After a user has tried to login more often than the consecutive_failed_logins_limit and brute-force protection got enabled, what is the expected way to recover the account and reset the password? Does Authlogic expect manual resetting of the failed_login_count attribute in the users table by an administrator?
Asked
Active
Viewed 510 times
2
dokaspar
- 8,186
- 14
- 70
- 98
2 Answers
1
You have the correct answer in your question.
Reset the failed_login_count value to 0
I have my consecutive_failed_logins_limit set to 5 and failed_login_ban_for 0.
I tried to log in with an incorrect password 6 times and then I got the account banned error message with the correct password or an incorrect one.
I manually reset the failed_login_count to 0 and then was able to log in using the correct password as normal.
I am planning to add a "unban" button to the user show view so an administrator can unban a user.
Iain
- 117
- 1
- 9
0
Use failed_login_ban_for in the user session model to set the number of hours the user should be banned for (the default value is 2 hours).
Examples:
- To ban for a day:
failed_login_ban_for 24.hours - Permanent ban:
failed_login_ban_for 0
dokaspar
- 8,186
- 14
- 70
- 98
-
1This only sets the ban time, is there a way to reset a users ban manually if we wish to? – riley Oct 21 '15 at 22:20
-
@riley Set the User's `failed_login_count` to `0`. – Joshua Pinter Mar 16 '18 at 01:29