Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Brute force protection

jwilsjustin edited this page · 7 revisions

In this tutorial we will build upon the app created at Simple Password Authentication so make sure you understand it.

First Add some db fields:

rails g sorcery:install brute_force_protection  --migrations

Which will create:

class SorceryBruteForceProtection < ActiveRecord::Migration
  def self.up
    add_column :users, :failed_logins_count, :integer, :default => 0
    add_column :users, :lock_expires_at, :datetime, :default => nil
    add_column :users, :unlock_token, :string, :default => nil

  def self.down
    remove_column :users, :lock_expires_at
    remove_column :users, :failed_logins_count
    remove_column :users, :unlock_token
rake db:migrate

Then add the brute_force_protection submodule:

# config/initializers/sorcery.rb
Rails.application.config.sorcery.submodules = [:brute_force_protection, blabla, blablu, ...]

That's it! You now only need to configure options like how many failed logins are allowed and for how long to lock an account when this number has been reached. See the docs for specifics.

Something went wrong with that request. Please try again.