module Sorcery::Model::Submodules::BruteForceProtection::InstanceMethods
Public Instance Methods
login_locked?()
click to toggle source
# File lib/sorcery/model/submodules/brute_force_protection.rb, line 88 def login_locked? !login_unlocked? end
login_unlock!()
click to toggle source
/!\ Moved out of protected for use like activate! in controller /!\
# File lib/sorcery/model/submodules/brute_force_protection.rb, line 80 def login_unlock! config = sorcery_config attributes = { config.lock_expires_at_attribute_name => nil, config.failed_logins_count_attribute_name => 0, config.unlock_token_attribute_name => nil } sorcery_adapter.update_attributes(attributes) end
register_failed_login!()
click to toggle source
Called by the controller to increment the failed logins counter. Calls 'login_lock!' if login retries limit was reached.
# File lib/sorcery/model/submodules/brute_force_protection.rb, line 66 def register_failed_login! config = sorcery_config return unless login_unlocked? sorcery_adapter.increment(config.failed_logins_count_attribute_name) return unless send(config.failed_logins_count_attribute_name) >= config.consecutive_login_retries_amount_limit login_lock! end
Protected Instance Methods
login_lock!()
click to toggle source
# File lib/sorcery/model/submodules/brute_force_protection.rb, line 94 def login_lock! config = sorcery_config attributes = { config.lock_expires_at_attribute_name => Time.now.in_time_zone + config.login_lock_time_period, config.unlock_token_attribute_name => TemporaryToken.generate_random_token } sorcery_adapter.update_attributes(attributes) return if config.unlock_token_mailer_disabled || config.unlock_token_mailer.nil? send_unlock_token_email! end
login_unlocked?()
click to toggle source
# File lib/sorcery/model/submodules/brute_force_protection.rb, line 105 def login_unlocked? config = sorcery_config send(config.lock_expires_at_attribute_name).nil? end
prevent_locked_user_login()
click to toggle source
Prevents a locked user from logging in, and unlocks users that expired their lock time. Runs as a hook before authenticate.
# File lib/sorcery/model/submodules/brute_force_protection.rb, line 118 def prevent_locked_user_login config = sorcery_config if !login_unlocked? && config.login_lock_time_period != 0 login_unlock! if send(config.lock_expires_at_attribute_name) <= Time.now.in_time_zone end return false, :locked unless login_unlocked? true end
send_unlock_token_email!()
click to toggle source
# File lib/sorcery/model/submodules/brute_force_protection.rb, line 110 def send_unlock_token_email! return if sorcery_config.unlock_token_email_method_name.nil? generic_send_email(:unlock_token_email_method_name, :unlock_token_mailer) end