Using Devise 4.8.1 and Rails 7.0.3, I had done the steps from this wiki How To: Add :lockable to Users before and I did a custom password verification that would lock the user access after 5 failed attempts. Previously, the valid_password? function worked and could increment the failed_attempts attribute on the users table, be it in rails console or controller (do at backend) but now it does not work.
Here's my code:
data = JSON.parse(request.body.read)
user = User.find_for_authentication(email: data['email'])
retries_remaining = 5
failed_attempts = data['failed_attempts'] + 1
if user.valid_password?(data['password'])
render json: { "status" => true }
else
if failed_attempts >= retries_remaining
user.lock_access!(opts: { send_instructions: false })
user.send_unlock_instructions
render json: { "status" => false, "redirect_path" => root_path }
else
if (failed_attempts + 2) >= retries_remaining
msg = "There are #{retries_remaining - failed_attempts} retries remaining."
else
msg = 'Password is not matching.'
end
render json: { "status" => false, "message" => msg }
end
end
The retries_remaining and failed_attempts variables are only for my checker. But, I want if users have attempted 3 times and left the page, the failed_attempts attribute also increments too so that if they go back to this page, they only have 2 retries remaining.
Any clues on this issue?
