Merge pull request #1012 from NARKOZ/devise
Add 10 minutes lock after 10 failed login attempts (Devise :lockable)
This commit is contained in:
commit
4c24cabf47
10 changed files with 66 additions and 35 deletions
2
Gemfile
2
Gemfile
|
@ -7,7 +7,7 @@ gem "sqlite3"
|
||||||
gem "mysql2"
|
gem "mysql2"
|
||||||
|
|
||||||
# Auth
|
# Auth
|
||||||
gem "devise", "~> 1.5"
|
gem "devise", "~> 2.1.0"
|
||||||
|
|
||||||
# GITLAB patched libs
|
# GITLAB patched libs
|
||||||
gem "grit", :git => "https://github.com/gitlabhq/grit.git", :ref => "7f35cb98ff17d534a07e3ce6ec3d580f67402837"
|
gem "grit", :git => "https://github.com/gitlabhq/grit.git", :ref => "7f35cb98ff17d534a07e3ce6ec3d580f67402837"
|
||||||
|
|
13
Gemfile.lock
13
Gemfile.lock
|
@ -148,10 +148,11 @@ GEM
|
||||||
nokogiri (>= 1.5.0)
|
nokogiri (>= 1.5.0)
|
||||||
daemons (1.1.8)
|
daemons (1.1.8)
|
||||||
database_cleaner (0.8.0)
|
database_cleaner (0.8.0)
|
||||||
devise (1.5.3)
|
devise (2.1.2)
|
||||||
bcrypt-ruby (~> 3.0)
|
bcrypt-ruby (~> 3.0)
|
||||||
orm_adapter (~> 0.0.3)
|
orm_adapter (~> 0.1)
|
||||||
warden (~> 1.1)
|
railties (~> 3.1)
|
||||||
|
warden (~> 1.2.1)
|
||||||
diff-lcs (1.1.3)
|
diff-lcs (1.1.3)
|
||||||
drapper (0.8.4)
|
drapper (0.8.4)
|
||||||
email_spec (1.2.1)
|
email_spec (1.2.1)
|
||||||
|
@ -225,7 +226,7 @@ GEM
|
||||||
omniauth (1.1.0)
|
omniauth (1.1.0)
|
||||||
hashie (~> 1.2)
|
hashie (~> 1.2)
|
||||||
rack
|
rack
|
||||||
orm_adapter (0.0.7)
|
orm_adapter (0.3.0)
|
||||||
polyglot (0.3.3)
|
polyglot (0.3.3)
|
||||||
posix-spawn (0.3.6)
|
posix-spawn (0.3.6)
|
||||||
pry (0.9.9.6)
|
pry (0.9.9.6)
|
||||||
|
@ -356,7 +357,7 @@ GEM
|
||||||
raindrops (~> 0.7)
|
raindrops (~> 0.7)
|
||||||
vegas (0.1.11)
|
vegas (0.1.11)
|
||||||
rack (>= 1.0.0)
|
rack (>= 1.0.0)
|
||||||
warden (1.2.0)
|
warden (1.2.1)
|
||||||
rack (>= 1.0)
|
rack (>= 1.0)
|
||||||
webmock (1.8.7)
|
webmock (1.8.7)
|
||||||
addressable (>= 2.2.7)
|
addressable (>= 2.2.7)
|
||||||
|
@ -383,7 +384,7 @@ DEPENDENCIES
|
||||||
colored
|
colored
|
||||||
cucumber-rails
|
cucumber-rails
|
||||||
database_cleaner
|
database_cleaner
|
||||||
devise (~> 1.5)
|
devise (~> 2.1.0)
|
||||||
drapper
|
drapper
|
||||||
email_spec
|
email_spec
|
||||||
ffaker
|
ffaker
|
||||||
|
|
|
@ -52,7 +52,7 @@ class ApplicationController < ActionController::Base
|
||||||
|
|
||||||
def layout_by_resource
|
def layout_by_resource
|
||||||
if devise_controller?
|
if devise_controller?
|
||||||
"devise"
|
"devise_layout"
|
||||||
else
|
else
|
||||||
"application"
|
"application"
