An authentication system for Rails built on Oath.
Oath is a fantastic authorization toolkit. Oath::Lockdown enhances Oath, adding:
- "remember me" capabilities
- brute force penetration detection
- session idle timeout
- session max lifetime
- basic auditing/tracking
- csrf rotation on signon
Add this line to your application's Gemfile:
gem 'oath-lockdown'
And then execute:
$ bundle
Use the install generator:
rails g oath:lockdown:install
This will install:
- an initializer at
app/config/initializers/oath-lockdown.rb - localization in english at
app/config/locales/oath.lockdown.en.yml - database migrations for the user table, adding columns for: brute force, tracking, and rememberable ** if you won't be using any of those features, you can remove the migration
Now apply the migrations:
rails db:migrate
The config parameters you want to tweak are in the initializer copied to
app/config/initializers/oath-lockdown.rb. The parameters you probably want to manipulate
are in the initializer, but commented out. Uncomment and tweak as required.
Configuration parameters are described in detail here: Configuration
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request