Authlogic: activating inactive account/user

Hello,

I have searched high and low on how to activate an inactive account in
Authlogic and I can’t seem to figure it out.

I am using “consecutive_failed_logins_limit” to control a brute force
attack and I want to offer a function so a ‘manager’ can enable the
inactive account and bypass the number of hours/minutes the user would
need to wait to attempt to login otherwise.

Thank you for your help.

Did you try resetting failed_login_count to 0?

d.

Yep, among other things. What I have gathered so far (although I could
be wrong) is that Authlogic validations happen for UserSession before
anything else. I believe that authlogic then goes and grabs info from
the session and does its thing (which I don’t know yet what it is) and
marks the user as inactive and ends the process, redirecting the user
to the login screen.

Yep, among other things. What I have gathered so far (although I could
be wrong) is that Authlogic validations happen for UserSession before
anything else. I believe that authlogic then goes and grabs info from
the session and does its thing (which I don’t know yet what it is) and
marks the user as inactive and ends the process, redirecting the user
to the login screen.

That’s how it’s done in brute_force_protection.rb:
def reset_failed_login_count
attempted_record.failed_login_count = 0
end

You could test your assumption by resetting the count and then
clearing the browser cache or trying to log on from a different
computer. If so, take a look at your user_session#new (assuming it
redirects to the log in page on failure). You should be setting the
@user_session (or whatever you named it) instance var there.