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
class User < ActiveRecord::Base
|
class User < ActiveRecord::Base
|
||||||
include Account
|
include Account
|
||||||
|
|
||||||
devise :database_authenticatable, :token_authenticatable,
|
devise :database_authenticatable, :token_authenticatable, :lockable,
|
||||||
:recoverable, :rememberable, :trackable, :validatable, :omniauthable
|
:recoverable, :rememberable, :trackable, :validatable, :omniauthable
|
||||||
|
|
||||||
attr_accessible :email, :password, :password_confirmation, :remember_me, :bio,
|
attr_accessible :email, :password, :password_confirmation, :remember_me, :bio,
|
||||||
:name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme,
|
:name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme,
|
||||||
:theme_id, :force_random_password
|
:theme_id, :force_random_password
|
||||||
|
|
||||||
attr_accessor :force_random_password
|
attr_accessor :force_random_password
|
||||||
|
|
|
@ -93,10 +93,6 @@ Devise.setup do |config|
|
||||||
# If true, extends the user's remember period when remembered via cookie.
|
# If true, extends the user's remember period when remembered via cookie.
|
||||||
# config.extend_remember_period = false
|
# config.extend_remember_period = false
|
||||||
|
|
||||||
# If true, uses the password salt as remember token. This should be turned
|
|
||||||
# to false if you are not using database authenticatable.
|
|
||||||
config.use_salt_as_remember_token = true
|
|
||||||
|
|
||||||
# Options to be passed to the created cookie. For instance, you can set
|
# Options to be passed to the created cookie. For instance, you can set
|
||||||
# :secure => true in order to force SSL only cookies.
|
# :secure => true in order to force SSL only cookies.
|
||||||
# config.cookie_options = {}
|
# config.cookie_options = {}
|
||||||
|
@ -119,7 +115,7 @@ Devise.setup do |config|
|
||||||
# Defines which strategy will be used to lock an account.
|
# Defines which strategy will be used to lock an account.
|
||||||
# :failed_attempts = Locks an account after a number of failed attempts to sign in.
|
# :failed_attempts = Locks an account after a number of failed attempts to sign in.
|
||||||
# :none = No lock strategy. You should handle locking by yourself.
|
# :none = No lock strategy. You should handle locking by yourself.
|
||||||
# config.lock_strategy = :failed_attempts
|
config.lock_strategy = :failed_attempts
|
||||||
|
|
||||||
# Defines which key will be used when locking and unlocking an account
|
# Defines which key will be used when locking and unlocking an account
|
||||||
# config.unlock_keys = [ :email ]
|
# config.unlock_keys = [ :email ]
|
||||||
|
@ -129,14 +125,14 @@ Devise.setup do |config|
|
||||||
# :time = Re-enables login after a certain amount of time (see :unlock_in below)
|
# :time = Re-enables login after a certain amount of time (see :unlock_in below)
|
||||||
# :both = Enables both strategies
|
# :both = Enables both strategies
|
||||||
# :none = No unlock strategy. You should handle unlocking by yourself.
|
# :none = No unlock strategy. You should handle unlocking by yourself.
|
||||||
# config.unlock_strategy = :both
|
config.unlock_strategy = :time
|
||||||
|
|
||||||
# Number of authentication tries before locking an account if lock_strategy
|
# Number of authentication tries before locking an account if lock_strategy
|
||||||
# is failed attempts.
|
# is failed attempts.
|
||||||
# config.maximum_attempts = 20
|
config.maximum_attempts = 10
|
||||||
|
|
||||||
# Time interval to unlock the account if :time is enabled as unlock_strategy.
|
# Time interval to unlock the account if :time is enabled as unlock_strategy.
|
||||||
# config.unlock_in = 1.hour
|
config.unlock_in = 10.minutes
|
||||||
|
|
||||||
# ==> Configuration for :recoverable
|
# ==> Configuration for :recoverable
|
||||||
#
|
#
|
||||||
|
@ -160,9 +156,9 @@ Devise.setup do |config|
|
||||||
# Defines name of the authentication token params key
|
# Defines name of the authentication token params key
|
||||||
config.token_authentication_key = :private_token
|
config.token_authentication_key = :private_token
|
||||||
|
|
||||||
# If true, authentication through token does not store user in session and needs
|
# Authentication through token does not store user in session and needs
|
||||||
# to be supplied on each request. Useful if you are using the token as API token.
|
# to be supplied on each request. Useful if you are using the token as API token.
|
||||||
config.stateless_token = true
|
config.skip_session_storage << :token_auth
|
||||||
|
|
||||||
# ==> Scopes configuration
|
# ==> Scopes configuration
|
||||||
# Turn scoped views on. Before rendering "sessions/new", it will first check for
|
# Turn scoped views on. Before rendering "sessions/new", it will first check for
|
||||||
|
|
|
@ -35,13 +35,11 @@ en:
|
||||||
confirmed: 'Your account was successfully confirmed. You are now signed in.'
|
confirmed: 'Your account was successfully confirmed. You are now signed in.'
|
||||||
registrations:
|
registrations:
|
||||||
signed_up: 'Welcome! You have signed up successfully.'
|
signed_up: 'Welcome! You have signed up successfully.'
|
||||||
inactive_signed_up: 'You have signed up successfully. However, we could not sign you in because your account is %{reason}.'
|
|
||||||
updated: 'You updated your account successfully.'
|
updated: 'You updated your account successfully.'
|
||||||
destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
|
destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
|
||||||
reasons:
|
signed_up_but_unconfirmed: 'A message with a confirmation link has been sent to your email address. Please open the link to activate your account.'
|
||||||
inactive: 'inactive'
|
signed_up_but_inactive: 'You have signed up successfully. However, we could not sign you in because your account is not yet activated.'
|
||||||
unconfirmed: 'unconfirmed'
|
signed_up_but_locked: 'You have signed up successfully. However, we could not sign you in because your account is locked.'
|
||||||
locked: 'locked'
|
|
||||||
unlocks:
|
unlocks:
|
||||||
send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
|
send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
|
||||||
unlocked: 'Your account was successfully unlocked. You are now signed in.'
