Module: Sorcery::Model::Submodules::BruteForceProtection

Defined in:
lib/sorcery/model/submodules/brute_force_protection.rb

Overview

This module helps protect user accounts by locking them down after too many failed attemps to login were detected. This is the model part of the submodule which provides configuration options and methods for locking and unlocking the user.

Defined Under Namespace

Modules: ClassMethods, InstanceMethods

Class Method Summary collapse

Class Method Details

.included(base) ⇒ Object 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/sorcery/model/submodules/brute_force_protection.rb', line 9

def self.included(base)
  base.sorcery_config.class_eval do
    attr_accessor :failed_logins_count_attribute_name,        # failed logins attribute name.
                  :lock_expires_at_attribute_name,            # this field indicates whether user 
                                                              # is banned and when it will be active again.
                  :consecutive_login_retries_amount_limit,    # how many failed logins allowed.
                  :login_lock_time_period,                    # how long the user should be banned. 
                                                              # in seconds. 0 for permanent.

                  :unlock_token_attribute_name,               # Unlock token attribute name
                  :unlock_token_email_method_name,            # Mailer method name
                  :unlock_token_mailer_disabled,              # When true, dont send unlock token via email
                  :unlock_token_mailer                        # Mailer class
  end
  
  base.sorcery_config.instance_eval do
    @defaults.merge!(:@failed_logins_count_attribute_name              => :failed_logins_count,
                     :@lock_expires_at_attribute_name                  => :lock_expires_at,
                     :@consecutive_login_retries_amount_limit          => 50,
                     :@login_lock_time_period                          => 60 * 60,

                     :@unlock_token_attribute_name                     => :unlock_token,
                     :@unlock_token_email_method_name                  => :send_unlock_token_email,
                     :@unlock_token_mailer_disabled                    => false,
                     :@unlock_token_mailer                             => nil)
    reset!
  end
  
  base.sorcery_config.before_authenticate << :prevent_locked_user_login
  base.sorcery_config.after_config << :define_brute_force_protection_mongoid_fields if defined?(Mongoid) and base.ancestors.include?(Mongoid::Document)
  if defined?(MongoMapper) and base.ancestors.include?(MongoMapper::Document)
    base.sorcery_config.after_config << :define_brute_force_protection_mongo_mapper_fields
  end
  base.extend(ClassMethods)
  base.send(:include, InstanceMethods)

  base.class_eval do
    after_update :send_unlock_token_email!, :if => Proc.new { |user| user.send(sorcery_config.unlock_token_attribute_name).present? }
  end
end