authenticate.configuration.max_consecutive_bad_logins_allowed
end
def lockout_period
Authenticate.configuration.bad_login_lockout_period
end
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| authenticate-0.1.0 | lib/authenticate/model/brute_force.rb |