From f7083a000a85f31b3d1a2f8fde938583bfcea8ac Mon Sep 17 00:00:00 2001
From: Mojca Lorber <mlorber@biosistemika.com>
Date: Tue, 14 Jul 2020 14:49:51 +0200
Subject: [PATCH] Add devise lockable to user

---
 app/models/user.rb                          |  2 +-
 config/initializers/devise.rb               | 12 ++++++------
 test/mailers/previews/app_mailer_preview.rb |  4 ++++
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index 5f9f94b5c..0edbd4150 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -13,7 +13,7 @@ class User < ApplicationRecord
   acts_as_token_authenticatable
   devise :invitable, :confirmable, :database_authenticatable, :registerable,
          :async, :recoverable, :rememberable, :trackable, :validatable,
-         :timeoutable, :omniauthable,
+         :timeoutable, :omniauthable, :lockable,
          omniauth_providers: Extends::OMNIAUTH_PROVIDERS,
          stretches: Constants::PASSWORD_STRETCH_FACTOR
 
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index fac8e19c3..4fdc410c2 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -209,27 +209,27 @@ Devise.setup do |config|
   # Defines which strategy will be used to lock an account.
   # :failed_attempts = Locks an account after a number of failed attempts to sign in.
   # :none            = No lock strategy. You should handle locking by yourself.
-  # config.lock_strategy = :failed_attempts
+  config.lock_strategy = :failed_attempts
 
   # Defines which key will be used when locking and unlocking an account
-  # config.unlock_keys = [:email]
+  config.unlock_keys = [:email]
 
   # Defines which strategy will be used to unlock an account.
   # :email = Sends an unlock link to the user email
   # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
   # :both  = Enables both strategies
   # :none  = No unlock strategy. You should handle unlocking by yourself.
-  # config.unlock_strategy = :both
+  config.unlock_strategy = :both
 
   # Number of authentication tries before locking an account if lock_strategy
   # is failed attempts.
-  # config.maximum_attempts = 20
+  config.maximum_attempts = 10
 
   # Time interval to unlock the account if :time is enabled as unlock_strategy.
-  # config.unlock_in = 1.hour
+  config.unlock_in = 1.hour
 
   # Warn on the last attempt before the account is locked.
-  # config.last_attempt_warning = true
+  config.last_attempt_warning = true
 
   # ==> Configuration for :recoverable
   #
diff --git a/test/mailers/previews/app_mailer_preview.rb b/test/mailers/previews/app_mailer_preview.rb
index dc6fb9760..c728d926b 100644
--- a/test/mailers/previews/app_mailer_preview.rb
+++ b/test/mailers/previews/app_mailer_preview.rb
@@ -11,6 +11,10 @@ class AppMailerPreview < ActionMailer::Preview
     AppMailer.invitation_instructions(fake_user, 'faketoken', {})
   end
 
+  def unlock_instructions
+    AppMailer.unlock_instructions(fake_user, 'faketoken', {})
+  end
+
   def assignment_notification
     AppMailer.notification(
       fake_user,