Merge pull request #1012 from NARKOZ/devise
Add 10 minutes lock after 10 failed login attempts (Devise :lockable)
This commit is contained in:
Dmitriy Zaporozhets
commit
4c24cabf47
10 changed files with 66 additions and 35 deletions
|
|
@ -93,10 +93,6 @@ Devise.setup do |config|
|
|||
# If true, extends the user's remember period when remembered via cookie.
|
||||
# config.extend_remember_period = false
|
||||
|
||||
# If true, uses the password salt as remember token. This should be turned
|
||||
# to false if you are not using database authenticatable.
|
||||
config.use_salt_as_remember_token = true
|
||||
|
||||
# Options to be passed to the created cookie. For instance, you can set
|
||||
# :secure => true in order to force SSL only cookies.
|
||||
# config.cookie_options = {}
|
||||
|
|
@ -119,7 +115,7 @@ Devise.setup do |config|
|
|||
# Defines which strategy will be used to lock an account.
|
||||
# :failed_attempts = Locks an account after a number of failed attempts to sign in.
|
||||
# :none = No lock strategy. You should handle locking by yourself.
|
||||
# config.lock_strategy = :failed_attempts
|
||||
config.lock_strategy = :failed_attempts
|
||||
|
||||
# Defines which key will be used when locking and unlocking an account
|
||||
# config.unlock_keys = [ :email ]
|
||||
|
|
@ -129,14 +125,14 @@ Devise.setup do |config|
|
|||
# :time = Re-enables login after a certain amount of time (see :unlock_in below)
|
||||
# :both = Enables both strategies
|
||||
# :none = No unlock strategy. You should handle unlocking by yourself.
|
||||
# config.unlock_strategy = :both
|
||||
config.unlock_strategy = :time
|
||||
|
||||
# Number of authentication tries before locking an account if lock_strategy
|
||||
# is failed attempts.
|
||||
# config.maximum_attempts = 20
|
||||
config.maximum_attempts = 10
|
||||
|
||||
# Time interval to unlock the account if :time is enabled as unlock_strategy.
|
||||
# config.unlock_in = 1.hour
|
||||
config.unlock_in = 10.minutes
|
||||
|
||||
# ==> Configuration for :recoverable
|
||||
#
|
||||
|
|
@ -160,9 +156,9 @@ Devise.setup do |config|
|
|||
# Defines name of the authentication token params key
|
||||
config.token_authentication_key = :private_token
|
||||
|
||||
# If true, authentication through token does not store user in session and needs
|
||||
# Authentication through token does not store user in session and needs
|
||||
# to be supplied on each request. Useful if you are using the token as API token.
|
||||
config.stateless_token = true
|
||||
config.skip_session_storage << :token_auth
|
||||
|
||||
# ==> Scopes configuration
|
||||
# Turn scoped views on. Before rendering "sessions/new", it will first check for
|
||||
|
|
|
|||
|
|
@ -35,13 +35,11 @@ en:
|
|||
confirmed: 'Your account was successfully confirmed. You are now signed in.'
|
||||
registrations:
|
||||
signed_up: 'Welcome! You have signed up successfully.'
|
||||
inactive_signed_up: 'You have signed up successfully. However, we could not sign you in because your account is %{reason}.'
|
||||
updated: 'You updated your account successfully.'
|
||||
destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
|
||||
reasons:
|
||||
inactive: 'inactive'
|
||||
unconfirmed: 'unconfirmed'
|
||||
locked: 'locked'
|
||||
signed_up_but_unconfirmed: 'A message with a confirmation link has been sent to your email address. Please open the link to activate your account.'
|
||||
signed_up_but_inactive: 'You have signed up successfully. However, we could not sign you in because your account is not yet activated.'
|
||||
signed_up_but_locked: 'You have signed up successfully. However, we could not sign you in because your account is locked.'
|
||||
unlocks:
|
||||
send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
|
||||
unlocked: 'Your account was successfully unlocked. You are now signed in.'
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue