I have model Person which uses Devise it has :lockable
I have added these fields in my model:
field :failed_attempts, type: Integer, default: 0
field :locked_at, type: Time
In my config/initializers/devise.rb file I have that kind of settings:
config.lock_strategy = :failed_attempts
config.unlock_strategy = :time
config.maximum_attempts = 10
config.unlock_in = 30.minutes
I get password and make validation:
if person.valid_password?(params[:password])
# do something if password is right
else
person.failed_attempts += 1
person.save
if person.failed_attempts >= person.class.maximum_attempts
person.lock_access!
PersonMailer.blocked_email(person).deliver_later
end
end
If password is wrong I increment failed_attemps and then check if it more than maximum attempts. I it is, it will call lock_access! method.
Then I check if lock time is expired or not:
if person.access_locked?
if person.locked_at && person.locked_at < person.class.unlock_in.ago
person.unlock_access!
else
error!('Access is locked', 401)
end
end
If time of blocking is expired, it calls unlock_access! method.
Now here is the problem. When unlcock_access! is called it makes access_locked? false, but does not reset locked_at and failed_attempts values.
What did I miss?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire