Add devise lockable to user

2025-09-04 20:25:22 +08:00 · 2020-07-14 14:49:51 +02:00 · 2020-07-14 14:49:51 +02:00 · f7083a000a
commit f7083a000a
parent 41ceba11b8
3 changed files with 11 additions and 7 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -13,7 +13,7 @@ class User < ApplicationRecord
  acts_as_token_authenticatable
  devise :invitable, :confirmable, :database_authenticatable, :registerable,
         :async, :recoverable, :rememberable, :trackable, :validatable,
-         :timeoutable, :omniauthable,
+         :timeoutable, :omniauthable, :lockable,
         omniauth_providers: Extends::OMNIAUTH_PROVIDERS,
         stretches: Constants::PASSWORD_STRETCH_FACTOR

--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@ -209,27 +209,27 @@ Devise.setup do |config|
  # Defines which strategy will be used to lock an account.
  # :failed_attempts = Locks an account after a number of failed attempts to sign in.
  # :none            = No lock strategy. You should handle locking by yourself.
-  # config.lock_strategy = :failed_attempts
+  config.lock_strategy = :failed_attempts

  # Defines which key will be used when locking and unlocking an account
-  # config.unlock_keys = [:email]
+  config.unlock_keys = [:email]

  # Defines which strategy will be used to unlock an account.
  # :email = Sends an unlock link to the user email
  # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
  # :both  = Enables both strategies
  # :none  = No unlock strategy. You should handle unlocking by yourself.
-  # config.unlock_strategy = :both
+  config.unlock_strategy = :both

  # Number of authentication tries before locking an account if lock_strategy
  # is failed attempts.
-  # config.maximum_attempts = 20
+  config.maximum_attempts = 10

  # Time interval to unlock the account if :time is enabled as unlock_strategy.
-  # config.unlock_in = 1.hour
+  config.unlock_in = 1.hour

  # Warn on the last attempt before the account is locked.
-  # config.last_attempt_warning = true
+  config.last_attempt_warning = true

  # ==> Configuration for :recoverable
  #
--- a/test/mailers/previews/app_mailer_preview.rb
+++ b/test/mailers/previews/app_mailer_preview.rb
@ -11,6 +11,10 @@ class AppMailerPreview < ActionMailer::Preview
    AppMailer.invitation_instructions(fake_user, 'faketoken', {})
  end

+  def unlock_instructions
+    AppMailer.unlock_instructions(fake_user, 'faketoken', {})
+  end
+
  def assignment_notification
    AppMailer.notification(
      fake_user,