module Sorcery::Model::Submodules::BruteForceProtection::InstanceMethods

Public Instance Methods

login_locked?() click to toggle source
# File lib/sorcery/model/submodules/brute_force_protection.rb, line 88
def login_locked?
  !login_unlocked?
end
login_unlock!() click to toggle source

/!\ Moved out of protected for use like activate! in controller /!\

# File lib/sorcery/model/submodules/brute_force_protection.rb, line 80
def login_unlock!
  config = sorcery_config
  attributes = { config.lock_expires_at_attribute_name => nil,
                 config.failed_logins_count_attribute_name => 0,
                 config.unlock_token_attribute_name => nil }
  sorcery_adapter.update_attributes(attributes)
end
register_failed_login!() click to toggle source

Called by the controller to increment the failed logins counter. Calls 'login_lock!' if login retries limit was reached.

# File lib/sorcery/model/submodules/brute_force_protection.rb, line 66
def register_failed_login!
  config = sorcery_config
  return unless login_unlocked?

  sorcery_adapter.increment(config.failed_logins_count_attribute_name)

  return unless send(config.failed_logins_count_attribute_name) >= config.consecutive_login_retries_amount_limit

  login_lock!
end

Protected Instance Methods

login_lock!() click to toggle source
# File lib/sorcery/model/submodules/brute_force_protection.rb, line 94
def login_lock!
  config = sorcery_config
  attributes = { config.lock_expires_at_attribute_name => Time.now.in_time_zone + config.login_lock_time_period,
                 config.unlock_token_attribute_name => TemporaryToken.generate_random_token }
  sorcery_adapter.update_attributes(attributes)

  return if config.unlock_token_mailer_disabled || config.unlock_token_mailer.nil?

  send_unlock_token_email!
end
login_unlocked?() click to toggle source
# File lib/sorcery/model/submodules/brute_force_protection.rb, line 105
def login_unlocked?
  config = sorcery_config
  send(config.lock_expires_at_attribute_name).nil?
end
prevent_locked_user_login() click to toggle source

Prevents a locked user from logging in, and unlocks users that expired their lock time. Runs as a hook before authenticate.

# File lib/sorcery/model/submodules/brute_force_protection.rb, line 118
def prevent_locked_user_login
  config = sorcery_config
  if !login_unlocked? && config.login_lock_time_period != 0
    login_unlock! if send(config.lock_expires_at_attribute_name) <= Time.now.in_time_zone
  end

  return false, :locked unless login_unlocked?

  true
end
send_unlock_token_email!() click to toggle source
# File lib/sorcery/model/submodules/brute_force_protection.rb, line 110
def send_unlock_token_email!
  return if sorcery_config.unlock_token_email_method_name.nil?

  generic_send_email(:unlock_token_email_method_name, :unlock_token_mailer)
end