Is There a Way to Show Devise 'Lockable' Link Only if User Account is Locked?

Question

I'm using Devise for user authentication in a Rails 4.2.0 application.

Here's the relevant code from app/views/devise/shared/_links.html.slim:

- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?
(:email) && controller_name != 'unlocks'
= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name)

Currently it's showing the link on my sign up / sign in pages because I have the proper devise mapping in place for this.

What I would like to do is hide this link and only show it if the user has entered enough failed passwords to lock their account (3).

Is the number of failed attempts stored in a session variable or something?

Any advice/direction is appreciated - thank you for your time.

Answer 1

You can look al the flash object (ActionDispatch::Flash::FlashHash) if it has an alert "Your account is locked.". Using the message key I18n.t('devise.failure.locked'):

# app/views/devise/shared/_links.html.erb
...
<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks'  +%>
  <% if flash.detect { |key, value| key == 'alert' && value == I18n.t('devise.failure.locked') }.present? %>
    <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %><br />
  <% end %>
<% end %>

Answer 2

The number of failed attempts is stored in the Devise model (e.g., User):

## Lockable
# t.integer  :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
# t.datetime :locked_at

locked_at indicates when; IIRC it's cleared out when they're no longer locked.