Failed_attempts not set to 0, after resetting password #1720
Comments
|
Thanks for posting this. We're discussing if this is a bug or not. I understand your point of view, however, conceptually seems reasonable to only reset it after a successful_attempt. But, for now, you can do a quick workaround for it: there is a callback after the password reset. You can use it to reset the failed attempt field. Fell free to ping us if it doesn't work. def after_password_reset
self.failed_attempts = 0
self.save(:validate => false)
end |
|
Great, thanks. I will use that for now. Please let me know what you end up On Fri, Mar 16, 2012 at 21:31, Rodrigo Flores <
|
|
We discussed and decided that this is a bug. |
|
Can you point your Devise entry on your Gemfile to devise repository and see if it works as expected? We merged a pull request that fixes it. |
|
It works as expected. Thanks for the fix. Will this be out in the next release and when do you think it will be out?
On 19/03/2012, at 22.15, Rodrigo Flores wrote:
|
When you do a normal sign in, failed_attempts is set to 0.
However, if a user fails to sign in a few times and then resets their password, they are logged in, but failed_attempts is no set to 0.
This seems like a bug? at least it is causing me some issues. Specifically, I show a recaptcha after a certain number of failed attempts (3). Normally a user will see the recaptcha and then reset their password. They are logged in upon password reset, but next time they come to login, the recaptcha is shown again, because the failed_attempts have not been reset.
The text was updated successfully, but these errors were encountered: