Module: Devise::Models::Lockable

Includes:

Activatable, Authenticatable

Defined in:

lib/devise/models/lockable.rb

Defined Under Namespace

Modules: ClassMethods

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #active? ⇒ Boolean

  Overwrites active? from Devise::Models::Activatable for locking purposes by verifying whether an user is active to sign in or not based on locked?.

• #inactive_message ⇒ Object

  Overwrites invalid_message from Devise::Models::Authenticatable to define the correct reason for blocking the sign in.

• #lock ⇒ Object

  Lock an user setting it’s locked_at to actual time.

• #lock! ⇒ Object

  calls lock and save the model.

• #locked? ⇒ Boolean

  Verifies whether a user is locked or not.

• #resend_unlock! ⇒ Object

  Resend the unlock instructions if the user is locked.

• #send_unlock_instructions ⇒ Object

  Send unlock instructions by email.

• #unlock! ⇒ Object

  Unlock an user by cleaning locket_at and failed_attempts.

• #valid_for_authentication?(attributes) ⇒ Boolean

  Overwrites valid_for_authentication? from Devise::Models::Authenticatable for verifying whether an user is allowed to sign in or not.

Methods included from Authenticatable

#password=, #update_with_password, #valid_password?

Class Method Details

.included(base) ⇒ Object

# File 'lib/devise/models/lockable.rb', line 10

def self.included(base)
  base.class_eval do
    extend ClassMethods
  end
end

Instance Method Details

#active? ⇒ Boolean

Overwrites active? from Devise::Models::Activatable for locking purposes by verifying whether an user is active to sign in or not based on locked?

Returns:

# File 'lib/devise/models/lockable.rb', line 62

def active?
  super && !locked?
end

#inactive_message ⇒ Object

Overwrites invalid_message from Devise::Models::Authenticatable to define the correct reason for blocking the sign in.

# File 'lib/devise/models/lockable.rb', line 82

def inactive_message
  if locked?
    :locked
  else
    super
  end
end

#lock ⇒ Object

Lock an user setting it’s locked_at to actual time.

# File 'lib/devise/models/lockable.rb', line 17

def lock
  self.locked_at = Time.now
  if [:both, :email].include?(self.class.unlock_strategy)
    generate_unlock_token
    self.send_unlock_instructions
  end
end

#lock! ⇒ Object

calls lock and save the model

# File 'lib/devise/models/lockable.rb', line 26

def lock!
  self.lock
  save(false)
end

#locked? ⇒ Boolean

Verifies whether a user is locked or not

Returns:

# File 'lib/devise/models/lockable.rb', line 42

def locked?
  self.locked_at && !lock_expired?
end

#resend_unlock! ⇒ Object

Resend the unlock instructions if the user is locked

# File 'lib/devise/models/lockable.rb', line 52

def resend_unlock!
  if_locked do
    generate_unlock_token unless self.unlock_token.present?
    save(false)
    send_unlock_instructions
  end
end

#send_unlock_instructions ⇒ Object

Send unlock instructions by email

# File 'lib/devise/models/lockable.rb', line 47

def send_unlock_instructions
  ::DeviseMailer.deliver_unlock_instructions(self)
end

#unlock! ⇒ Object

Unlock an user by cleaning locket_at and failed_attempts

# File 'lib/devise/models/lockable.rb', line 32

def unlock!
  if_locked do
    self.locked_at = nil
    self.failed_attempts = 0
    self.unlock_token = nil
    save(false)
  end
end

#valid_for_authentication?(attributes) ⇒ Boolean

Overwrites valid_for_authentication? from Devise::Models::Authenticatable for verifying whether an user is allowed to sign in or not. If the user is locked, it should never be allowed.

Returns:

# File 'lib/devise/models/lockable.rb', line 69

def valid_for_authentication?(attributes)
  if result = super
    self.failed_attempts = 0
  else
    self.failed_attempts += 1
    self.lock if self.failed_attempts > self.class.maximum_attempts
  end
  save(false) if changed?
  result
end