Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
changing brute_force_protection submodule into something useful, like…
… Authlogic's one
- Loading branch information
Showing
12 changed files
with
198 additions
and
146 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
module Sorcery | ||
module Model | ||
module Submodules | ||
module BruteForceProtection | ||
def self.included(base) | ||
base.sorcery_config.class_eval do | ||
attr_accessor :failed_logins_count_attribute_name, # failed logins attribute name. | ||
:lock_expires_at_attribute_name, # this field indicates whether user is banned and when it will be active again. | ||
:consecutive_login_retries_amount_allowed, # how many failed logins allowed. | ||
:login_lock_time_period # how long the user should be banned. in seconds. 0 for permanent. | ||
end | ||
|
||
base.sorcery_config.instance_eval do | ||
@defaults.merge!(:@failed_logins_count_attribute_name => :failed_logins_count, | ||
:@lock_expires_at_attribute_name => :lock_expires_at, | ||
:@consecutive_login_retries_amount_allowed => 50, | ||
:@login_lock_time_period => 3600) | ||
reset! | ||
end | ||
|
||
base.class_eval do | ||
|
||
end | ||
|
||
base.sorcery_config.before_authenticate << :prevent_locked_user_login | ||
base.extend(ClassMethods) | ||
base.send(:include, InstanceMethods) | ||
end | ||
|
||
module ClassMethods | ||
protected | ||
|
||
end | ||
|
||
module InstanceMethods | ||
def register_failed_login! | ||
config = sorcery_config | ||
self.increment(config.failed_logins_count_attribute_name) | ||
save! | ||
self.lock! if self.send(config.failed_logins_count_attribute_name) >= config.consecutive_login_retries_amount_allowed | ||
end | ||
|
||
protected | ||
|
||
def lock! | ||
config = sorcery_config | ||
self.update_attributes!(config.lock_expires_at_attribute_name => Time.now.utc + config.login_lock_time_period) | ||
end | ||
|
||
def unlock! | ||
config = sorcery_config | ||
self.update_attributes!(config.lock_expires_at_attribute_name => nil, | ||
config.failed_logins_count_attribute_name => 0) | ||
end | ||
|
||
def unlocked? | ||
config = sorcery_config | ||
self.send(config.lock_expires_at_attribute_name).nil? | ||
end | ||
|
||
def prevent_locked_user_login | ||
config = sorcery_config | ||
if !self.unlocked? | ||
self.unlock! if self.send(config.lock_expires_at_attribute_name) <= Time.now.utc | ||
end | ||
unlocked? | ||
end | ||
end | ||
end | ||
end | ||
end | ||
end |
11 changes: 11 additions & 0 deletions
11
...t/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
class AddBruteForceProtectionToUsers < ActiveRecord::Migration | ||
def self.up | ||
add_column :users, :failed_logins_count, :integer, :default => 0 | ||
add_column :users, :lock_expires_at, :datetime, :default => nil | ||
end | ||
|
||
def self.down | ||
remove_column :users, :lock_expires_at | ||
remove_column :users, :failed_logins_count | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.