|
unlocked: 'Your account was successfully unlocked. You are now signed in.'
|
||||||
|
|
|
@ -1,15 +1,43 @@
|
||||||
class DeviseCreateUsers < ActiveRecord::Migration
|
class DeviseCreateUsers < ActiveRecord::Migration
|
||||||
def self.up
|
def self.up
|
||||||
create_table(:users) do |t|
|
create_table(:users) do |t|
|
||||||
t.database_authenticatable :null => false
|
## Database authenticatable
|
||||||
t.recoverable
|
t.string :email, :null => false, :default => ""
|
||||||
t.rememberable
|
t.string :encrypted_password, :null => false, :default => ""
|
||||||
t.trackable
|
|
||||||
|
|
||||||
# t.encryptable
|
## Recoverable
|
||||||
# t.confirmable
|
t.string :reset_password_token
|
||||||
# t.lockable :lock_strategy => :failed_attempts, :unlock_strategy => :both
|
t.datetime :reset_password_sent_at
|
||||||
# t.token_authenticatable
|
|
||||||
|
## Rememberable
|
||||||
|
t.datetime :remember_created_at
|
||||||
|
|
||||||
|
## Trackable
|
||||||
|
t.integer :sign_in_count, :default => 0
|
||||||
|
t.datetime :current_sign_in_at
|
||||||
|
t.datetime :last_sign_in_at
|
||||||
|
t.string :current_sign_in_ip
|
||||||
|
t.string :last_sign_in_ip
|
||||||
|
|
||||||
|
## Encryptable
|
||||||
|
# t.string :password_salt
|
||||||
|
|
||||||
|
## Confirmable
|
||||||
|
# t.string :confirmation_token
|
||||||
|
# t.datetime :confirmed_at
|
||||||
|
# t.datetime :confirmation_sent_at
|
||||||
|
# t.string :unconfirmed_email # Only if using reconfirmable
|
||||||
|
|
||||||
|
## Lockable
|
||||||
|
# t.integer :failed_attempts, :default => 0 # Only if lock strategy is :failed_attempts
|
||||||
|
# t.string :unlock_token # Only if unlock strategy is :email or :both
|
||||||
|
# t.datetime :locked_at
|
||||||
|
|
||||||
|
# Token authenticatable
|
||||||
|
# t.string :authentication_token
|
||||||
|
|
||||||
|
## Invitable
|
||||||
|
# t.string :invitation_token
|
||||||
|
|
||||||
t.timestamps
|
t.timestamps
|
||||||
end
|
end
|
||||||
|
@ -18,7 +46,7 @@ class DeviseCreateUsers < ActiveRecord::Migration
|
||||||
add_index :users, :reset_password_token, :unique => true
|
add_index :users, :reset_password_token, :unique => true
|
||||||
# add_index :users, :confirmation_token, :unique => true
|
# add_index :users, :confirmation_token, :unique => true
|
||||||
# add_index :users, :unlock_token, :unique => true
|
# add_index :users, :unlock_token, :unique => true
|
||||||
# add_index :users, :authentication_token, :unique => true
|
add_index :users, :authentication_token, :unique => true
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.down
|
def self.down
|
||||||
|
|
6
db/migrate/20120706065612_add_lockable_to_users.rb
Normal file
6
db/migrate/20120706065612_add_lockable_to_users.rb
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
class AddLockableToUsers < ActiveRecord::Migration
|
||||||
|
def change
|
||||||
|
add_column :users, :failed_attempts, :integer, :default => 0
|
||||||
|
add_column :users, :locked_at, :datetime
|
||||||
|
end
|
||||||
|
end
|
|
@ -11,7 +11,7 @@
|
||||||
#
|
#
|
||||||
# It's strongly recommended to check this file into your version control system.
|
# It's strongly recommended to check this file into your version control system.
|
||||||
|
|
||||||
ActiveRecord::Schema.define(:version => 20120627145613) do
|
ActiveRecord::Schema.define(:version => 20120706065612) do
|
||||||
|
|
||||||
create_table "events", :force => true do |t|
|
create_table "events", :force => true do |t|
|
||||||
t.string "target_type"
|
t.string "target_type"
|
||||||
|
@ -169,6 +169,8 @@ ActiveRecord::Schema.define(:version => 20120627145613) do
|
||||||
t.integer "theme_id", :default => 1, :null => false
|
t.integer "theme_id", :default => 1, :null => false
|
||||||
t.string "bio"
|
t.string "bio"
|
||||||
t.boolean "blocked", :default => false, :null => false
|
t.boolean "blocked", :default => false, :null => false
|
||||||
|
t.integer "failed_attempts", :default => 0
|
||||||
|
t.datetime "locked_at"
|
||||||
end
|
end
|
||||||
|
|
||||||
add_index "users", ["email"], :name => "index_users_on_email", :unique => true
|
add_index "users", ["email"], :name => "index_users_on_email", :unique => true
|
||||||
|
|
Loading…
Reference in a new issue