lib/devise/models/lockable.rb in devise-jdguyot-1.2.rc vs lib/devise/models/lockable.rb in devise-jdguyot-1.2.rc2

@@ -20,11 +20,11 @@
     module Lockable
       extend  ActiveSupport::Concern
 
       delegate :lock_strategy_enabled?, :unlock_strategy_enabled?, :to => "self.class"
 
-      # Lock an user setting it's locked_at to actual time.
+      # Lock a user setting it's locked_at to actual time.
       def lock_access!
         self.locked_at = Time.now
 
         if unlock_strategy_enabled?(:email)
           generate_unlock_token
@@ -32,11 +32,11 @@
         end
 
         save(:validate => false)
       end
 
-      # Unlock an user by cleaning locket_at and failed_attempts.
+      # Unlock a user by cleaning locket_at and failed_attempts.
       def unlock_access!
         if_access_locked do
           self.locked_at = nil
           self.failed_attempts = 0 if respond_to?(:failed_attempts=)
           self.unlock_token = nil  if respond_to?(:unlock_token=)
@@ -58,11 +58,11 @@
       def resend_unlock_token
         if_access_locked { send_unlock_instructions }
       end
 
       # Overwrites active? from Devise::Models::Activatable for locking purposes
-      # by verifying whether an user is active to sign in or not based on locked?
+      # by verifying whether a user is active to sign in or not based on locked?
       def active?
         super && !access_locked?
       end
 
       # Overwrites invalid_message from Devise::Models::Authenticatable to define
@@ -70,30 +70,32 @@
       def inactive_message
         access_locked? ? :locked : super
       end
 
       # Overwrites valid_for_authentication? from Devise::Models::Authenticatable
-      # for verifying whether an user is allowed to sign in or not. If the user
+      # for verifying whether a user is allowed to sign in or not. If the user
       # is locked, it should never be allowed.
       def valid_for_authentication?
         return super unless persisted? && lock_strategy_enabled?(:failed_attempts)
 
         case (result = super)
         when Symbol
           return result
         when TrueClass
           self.failed_attempts = 0
+          save(:validate => false)
         when FalseClass
           # PostgreSQL uses nil as the default value for integer columns set to 0
           self.failed_attempts ||= 0
           self.failed_attempts += 1
           if attempts_exceeded?
             lock_access!
             return :locked
+          else
+            save(:validate => false)
           end
         end
 
-        save(:validate => false) if changed?
         result
       end
 
       protected