module Authlogic::Session::BruteForceProtection::InstanceMethods
The methods available for an Authlogic::Session::Base object that make up the brute force protection feature.
Public Instance Methods
being_brute_force_protected?()
click to toggle source
Returns true when the #consecutive_failed_logins_limit has been exceeded and is being temporarily banned. Notice the word temporary, the user will not be permanently banned unless you choose to do so with configuration. By default they will be banned for 2 hours. During that 2 hour period this method will return true.
# File lib/authlogic/session/brute_force_protection.rb, line 59 def being_brute_force_protected? exceeded_failed_logins_limit? && (failed_login_ban_for <= 0 || (attempted_record.respond_to?(:updated_at) && attempted_record.updated_at >= failed_login_ban_for.seconds.ago)) end
Private Instance Methods
consecutive_failed_logins_limit()
click to toggle source
# File lib/authlogic/session/brute_force_protection.rb, line 86 def consecutive_failed_logins_limit self.class.consecutive_failed_logins_limit end
exceeded_failed_logins_limit?()
click to toggle source
# File lib/authlogic/session/brute_force_protection.rb, line 65 def exceeded_failed_logins_limit? !attempted_record.nil? && attempted_record.respond_to?(:failed_login_count) && consecutive_failed_logins_limit > 0 && attempted_record.failed_login_count && attempted_record.failed_login_count >= consecutive_failed_logins_limit end
failed_login_ban_for()
click to toggle source
# File lib/authlogic/session/brute_force_protection.rb, line 90 def failed_login_ban_for self.class.failed_login_ban_for end
reset_failed_login_count()
click to toggle source
# File lib/authlogic/session/brute_force_protection.rb, line 74 def reset_failed_login_count attempted_record.failed_login_count = 0 end
reset_failed_login_count?()
click to toggle source
# File lib/authlogic/session/brute_force_protection.rb, line 70 def reset_failed_login_count? exceeded_failed_logins_limit? && !being_brute_force_protected? end
validate_failed_logins()
click to toggle source
# File lib/authlogic/session/brute_force_protection.rb, line 78 def validate_failed_logins errors.clear # Clear all other error messages, as they are irrelevant at this point and can only provide additional information that is not needed errors.add(:base, I18n.t( 'error_messages.consecutive_failed_logins_limit_exceeded', :default => "Consecutive failed logins limit exceeded, account has been" + (failed_login_ban_for == 0 ? "" : " temporarily") + " disabled." )) end