Merge pull request #1012 from NARKOZ/devise
Add 10 minutes lock after 10 failed login attempts (Devise :lockable)
This commit is contained in:
Dmitriy Zaporozhets
commit
4c24cabf47
10 changed files with 66 additions and 35 deletions
|
|
@ -93,10 +93,6 @@ Devise.setup do |config|
|
|||
# If true, extends the user's remember period when remembered via cookie.
|
||||
# config.extend_remember_period = false
|
||||
|
||||
# If true, uses the password salt as remember token. This should be turned
|
||||
# to false if you are not using database authenticatable.
|
||||
config.use_salt_as_remember_token = true
|
||||
|
||||
# Options to be passed to the created cookie. For instance, you can set
|
||||
# :secure => true in order to force SSL only cookies.
|
||||
# config.cookie_options = {}
|
||||
|
|
@ -119,7 +115,7 @@ Devise.setup do |config|
|
|||
# Defines which strategy will be used to lock an account.
|
||||
# :failed_attempts = Locks an account after a number of failed attempts to sign in.
|
||||
# :none = No lock strategy. You should handle locking by yourself.
|
||||
# config.lock_strategy = :failed_attempts
|
||||
config.lock_strategy = :failed_attempts
|
||||
|
||||
# Defines which key will be used when locking and unlocking an account
|
||||
# config.unlock_keys = [ :email ]
|
||||
|
|
@ -129,14 +125,14 @@ Devise.setup do |config|
|
|||
# :time = Re-enables login after a certain amount of time (see :unlock_in below)
|
||||
# :both = Enables both strategies
|
||||
# :none = No unlock strategy. You should handle unlocking by yourself.
|
||||
# config.unlock_strategy = :both
|
||||
config.unlock_strategy = :time
|
||||
|
||||
# Number of authentication tries before locking an account if lock_strategy
|
||||
# is failed attempts.
|
||||
# config.maximum_attempts = 20
|
||||
config.maximum_attempts = 10
|
||||
|
||||
# Time interval to unlock the account if :time is enabled as unlock_strategy.
|
||||
# config.unlock_in = 1.hour
|
||||
config.unlock_in = 10.minutes
|
||||
|
||||
# ==> Configuration for :recoverable
|
||||
#
|
||||
|
|
@ -160,9 +156,9 @@ Devise.setup do |config|
|
|||
# Defines name of the authentication token params key
|
||||
config.token_authentication_key = :private_token
|
||||
|
||||
# If true, authentication through token does not store user in session and needs
|
||||
# Authentication through token does not store user in session and needs
|
||||
# to be supplied on each request. Useful if you are using the token as API token.
|
||||
config.stateless_token = true
|
||||
config.skip_session_storage << :token_auth
|
||||
|
||||
# ==> Scopes configuration
|
||||
# Turn scoped views on. Before rendering "sessions/new", it will first check for
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue