enable lockable strategy for users

Nihad Abbasov
1 parent 2abd054b
Showing 4 changed files with 15 additions and 7 deletions Show diff stats
app/models/user.rb
config/initializers/devise.rb
db/migrate/20120706065612_add_lockable_to_users.rb
db/schema.rb
 class User < ActiveRecord::Base
   include Account
  
-  devise :database_authenticatable, :token_authenticatable,
+  devise :database_authenticatable, :token_authenticatable, :lockable,
          :recoverable, :rememberable, :trackable, :validatable, :omniauthable
  
   attr_accessible :email, :password, :password_confirmation, :remember_me, :bio,
-                  :name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme, 
+                  :name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme,
                   :theme_id, :force_random_password
  
   attr_accessor :force_random_password
@@ -115,7 +115,7 @@ Devise.setup do |config|
   # Defines which strategy will be used to lock an account.
   # :failed_attempts = Locks an account after a number of failed attempts to sign in.
   # :none            = No lock strategy. You should handle locking by yourself.
-  # config.lock_strategy = :failed_attempts
+  config.lock_strategy = :failed_attempts
  
   # Defines which key will be used when locking and unlocking an account
   # config.unlock_keys = [ :email ]
@@ -125,14 +125,14 @@ Devise.setup do |config|
   # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
   # :both  = Enables both strategies
   # :none  = No unlock strategy. You should handle unlocking by yourself.
-  # config.unlock_strategy = :both
+  config.unlock_strategy = :time
  
   # Number of authentication tries before locking an account if lock_strategy
   # is failed attempts.
-  # config.maximum_attempts = 20
+  config.maximum_attempts = 10
  
   # Time interval to unlock the account if :time is enabled as unlock_strategy.
-  # config.unlock_in = 1.hour
+  config.unlock_in = 10.minutes
  
   # ==> Configuration for :recoverable
   #
@@ -0,0 +1,6 @@
+class AddLockableToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :failed_attempts, :integer, :default => 0
+    add_column :users, :locked_at, :datetime
+  end
+end
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
  
-ActiveRecord::Schema.define(:version => 20120627145613) do
+ActiveRecord::Schema.define(:version => 20120706065612) do
  
   create_table "events", :force => true do |t|
     t.string   "target_type"
@@ -169,6 +169,8 @@ ActiveRecord::Schema.define(:version =&gt; 20120627145613) do
     t.integer  "theme_id",                              :default => 1,     :null => false
     t.string   "bio"
     t.boolean  "blocked",                               :default => false, :null => false
+    t.integer  "failed_attempts",                       :default => 0
+    t.datetime "locked_at"
   end
  
   add_index "users", ["email"], :name => "index_users_on_email", :unique => true
1	1	class User < ActiveRecord::Base
2	2	include Account
3	3
4		- devise :database_authenticatable, :token_authenticatable,
	4	+ devise :database_authenticatable, :token_authenticatable, :lockable,
5	5	:recoverable, :rememberable, :trackable, :validatable, :omniauthable
6	6
7	7	attr_accessible :email, :password, :password_confirmation, :remember_me, :bio,
8		- :name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme,
	8	+ :name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme,
9	9	:theme_id, :force_random_password
10	10
11	11	attr_accessor :force_random_password
...	...
...	...	@@ -115,7 +115,7 @@ Devise.setup do \|config\|
115	115	# Defines which strategy will be used to lock an account.
116	116	# :failed_attempts = Locks an account after a number of failed attempts to sign in.
117	117	# :none = No lock strategy. You should handle locking by yourself.
118		- # config.lock_strategy = :failed_attempts
	118	+ config.lock_strategy = :failed_attempts
119	119
120	120	# Defines which key will be used when locking and unlocking an account
121	121	# config.unlock_keys = [ :email ]
...	...	@@ -125,14 +125,14 @@ Devise.setup do \|config\|
125	125	# :time = Re-enables login after a certain amount of time (see :unlock_in below)
126	126	# :both = Enables both strategies
127	127	# :none = No unlock strategy. You should handle unlocking by yourself.
128		- # config.unlock_strategy = :both
	128	+ config.unlock_strategy = :time
129	129
130	130	# Number of authentication tries before locking an account if lock_strategy
131	131	# is failed attempts.
132		- # config.maximum_attempts = 20
	132	+ config.maximum_attempts = 10
133	133
134	134	# Time interval to unlock the account if :time is enabled as unlock_strategy.
135		- # config.unlock_in = 1.hour
	135	+ config.unlock_in = 10.minutes
136	136
137	137	# ==> Configuration for :recoverable
138	138	#
...	...
...	...	@@ -0,0 +1,6 @@
	1	+class AddLockableToUsers < ActiveRecord::Migration
	2	+ def change
	3	+ add_column :users, :failed_attempts, :integer, :default => 0
	4	+ add_column :users, :locked_at, :datetime
	5	+ end
	6	+end
...	...
...	...	@@ -11,7 +11,7 @@
11	11	#
12	12	# It's strongly recommended to check this file into your version control system.
13	13
14		-ActiveRecord::Schema.define(:version => 20120627145613) do
	14	+ActiveRecord::Schema.define(:version => 20120706065612) do
15	15
16	16	create_table "events", :force => true do \|t\|
17	17	t.string "target_type"
...	...	@@ -169,6 +169,8 @@ ActiveRecord::Schema.define(:version => 20120627145613) do
169	169	t.integer "theme_id", :default => 1, :null => false
170	170	t.string "bio"
171	171	t.boolean "blocked", :default => false, :null => false
	172	+ t.integer "failed_attempts", :default => 0
	173	+ t.datetime "locked_at"
172	174	end
173	175
174	176	add_index "users", ["email"], :name => "index_users_on_email", :unique => true
...	...