Hello, I have searched high and low on how to activate an inactive account in Authlogic and I can''t seem to figure it out. I am using "consecutive_failed_logins_limit" to control a brute force attack and I want to offer a function so a ''manager'' can enable the inactive account and bypass the number of hours/minutes the user would need to wait to attempt to login otherwise. Thank you for your help. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Did you try resetting failed_login_count to 0? d. On Aug 26, 11:30 am, pepe <P...-1PhG29ZdMB/g+20BJ0uB2w@public.gmane.org> wrote:> Hello, > > I have searched high and low on how to activate an inactive account in > Authlogic and I can''t seem to figure it out. > > I am using "consecutive_failed_logins_limit" to control a brute force > attack and I want to offer a function so a ''manager'' can enable the > inactive account and bypass the number of hours/minutes the user would > need to wait to attempt to login otherwise. > > Thank you for your help.-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Yep, among other things. What I have gathered so far (although I could be wrong) is that Authlogic validations happen for UserSession before anything else. I believe that authlogic then goes and grabs info from the session and does its thing (which I don''t know yet what it is) and marks the user as inactive and ends the process, redirecting the user to the login screen. On Aug 26, 5:13 pm, IAmNan <dger...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Did you try resetting failed_login_count to 0? > > d. > > On Aug 26, 11:30 am, pepe <P...-1PhG29ZdMB/g+20BJ0uB2w@public.gmane.org> wrote: > > > Hello, > > > I have searched high and low on how to activate an inactive account in > > Authlogic and I can''t seem to figure it out. > > > I am using "consecutive_failed_logins_limit" to control a brute force > > attack and I want to offer a function so a ''manager'' can enable the > > inactive account and bypass the number of hours/minutes the user would > > need to wait to attempt to login otherwise. > > > Thank you for your help.-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Yep, among other things. What I have gathered so far (although I could be wrong) is that Authlogic validations happen for UserSession before anything else. I believe that authlogic then goes and grabs info from the session and does its thing (which I don''t know yet what it is) and marks the user as inactive and ends the process, redirecting the user to the login screen. On Aug 26, 5:13 pm, IAmNan <dger...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Did you try resetting failed_login_count to 0? > > d. > > On Aug 26, 11:30 am, pepe <P...-1PhG29ZdMB/g+20BJ0uB2w@public.gmane.org> wrote: > > > Hello, > > > I have searched high and low on how to activate an inactive account in > > Authlogic and I can''t seem to figure it out. > > > I am using "consecutive_failed_logins_limit" to control a brute force > > attack and I want to offer a function so a ''manager'' can enable the > > inactive account and bypass the number of hours/minutes the user would > > need to wait to attempt to login otherwise. > > > Thank you for your help.-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
That''s how it''s done in brute_force_protection.rb:
def reset_failed_login_count
attempted_record.failed_login_count = 0
end
You could test your assumption by resetting the count and then
clearing the browser cache or trying to log on from a different
computer. If so, take a look at your user_session#new (assuming it
redirects to the log in page on failure). You should be setting the
@user_session (or whatever you named it) instance var there.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.