module Authenticate::Model::BruteForce

Protect from brute force attacks. Lock accounts that have too many failed consecutive logins. Todo: email user to allow unlocking via a token.

To enable brute force protection, set the config params shown below. Example:

Authenticate.configure do |config|
  config.bad_login_lockout_period = 5.minutes
  config.max_consecutive_bad_logins_allowed = 3
end

Columns

Configuration

Methods

The following methods are added to your user model:

Public Class Methods

required_fields(_klass) click to toggle source
# File lib/authenticate/model/brute_force.rb, line 35
def self.required_fields(_klass)
  [:failed_logins_count, :lock_expires_at]
end

Public Instance Methods

lock!() click to toggle source
# File lib/authenticate/model/brute_force.rb, line 45
def lock!
  update_attribute(:lock_expires_at, Time.now.utc + lockout_period)
end
locked?() click to toggle source
# File lib/authenticate/model/brute_force.rb, line 53
def locked?
  !unlocked?
end
register_failed_login!() click to toggle source
# File lib/authenticate/model/brute_force.rb, line 39
def register_failed_login!
  self.failed_logins_count ||= 0
  self.failed_logins_count += 1
  lock! if self.failed_logins_count > max_bad_logins
end
unlock!() click to toggle source
# File lib/authenticate/model/brute_force.rb, line 49
def unlock!
  update_attributes(failed_logins_count: 0, lock_expires_at: nil)
end
unlocked?() click to toggle source
# File lib/authenticate/model/brute_force.rb, line 57
def unlocked?
  lock_expires_at.nil?
end

Private Instance Methods

lockout_period() click to toggle source
# File lib/authenticate/model/brute_force.rb, line 67
def lockout_period
  Authenticate.configuration.bad_login_lockout_period
end
max_bad_logins() click to toggle source
# File lib/authenticate/model/brute_force.rb, line 63
def max_bad_logins
  Authenticate.configuration.max_consecutive_bad_logins_allowed
end