diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2012-07-06 19:18:18 +0400 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2012-07-06 19:18:18 +0400 |
| commit | 4c24cabf4709b8421c751970fa72a9eba145b992 (patch) | |
| tree | 79ad66bd7aad54d2afa6b4bd1418161507eddade /config/initializers | |
| parent | 9497b1a76ee84d12613604e37007e94a048b379e (diff) | |
| parent | 6533711825c3f197470be041b95e2885bae50bc5 (diff) | |
Merge pull request #1012 from NARKOZ/devise
Add 10 minutes lock after 10 failed login attempts (Devise :lockable)
Diffstat (limited to 'config/initializers')
| -rw-r--r-- | config/initializers/devise.rb | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index cb1ae0ac0be..54011ba5ea3 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -93,10 +93,6 @@ Devise.setup do |config| # If true, extends the user's remember period when remembered via cookie. # config.extend_remember_period = false - # If true, uses the password salt as remember token. This should be turned - # to false if you are not using database authenticatable. - config.use_salt_as_remember_token = true - # Options to be passed to the created cookie. For instance, you can set # :secure => true in order to force SSL only cookies. # config.cookie_options = {} @@ -119,7 +115,7 @@ Devise.setup do |config| # Defines which strategy will be used to lock an account. # :failed_attempts = Locks an account after a number of failed attempts to sign in. # :none = No lock strategy. You should handle locking by yourself. - # config.lock_strategy = :failed_attempts + config.lock_strategy = :failed_attempts # Defines which key will be used when locking and unlocking an account # config.unlock_keys = [ :email ] @@ -129,14 +125,14 @@ Devise.setup do |config| # :time = Re-enables login after a certain amount of time (see :unlock_in below) # :both = Enables both strategies # :none = No unlock strategy. You should handle unlocking by yourself. - # config.unlock_strategy = :both + config.unlock_strategy = :time # Number of authentication tries before locking an account if lock_strategy # is failed attempts. - # config.maximum_attempts = 20 + config.maximum_attempts = 10 # Time interval to unlock the account if :time is enabled as unlock_strategy. - # config.unlock_in = 1.hour + config.unlock_in = 10.minutes # ==> Configuration for :recoverable # @@ -160,9 +156,9 @@ Devise.setup do |config| # Defines name of the authentication token params key config.token_authentication_key = :private_token - # If true, authentication through token does not store user in session and needs + # Authentication through token does not store user in session and needs # to be supplied on each request. Useful if you are using the token as API token. - config.stateless_token = true + config.skip_session_storage << :token_auth # ==> Scopes configuration # Turn scoped views on. Before rendering "sessions/new", it will first check for |