Hello,
I have searched high and low on how to activate an inactive account in Authlogic and I can't seem to figure it out.
I am using "consecutive_failed_logins_limit" to control a brute force attack and I want to offer a function so a 'manager' can enable the inactive account and bypass the number of hours/minutes the user would need to wait to attempt to login otherwise.
Thank you for your help.
Did you try resetting failed_login_count to 0?
d.
Yep, among other things. What I have gathered so far (although I could be wrong) is that Authlogic validations happen for UserSession before anything else. I believe that authlogic then goes and grabs info from the session and does its thing (which I don't know yet what it is) and marks the user as inactive and ends the process, redirecting the user to the login screen.
Yep, among other things. What I have gathered so far (although I could be wrong) is that Authlogic validations happen for UserSession before anything else. I believe that authlogic then goes and grabs info from the session and does its thing (which I don't know yet what it is) and marks the user as inactive and ends the process, redirecting the user to the login screen.
That's how it's done in brute_force_protection.rb: def reset_failed_login_count attempted_record.failed_login_count = 0 end
You could test your assumption by resetting the count and then clearing the browser cache or trying to log on from a different computer. If so, take a look at your user_session#new (assuming it redirects to the log in page on failure). You should be setting the @user_session (or whatever you named it) instance var there.
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks