module Authlogic::Session::BruteForceProtection::InstanceMethods

The methods available for an Authlogic::Session::Base object that make up the brute force protection feature.

Public Instance Methods

being_brute_force_protected?() click to toggle source

Returns true when the #consecutive_failed_logins_limit has been exceeded and is being temporarily banned. Notice the word temporary, the user will not be permanently banned unless you choose to do so with configuration. By default they will be banned for 2 hours. During that 2 hour period this method will return true.

# File lib/authlogic/session/brute_force_protection.rb, line 75
def being_brute_force_protected?
  exceeded_failed_logins_limit? &&
    (
      failed_login_ban_for <= 0 ||
      attempted_record.respond_to?(:updated_at) &&
      attempted_record.updated_at >= failed_login_ban_for.seconds.ago
    )
end

Private Instance Methods

consecutive_failed_logins_limit() click to toggle source
# File lib/authlogic/session/brute_force_protection.rb, line 117
def consecutive_failed_logins_limit
  self.class.consecutive_failed_logins_limit
end
exceeded_failed_logins_limit?() click to toggle source
# File lib/authlogic/session/brute_force_protection.rb, line 86
def exceeded_failed_logins_limit?
  !attempted_record.nil? &&
    attempted_record.respond_to?(:failed_login_count) &&
    consecutive_failed_logins_limit > 0 &&
    attempted_record.failed_login_count &&
    attempted_record.failed_login_count >= consecutive_failed_logins_limit
end
failed_login_ban_for() click to toggle source
# File lib/authlogic/session/brute_force_protection.rb, line 121
def failed_login_ban_for
  self.class.failed_login_ban_for
end
reset_failed_login_count() click to toggle source
# File lib/authlogic/session/brute_force_protection.rb, line 98
def reset_failed_login_count
  attempted_record.failed_login_count = 0
end
reset_failed_login_count?() click to toggle source
# File lib/authlogic/session/brute_force_protection.rb, line 94
def reset_failed_login_count?
  exceeded_failed_logins_limit? && !being_brute_force_protected?
end
validate_failed_logins() click to toggle source
# File lib/authlogic/session/brute_force_protection.rb, line 102
def validate_failed_logins
  # Clear all other error messages, as they are irrelevant at this point and can
  # only provide additional information that is not needed
  errors.clear
  errors.add(
    :base,
    I18n.t(
      "error_messages.consecutive_failed_logins_limit_exceeded",
      default: "Consecutive failed logins limit exceeded, account has been" +
        (failed_login_ban_for.zero? ? "" : " temporarily") +
        " disabled."
    )
  )
end