enable lockable strategy for users

2012-07-06 00:05:31 -07:00 · 2012-07-06 00:05:31 -07:00 · 6533711825
commit 6533711825
parent 2abd054b0c
4 changed files with 15 additions and 7 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -1,11 +1,11 @@
 class User < ActiveRecord::Base
  include Account

-  devise :database_authenticatable, :token_authenticatable,
+  devise :database_authenticatable, :token_authenticatable, :lockable,
         :recoverable, :rememberable, :trackable, :validatable, :omniauthable

  attr_accessible :email, :password, :password_confirmation, :remember_me, :bio,
-                  :name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme, 
+                  :name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme,
                  :theme_id, :force_random_password

  attr_accessor :force_random_password
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@ -115,7 +115,7 @@ Devise.setup do |config|
  # Defines which strategy will be used to lock an account.
  # :failed_attempts = Locks an account after a number of failed attempts to sign in.
  # :none            = No lock strategy. You should handle locking by yourself.
-  # config.lock_strategy = :failed_attempts
+  config.lock_strategy = :failed_attempts

  # Defines which key will be used when locking and unlocking an account
  # config.unlock_keys = [ :email ]
@ -125,14 +125,14 @@ Devise.setup do |config|
  # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
  # :both  = Enables both strategies
  # :none  = No unlock strategy. You should handle unlocking by yourself.
-  # config.unlock_strategy = :both
+  config.unlock_strategy = :time

  # Number of authentication tries before locking an account if lock_strategy
  # is failed attempts.
-  # config.maximum_attempts = 20
+  config.maximum_attempts = 10

  # Time interval to unlock the account if :time is enabled as unlock_strategy.
-  # config.unlock_in = 1.hour
+  config.unlock_in = 10.minutes

  # ==> Configuration for :recoverable
  #
--- a/db/migrate/20120706065612_add_lockable_to_users.rb
+++ b/db/migrate/20120706065612_add_lockable_to_users.rb
@ -0,0 +1,6 @@
+class AddLockableToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :failed_attempts, :integer, :default => 0
+    add_column :users, :locked_at, :datetime
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.

-ActiveRecord::Schema.define(:version => 20120627145613) do
+ActiveRecord::Schema.define(:version => 20120706065612) do

  create_table "events", :force => true do |t|
    t.string   "target_type"
@ -169,6 +169,8 @@ ActiveRecord::Schema.define(:version => 20120627145613) do
    t.integer  "theme_id",                              :default => 1,     :null => false
    t.string   "bio"
    t.boolean  "blocked",                               :default => false, :null => false
+    t.integer  "failed_attempts",                       :default => 0
+    t.datetime "locked_at"
  end

  add_index "users", ["email"], :name => "index_users_on_email", :unique => true