Merge pull request #1726 from plataformatec/failed_attempts

Setting failed_attempts to 0 after sign in
heartcombo · Mar 19, 2012 · e92ae37 · e92ae37
2 parents a1376ac + e6af976
commit e92ae37
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 11 deletions.
diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc
@@ -1,3 +1,8 @@
+== trunk (2.1.0.rc2)
+
+* bug fix
+  * `failed_attempts` being set to zero after sign ins (by @rodrigoflores)
+
 == 2.1.0.rc
 
 * enhancements

diff --git a/lib/devise/hooks/lockable.rb b/lib/devise/hooks/lockable.rb
@@ -0,0 +1,7 @@
+# After each sign in, if resource responds to failed_attempts, sets it to 0
+# This is only triggered when the user is explicitly set (with set_user)
+Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
+  if record.respond_to?(:failed_attempts) && warden.authenticated?(options[:scope])
+    record.update_attribute(:failed_attempts, 0)
+  end
+end
diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb
@@ -1,3 +1,5 @@
+require "devise/hooks/lockable"
+
 module Devise
   module Models
     # Handles blocking a user access after a certain number of attempts.
@@ -89,8 +91,6 @@ def valid_for_authentication?
         unlock_access! if lock_expired?
 
         if super && !access_locked?
-          self.failed_attempts = 0
-          save(:validate => false)
           true
         else
           self.failed_attempts ||= 0

diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb
@@ -284,4 +284,17 @@ def reset_password(options={}, &block)
       assert_current_url "/users/sign_in"
     end
   end
+
+  test "after recovering a password, should set failed attempts to 0" do
+    user = create_user
+    user.update_attribute(:failed_attempts, 10)
+
+    assert_equal 10, user.failed_attempts
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token
+
+    assert warden.authenticated?(:user)
+    user.reload
+    assert_equal 0, user.failed_attempts
+  end
 end
diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb
@@ -14,15 +14,6 @@ def setup
     end
   end
 
-  test "should clear failed_attempts on successfull validation" do
-    user = create_user
-    user.confirm!
-    user.valid_for_authentication?{ false }
-    assert_equal 1, user.reload.failed_attempts
-    user.valid_for_authentication?{ true }
-    assert_equal 0, user.reload.failed_attempts
-  end
-
   test "should increment failed_attempts on successfull validation if the user is already locked" do
     user = create_user
     user.confirm!