Reputation: 14740
Devise -- how to lock an account with lockable?
I'm using Devise, and I've decided to add the lockable option after I've already set up the rest of the Devise models and views and whatnot. To do this I followed the instructions of this question: rails 3, using Devise, how add :lockable after the fact?
The right columns and whatnot are already in the database, so I'm pretty sure it worked. My question now: how do I actually lock the accounts after a certain number of tries? There's a field which successfully counts failed login attempts, but I'm not sure how to get the account to "lock" once a certain number has been reached. I've made a good 12 failed attempts but the account doesn't seem to be locking. Could someone list each view, model, controller, etc. that needs to be modified and how to modify it?
EDIT: It seems to be locking after ~20 attempts. But where is this logic located, and how do I modify it to a smaller number?
Upvotes: 3
Views: 6863
Answers (1)
Reputation: 4520
As long as you are not bypassing everything in Devise and manually checking the hashes in the database, Devise will handle locking automatically. See Devise Lockable documentation for the options that :lockable adds to Devise.
You likely have the maximum_attempts set too high, or you don't have lock_strategy set to :failed_attempts.
Upvotes: 3
Related Questions
- How to lock users using Devise?
- Is There a Way to Show Devise 'Lockable' Link Only if User Account is Locked?
- Devise lockable - How to unlock account using unlock_in
- Lockable is not working in Devise
- How to use Devise lockable functionality outside of devise controller or method?
- Manually lock an account in Devise
- Locking a user using a per-user `maximum_attempts` value with Devise for Rails
- How to override devise lockable module
- rails devise trigger lock of lockable
- rails 3, using Devise, how add :lockable after the fact?