module Authlogic::Session::BruteForceProtection::InstanceMethods

The methods available for an Authlogic::Session::Base object that make up the brute force protection feature.

Public Instance Methods

being_brute_force_protected?() click to toggle source

Returns true when the #consecutive_failed_logins_limit has been exceeded and is being temporarily banned. Notice the word temporary, the user will not be permanently banned unless you choose to do so with configuration. By default they will be banned for 2 hours. During that 2 hour period this method will return true.

# File lib/authlogic/session/brute_force_protection.rb, line 59
def being_brute_force_protected?
  exceeded_failed_logins_limit? && (failed_login_ban_for <= 0 ||
    (attempted_record.respond_to?(:updated_at) && attempted_record.updated_at >= failed_login_ban_for.seconds.ago))
end

Private Instance Methods

consecutive_failed_logins_limit() click to toggle source
# File lib/authlogic/session/brute_force_protection.rb, line 86
def consecutive_failed_logins_limit
  self.class.consecutive_failed_logins_limit
end
exceeded_failed_logins_limit?() click to toggle source
# File lib/authlogic/session/brute_force_protection.rb, line 65
def exceeded_failed_logins_limit?
  !attempted_record.nil? && attempted_record.respond_to?(:failed_login_count) && consecutive_failed_logins_limit > 0 &&
    attempted_record.failed_login_count && attempted_record.failed_login_count >= consecutive_failed_logins_limit
end
failed_login_ban_for() click to toggle source
# File lib/authlogic/session/brute_force_protection.rb, line 90
def failed_login_ban_for
  self.class.failed_login_ban_for
end
reset_failed_login_count() click to toggle source
# File lib/authlogic/session/brute_force_protection.rb, line 74
def reset_failed_login_count
  attempted_record.failed_login_count = 0
end
reset_failed_login_count?() click to toggle source
# File lib/authlogic/session/brute_force_protection.rb, line 70
def reset_failed_login_count?
  exceeded_failed_logins_limit? && !being_brute_force_protected?
end
validate_failed_logins() click to toggle source
# File lib/authlogic/session/brute_force_protection.rb, line 78
def validate_failed_logins
  errors.clear # Clear all other error messages, as they are irrelevant at this point and can only provide additional information that is not needed
  errors.add(:base, I18n.t(
    'error_messages.consecutive_failed_logins_limit_exceeded', 
    :default => "Consecutive failed logins limit exceeded, account has been" + (failed_login_ban_for == 0 ? "" : " temporarily") + " disabled."
  ))
end