-
Notifications
You must be signed in to change notification settings - Fork 229
Brute force protection
NoamB edited this page Mar 12, 2011
·
25 revisions
In this tutorial we will build upon the app created at Simple Password Authentication so make sure you understand it.
First Add some db fields: rails g migration AddBruteForceProtectionToUsers
class AddBruteForceProtectionToUsers < ActiveRecord::Migration
def self.up
add_column :users, :failed_logins_count, :integer, :default => 0
add_column :users, :lock_expires_at, :datetime, :default => nil
end
def self.down
remove_column :users, :lock_expires_at
remove_column :users, :failed_logins_count
end
end
rake db:migrate
Then add the brute_force_protection submodule:
# config/application.rb
config.sorcery.submodules = [:brute_force_protection, blabla, blablu, ...]
That's it! You now only need to configure options like how many failed logins are allowed and for how long to lock an account when this number has been reached. See the docs for specifics.
Meta
Using Sorcery
- Activity Logging
- Brute Force Protection
- DataMapper Support
- DelayedJob Integration
- Distinguish login failure reasons
- External
- External---Microsoft-Graph-authentication
- Fetching Currently Active Users
- HTTP Basic Auth
- Integration Testing
- OAuth Landing Page
- Password-less Activation
- Remember Me
- Reset Password
- Routes Constraints
- Session Timeout
- Simple Password Authentication
- Single Table Inheritance Support
- Testing Rails
- User Activation
Contributing to Sorcery