Hello,
I have searched high and low on how to activate an inactive account in
Authlogic and I can’t seem to figure it out.
I am using “consecutive_failed_logins_limit” to control a brute force
attack and I want to offer a function so a ‘manager’ can enable the
inactive account and bypass the number of hours/minutes the user would
need to wait to attempt to login otherwise.
Thank you for your help.
Did you try resetting failed_login_count to 0?
d.
Yep, among other things. What I have gathered so far (although I could
be wrong) is that Authlogic validations happen for UserSession before
anything else. I believe that authlogic then goes and grabs info from
the session and does its thing (which I don’t know yet what it is) and
marks the user as inactive and ends the process, redirecting the user
to the login screen.
Yep, among other things. What I have gathered so far (although I could
be wrong) is that Authlogic validations happen for UserSession before
anything else. I believe that authlogic then goes and grabs info from
the session and does its thing (which I don’t know yet what it is) and
marks the user as inactive and ends the process, redirecting the user
to the login screen.
That’s how it’s done in brute_force_protection.rb:
def reset_failed_login_count
attempted_record.failed_login_count = 0
end
You could test your assumption by resetting the count and then
clearing the browser cache or trying to log on from a different
computer. If so, take a look at your user_session#new (assuming it
redirects to the log in page on failure). You should be setting the
@user_session (or whatever you named it) instance var there.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs