diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc
index 46cdeed2..04ada5e1 100644
--- a/CHANGELOG.rdoc
+++ b/CHANGELOG.rdoc
@@ -1,6 +1,7 @@
* enhancements
* Extract Activatable from Confirmable
* Decouple Serializers from Devise modules
+ * Devise::Lockable
== 0.7.3
diff --git a/README.rdoc b/README.rdoc
index 64a1f102..8bc24938 100644
--- a/README.rdoc
+++ b/README.rdoc
@@ -17,6 +17,7 @@ Right now it's composed of seven mainly modules:
* Timeoutable: expires sessions without activity in a certain period of time.
* Trackable: tracks sign in count, timestamps and ip.
* Validatable: creates all needed validations for email and password. It's totally optional, so you're able to to customize validations by yourself.
+* Lockable: takes care of locking an account based on the number of failed sign in attempts. Handles unlock via expire and email.
There's an example application using Devise at http://github.com/plataformatec/devise_example .
@@ -62,6 +63,7 @@ We're assuming here you want a User model. First of all you have to setup a migr
t.confirmable
t.recoverable
t.rememberable
+ t.lockable
t.timestamps
end
@@ -70,6 +72,7 @@ You may also want to add some indexes to improve performance:
add_index :your_table, :email
add_index :your_table, :confirmation_token # for confirmable
add_index :your_table, :reset_password_token # for recoverable
+ add_index :your_table, :unlock_token # for lockable
Now let's setup a User model adding the devise line to have your authentication working:
diff --git a/app/controllers/unlocks_controller.rb b/app/controllers/unlocks_controller.rb
new file mode 100644
index 00000000..abfee412
--- /dev/null
+++ b/app/controllers/unlocks_controller.rb
@@ -0,0 +1,33 @@
+class UnlocksController < ApplicationController
+ include Devise::Controllers::Helpers
+
+ # GET /resource/unlock/new
+ def new
+ build_resource
+ render_with_scope :new
+ end
+
+ # POST /resource/unlock
+ def create
+ self.resource = resource_class.send_unlock_instructions(params[resource_name])
+
+ if resource.errors.empty?
+ set_flash_message :success, :send_instructions
+ redirect_to new_session_path(resource_name)
+ else
+ render_with_scope :new
+ end
+ end
+
+ # GET /resource/unlock?unlock_token=abcdef
+ def show
+ self.resource = resource_class.unlock!(:unlock_token => params[:unlock_token])
+
+ if resource.errors.empty?
+ set_flash_message :success, :unlocked
+ sign_in_and_redirect(resource_name, resource)
+ else
+ render_with_scope :new
+ end
+ end
+end
diff --git a/app/models/devise_mailer.rb b/app/models/devise_mailer.rb
index 7bc91a9f..bb699095 100644
--- a/app/models/devise_mailer.rb
+++ b/app/models/devise_mailer.rb
@@ -22,6 +22,10 @@ class DeviseMailer < ::ActionMailer::Base
setup_mail(record, :reset_password_instructions)
end
+ def unlock_instructions(record)
+ setup_mail(record, :unlock_instructions)
+ end
+
private
# Configure default email options
diff --git a/app/views/devise_mailer/unlock_instructions.html.erb b/app/views/devise_mailer/unlock_instructions.html.erb
new file mode 100644
index 00000000..9bab1904
--- /dev/null
+++ b/app/views/devise_mailer/unlock_instructions.html.erb
@@ -0,0 +1,7 @@
+Hello <%= @resource.email %>!
+
+Your account has been locked due to an excessive amount of unsuccessful sign in attempts.
+
+Click the link below to unlock your account:
+
+<%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %>
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
index 94476758..65df0752 100644
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -23,3 +23,7 @@
<%- if devise_mapping.confirmable? %>
<%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %>
<% end -%>
+
+<%- if devise_mapping.lockable? %>
+ <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %>
+<% end -%>
\ No newline at end of file
diff --git a/app/views/unlocks/new.html.erb b/app/views/unlocks/new.html.erb
new file mode 100644
index 00000000..0bdc5336
--- /dev/null
+++ b/app/views/unlocks/new.html.erb
@@ -0,0 +1,16 @@
+Resend unlock instructions
+
+<% form_for resource_name, resource, :url => unlock_path(resource_name) do |f| %>
+ <%= f.error_messages %>
+
+ <%= f.label :email %>
+ <%= f.text_field :email %>
+
+ <%= f.submit "Resend unlock instructions" %>
+<% end %>
+
+<%= link_to "Sign in", new_session_path(resource_name) %>
+
+<%- if devise_mapping.recoverable? %>
+ <%= link_to "Forgot password?", new_password_path(resource_name) %>
+<% end -%>
diff --git a/generators/devise/templates/migration.rb b/generators/devise/templates/migration.rb
index 272de51a..4aa44256 100644
--- a/generators/devise/templates/migration.rb
+++ b/generators/devise/templates/migration.rb
@@ -6,6 +6,7 @@ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
t.recoverable
t.rememberable
t.trackable
+ t.lockable
t.timestamps
end
diff --git a/generators/devise_install/templates/devise.rb b/generators/devise_install/templates/devise.rb
index af7a0140..fe8ae32d 100644
--- a/generators/devise_install/templates/devise.rb
+++ b/generators/devise_install/templates/devise.rb
@@ -8,7 +8,7 @@ Devise.setup do |config|
# Remember that Devise includes other modules on its own (like :activatable
# and :timeoutable) which are not included here and also plugins. So be sure
# to check the docs for a complete set.
- config.all = [:authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable]
+ config.all = [:authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable, :lockable]
# Invoke `rake secret` and use the printed value to setup a pepper to generate
# the encrypted password. By default no pepper is used.
@@ -54,6 +54,18 @@ Devise.setup do |config|
# are using only default views.
# config.scoped_views = true
+ # Number of authentication tries before locking an account.
+ # config.maximum_attempts = 5
+
+ # Defines which strategy will be used to unlock an account.
+ # :email = Sends an unlock link to the user email
+ # :time = Reanables login after a certain ammount of time (see :unlock_in below)
+ # :both = enables both strategies
+ # config.unlock_strategy = :both
+
+ # Time interval to unlock the account if :time is enabled as unlock_strategy.
+ # config.unlock_in = 1.hour
+
# If you want to use other strategies, that are not (yet) supported by Devise,
# you can configure them inside the config.warden block. The example below
# allows you to setup OAuth, using http://github.com/roman/warden_oauth
diff --git a/lib/devise.rb b/lib/devise.rb
index 1f40a74a..2820799a 100644
--- a/lib/devise.rb
+++ b/lib/devise.rb
@@ -25,13 +25,14 @@ module Devise
end
ALL = [:authenticatable, :activatable, :confirmable, :recoverable, :rememberable,
- :timeoutable, :trackable, :validatable]
+ :timeoutable, :trackable, :validatable, :lockable]
# Maps controller names to devise modules
CONTROLLERS = {
:sessions => [:authenticatable],
:passwords => [:recoverable],
- :confirmations => [:confirmable]
+ :confirmations => [:confirmable],
+ :unlocks => [:lockable]
}
STRATEGIES = [:authenticatable]
@@ -39,7 +40,7 @@ module Devise
TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
# Maps the messages types that are used in flash message.
- FLASH_MESSAGES = [ :unauthenticated, :unconfirmed, :invalid, :timeout, :inactive ]
+ FLASH_MESSAGES = [ :unauthenticated, :unconfirmed, :invalid, :timeout, :inactive, :locked ]
# Declare encryptors length which are used in migrations.
ENCRYPTORS_LENGTH = {
@@ -103,6 +104,19 @@ module Devise
mattr_accessor :scoped_views
@@scoped_views = false
+ # Number of authentication tries before locking an account
+ mattr_accessor :maximum_attempts
+ @@maximum_attempts = 5
+
+ # Defines which strategy can be used to unlock an account.
+ # Values: :email, :time, :both
+ mattr_accessor :unlock_strategy
+ @@unlock_strategy = :both
+
+ # Time interval to unlock the account if :time is defined as unlock_strategy.
+ mattr_accessor :unlock_in
+ @@unlock_in = 1.hour
+
class << self
# Default way to setup Devise. Run script/generate devise_install to create
# a fresh initializer with all configuration values.
diff --git a/lib/devise/controllers/url_helpers.rb b/lib/devise/controllers/url_helpers.rb
index a80a3110..b343266f 100644
--- a/lib/devise/controllers/url_helpers.rb
+++ b/lib/devise/controllers/url_helpers.rb
@@ -19,7 +19,7 @@ module Devise
# Those helpers are added to your ApplicationController.
module UrlHelpers
- [:session, :password, :confirmation].each do |module_name|
+ [:session, :password, :confirmation, :unlock].each do |module_name|
[:path, :url].each do |path_or_url|
actions = [ nil, :new_ ]
actions << :edit_ if module_name == :password
diff --git a/lib/devise/locales/en.yml b/lib/devise/locales/en.yml
index cca2ec3e..6dd13181 100644
--- a/lib/devise/locales/en.yml
+++ b/lib/devise/locales/en.yml
@@ -5,6 +5,7 @@ en:
signed_out: 'Signed out successfully.'
unauthenticated: 'You need to sign in or sign up before continuing.'
unconfirmed: 'You have to confirm your account before continuing.'
+ locked: 'Your account is locked.'
invalid: 'Invalid email or password.'
timeout: 'Your session expired, please sign in again to continue.'
inactive: 'Your account was not activated yet.'
@@ -14,8 +15,10 @@ en:
confirmations:
send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
confirmed: 'Your account was successfully confirmed. You are now signed in.'
+ unlocks:
+ send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
+ unlocked: 'Your account was successfully unlocked. You are now signed in.'
mailer:
confirmation_instructions: 'Confirmation instructions'
reset_password_instructions: 'Reset password instructions'
-
-
+ unlock_instructions: 'Unlock Instructions'
diff --git a/lib/devise/models/activatable.rb b/lib/devise/models/activatable.rb
index 338da924..efc5040e 100644
--- a/lib/devise/models/activatable.rb
+++ b/lib/devise/models/activatable.rb
@@ -5,7 +5,7 @@ module Devise
# This module implements the default API required in activatable hook.
module Activatable
def active?
- raise NotImplementedError
+ true
end
def inactive_message
diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb
index 06b2de80..37d2ceed 100644
--- a/lib/devise/models/confirmable.rb
+++ b/lib/devise/models/confirmable.rb
@@ -76,12 +76,16 @@ module Devise
# is already confirmed, it should never be blocked. Otherwise we need to
# calculate if the confirm time has not expired for this user.
def active?
- confirmed? || confirmation_period_valid?
+ super && (confirmed? || confirmation_period_valid?)
end
# The message to be shown if the account is inactive.
def inactive_message
- :unconfirmed
+ if !confirmed?
+ :unconfirmed
+ else
+ super
+ end
end
# If you don't want confirmation to be sent on create, neither a code
diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb
new file mode 100644
index 00000000..86ca3560
--- /dev/null
+++ b/lib/devise/models/lockable.rb
@@ -0,0 +1,138 @@
+require 'devise/models/activatable'
+
+module Devise
+ module Models
+
+ module Lockable
+ include Devise::Models::Activatable
+ include Devise::Models::Authenticatable
+
+ def self.included(base)
+ base.class_eval do
+ extend ClassMethods
+ end
+ end
+
+ # Lock an user setting it's locked_at to actual time.
+ def lock!
+ self.locked_at = Time.now
+ if [:both, :email].include?(self.class.unlock_strategy)
+ generate_unlock_token
+ self.send_unlock_instructions
+ end
+ save(false)
+ end
+
+ # Unlock an user by cleaning locket_at and failed_attempts
+ def unlock!
+ if_locked do
+ self.locked_at = nil
+ self.failed_attempts = 0
+ self.unlock_token = nil
+ save(false)
+ end
+ end
+
+ # Verifies whether a user is locked or not
+ def locked?
+ self.locked_at && !lock_expired?
