File: README — Documentation for login-control (0.0.21)

Description

The Attempt here is to give more flexibility on multiple signup barriers, like captacha or 2fa. Based on the requests it gives you a decisive criteria of the barriers a user have to take for sign in. It stores a permanent cookie and a table for tracking requests for specific routes you track within a controller method.

its built for systems on higher security requirements, for users which have sign-in multiple times on same login.

Features

The RequestControlViewHelper.captcha_tag? delivers true if captcha is necessary and showed on a login form.

This decision is based on the status of failed login attempts, which is stored in rails-session-cookie.

For a user that had never a successfully login, captcha_tag? is always true. After first successful login, captcha_tag? is true if attempts are less than configured (default: 10) and last_attempt is older than config.x.login_control.retry_after_seconds

On localhost captcha is never required.

Installation

gem 'login-control'

run

$ bundle
$ rails g model login_control session_id:string login_name:string scope:string sign_in_success:integer attempts:integer last_attempt:datetime validate_captcha:boolean
$ rails db:migrate

initializer

require 'login_control_module'
require 'login_control_view_helper'

ApplicationHelper

include LoginControlViewHelper

  - if captcha_tag?
    = hcaptcha xxx

Controller example for subclassed devise controller

class SessionsController < Devise::SessionsController

  include LoginControlModule

  def create
    notice_login_attempt
    if (captcha_validation? ? verify_hcaptcha(secret_key: ...) : true) && credentials-matched
      super
      notice_successful_login
    else
      redirect_to login_path, alert: 'captcha failed' 
    end
  end
end

Configs

config.x.login_control.attempts_allowed integer, default: 10

config.x.login_control.retry_after_seconds integer, default: 30 (seconds) # => if, after a failed login, within status :known, within attempts_allowed, within retry_after_seconds RequestControlViewHelper.captcha_tag? returns true

config.x.login_control.debug boolean, default: false only for production