lockable.rb in devise-jdguyot-1.2.rc3

- old
+ new

@@ -34,16 +34,14 @@
         save(:validate => false)
       end
 
       # Unlock a user by cleaning locket_at and failed_attempts.
       def unlock_access!
-        if_access_locked do
-          self.locked_at = nil
-          self.failed_attempts = 0 if respond_to?(:failed_attempts=)
-          self.unlock_token = nil  if respond_to?(:unlock_token=)
-          save(:validate => false)
-        end
+        self.locked_at = nil
+        self.failed_attempts = 0 if respond_to?(:failed_attempts=)
+        self.unlock_token = nil  if respond_to?(:unlock_token=)
+        save(:validate => false)
       end
 
       # Verifies whether a user is locked or not.
       def access_locked?
         locked_at && !lock_expired?
@@ -74,9 +72,13 @@
       # Overwrites valid_for_authentication? from Devise::Models::Authenticatable
       # for verifying whether a user is allowed to sign in or not. If the user
       # is locked, it should never be allowed.
       def valid_for_authentication?
         return super unless persisted? && lock_strategy_enabled?(:failed_attempts)
+
+        # Unlock the user if the lock is expired, no matter
+        # if the user can login or not (wrong password, etc)
+        unlock_access! if lock_expired?
 
         case (result = super)
         when Symbol
           return result
         when TrueClass