+ end
+
+ # Send unlock instructions by email
+ def send_unlock_instructions
+ ::DeviseMailer.deliver_unlock_instructions(self)
+ end
+
+ # Resend the unlock instructions if the user is locked
+ def resend_unlock!
+ if_locked do
+ generate_unlock_token unless self.unlock_token.present?
+ save(false)
+ send_unlock_instructions
+ end
+ end
+
+ # Overwrites active? from Devise::Models::Activatable for locking purposes
+ # by verifying whether an user is active to sign in or not based on locked?
+ def active?
+ super && !locked?
+ end
+
+ # Overwrites valid_for_authentication? from Devise::Models::Authenticatable
+ # for verifying whether an user is allowed to sign in or not. If the user
+ # is locked, it should never be allowed.
+ def valid_for_authentication?(attributes)
+ unless result = super
+ self.failed_attempts += 1
+ save(false)
+ self.lock! if self.failed_attempts > self.class.maximum_attempts
+ else
+ self.failed_attempts = 0
+ save(false)
+ end
+ result
+ end
+
+ # Overwrites invalid_message from Devise::Models::Authenticatable to define
+ # the correct reason for blocking the sign in.
+ def inactive_message
+ if locked?
+ :locked
+ else
+ super
+ end
+ end
+
+ protected
+
+ # Generates unlock token
+ def generate_unlock_token
+ self.unlock_token = Devise.friendly_token
+ end
+
+ # Tells if the lock is expired if :time unlock strategy is active
+ def lock_expired?
+ if [:both, :time].include?(self.class.unlock_strategy)
+ self.locked_at && self.locked_at < self.class.unlock_in.ago
+ else
+ false
+ end
+ end
+
+ # Checks whether the record is locked or not, yielding to the block
+ # if it's locked, otherwise adds an error to email.
+ def if_locked
+ if locked?
+ yield
+ else
+ self.class.add_error_on(self, :email, :not_locked)
+ false
+ end
+ end
+
+ module ClassMethods
+ # Attempt to find a user by it's email. If a record is found, send new
+ # unlock instructions to it. If not user is found, returns a new user
+ # with an email not found error.
+ # Options must contain the user email
+ def send_unlock_instructions(attributes={})
+ lockable = find_or_initialize_with_error_by(:email, attributes[:email], :not_found)
+ lockable.resend_unlock! unless lockable.new_record?
+ lockable
+ end
+
+ # Find a user by it's unlock token and try to unlock it.
+ # If no user is found, returns a new user with an error.
+ # If the user is not locked, creates an error for the user
+ # Options must have the unlock_token
+ def unlock!(attributes={})
+ lockable = find_or_initialize_with_error_by(:unlock_token, attributes[:unlock_token])
+ lockable.unlock! unless lockable.new_record?
+ lockable
+ end
+
+ Devise::Models.config(self, :maximum_attempts, :unlock_strategy, :unlock_in)
+ end
+ end
+ end
+end
\ No newline at end of file
diff --git a/lib/devise/orm/active_record.rb b/lib/devise/orm/active_record.rb
index f1204225..8eb95001 100644
--- a/lib/devise/orm/active_record.rb
+++ b/lib/devise/orm/active_record.rb
@@ -7,6 +7,8 @@ module Devise
# t.confirmable
# t.recoverable
# t.rememberable
+ # t.trackable
+ # t.lockable
# t.timestamps
# end
#
diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb
index 6a9e61bf..f77e2053 100644
--- a/lib/devise/rails/routes.rb
+++ b/lib/devise/rails/routes.rb
@@ -113,6 +113,10 @@ module ActionController::Routing
routes.resource :confirmation, :only => [:new, :create, :show], :as => mapping.path_names[:confirmation]
end
+ def lockable(routes, mapping)
+ routes.resource :unlock, :only => [:new, :create, :show], :as => mapping.path_names[:unlock]
