Module: Authenticate::Model::BruteForce

Extended by:

ActiveSupport::Concern

Defined in:

lib/authenticate/model/brute_force.rb

Overview

Protect from brute force attacks. Lock accounts that have too many failed consecutive logins. Todo: email user to allow unlocking via a token.

To enable brute force protection, set the config params shown below. Example:

Authenticate.configure do |config|
  config.bad_login_lockout_period = 5.minutes
  config.max_consecutive_bad_logins_allowed = 3
end

Columns

• failed_logins_count - each consecutive failed login increments this counter. Set back to 0 on successful login.

• lock_expires_at - datetime a locked account will again become available.

Configuration

• max_consecutive_bad_logins_allowed - how many failed logins are allowed?

• bad_login_lockout_period - how long is the user locked out? nil indicates forever.

Methods

The following methods are added to your user model:

• register_failed_login! - increment failed_logins_count, lock account if in violation

• lock! - lock the account, setting the lock_expires_at attribute

• unlock! - reset failed_logins_count to 0, lock_expires_at to nil

• locked? - is the account locked? @return

• unlocked? - is the account unlocked? @return

Class Method Summary

• .required_fields(_klass) ⇒ Object

Instance Method Summary

• #lock! ⇒ Object
• #locked? ⇒ Boolean
• #register_failed_login! ⇒ Object
• #unlock! ⇒ Object
• #unlocked? ⇒ Boolean

Class Method Details

.required_fields(_klass) ⇒ Object

# File 'lib/authenticate/model/brute_force.rb', line 35

def self.required_fields(_klass)
  [:failed_logins_count, :lock_expires_at]
end

Instance Method Details

#lock! ⇒ Object

# File 'lib/authenticate/model/brute_force.rb', line 45

def lock!
  update_attribute(:lock_expires_at, Time.now.utc + lockout_period)
end

#locked? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/authenticate/model/brute_force.rb', line 53

def locked?
  !unlocked?
end

#register_failed_login! ⇒ Object

# File 'lib/authenticate/model/brute_force.rb', line 39

def register_failed_login!
  self.failed_logins_count ||= 0
  self.failed_logins_count += 1
  lock! if self.failed_logins_count > max_bad_logins
end

#unlock! ⇒ Object

# File 'lib/authenticate/model/brute_force.rb', line 49

def unlock!
  update_attributes(failed_logins_count: 0, lock_expires_at: nil)
end

#unlocked? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/authenticate/model/brute_force.rb', line 57

def unlocked?
  lock_expires_at.nil?
end