+ end
+
end
end
end
diff --git a/lib/devise/schema.rb b/lib/devise/schema.rb
index f1b682d5..1417d37f 100644
--- a/lib/devise/schema.rb
+++ b/lib/devise/schema.rb
@@ -45,6 +45,13 @@ module Devise
apply_schema :last_sign_in_ip, String
end
+ # Creates failed_attempts, unlock_token and locked_at
+ def lockable
+ apply_schema :failed_attempts, Integer, :default => 0
+ apply_schema :unlock_token, String, :limit => 20
+ apply_schema :locked_at, DateTime
+ end
+
# Overwrite with specific modification to create your own schema.
def apply_schema(name, type, options={})
raise NotImplementedError
diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb
new file mode 100644
index 00000000..e0211e3a
--- /dev/null
+++ b/test/integration/lockable_test.rb
@@ -0,0 +1,83 @@
+require 'test/test_helper'
+
+class LockTest < ActionController::IntegrationTest
+
+ def visit_user_unlock_with_token(unlock_token)
+ visit user_unlock_path(:unlock_token => unlock_token)
+ end
+
+ test 'user should be able to request a new unlock token' do
+ user = create_user(:locked => true)
+ ActionMailer::Base.deliveries.clear
+
+ visit new_user_session_path
+ click_link 'Didn\'t receive unlock instructions?'
+
+ fill_in 'email', :with => user.email
+ click_button 'Resend unlock instructions'
+
+ assert_template 'sessions/new'
+ assert_contain 'You will receive an email with instructions about how to unlock your account in a few minutes'
+ assert_equal 1, ActionMailer::Base.deliveries.size
+ end
+
+ test 'unlocked user should not be able to request a unlock token' do
+ user = create_user(:locked => false)
+ ActionMailer::Base.deliveries.clear
+
+ visit new_user_session_path
+ click_link 'Didn\'t receive unlock instructions?'
+
+ fill_in 'email', :with => user.email
+ click_button 'Resend unlock instructions'
+
+ assert_template 'unlocks/new'
+ assert_contain 'not locked'
+ assert_equal 0, ActionMailer::Base.deliveries.size
+ end
+
+ test 'user with invalid unlock token should not be able to unlock an account' do
+ visit_user_unlock_with_token('invalid_token')
+
+ assert_response :success
+ assert_template 'unlocks/new'
+ assert_have_selector '#errorExplanation'
+ assert_contain /Unlock token(.*)invalid/
+ end
+
+ test "locked user should be able to unlock account" do
+ user = create_user(:locked => true)
+ assert user.locked?
+
+ visit_user_unlock_with_token(user.unlock_token)
+
+ assert_template 'home/index'
+ assert_contain 'Your account was successfully unlocked.'
+
+ assert_not user.reload.locked?
+ end
+
+ test "sign in user automatically after unlocking it's account" do
+ user = create_user(:locked => true)
+ visit_user_unlock_with_token(user.unlock_token)
+
+ assert warden.authenticated?(:user)
+ end
+
+ test "user should not be able to sign in when locked" do
+ user = sign_in_as_user(:locked => true)
+ assert_template 'sessions/new'
+ assert_contain 'Your account is locked.'
+ assert_not warden.authenticated?(:user)
+ end
+
+ test 'error message is configurable by resource name' do
+ store_translations :en, :devise => {
+ :sessions => { :admin => { :locked => "You are locked!" } }
+ } do
+ get new_admin_session_path(:locked => true)
+ assert_contain 'You are locked!'
+ end
+ end
+
+end
diff --git a/test/mailers/unlock_instructions_test.rb b/test/mailers/unlock_instructions_test.rb
new file mode 100644
index 00000000..0ec0557b
--- /dev/null
+++ b/test/mailers/unlock_instructions_test.rb
@@ -0,0 +1,62 @@
+require 'test/test_helper'
+
+class UnlockInstructionsTest < ActionMailer::TestCase
+
+ def setup
+ setup_mailer
+ DeviseMailer.sender = 'test@example.com'
+ end
+
+ def user
+ @user ||= begin
+ user = create_user
+ user.lock!
+ user
+ end
+ end
+
+ def mail
+ @mail ||= begin
+ user
+ ActionMailer::Base.deliveries.last
+ end
+ end
+
+ test 'email sent after locking the user' do
+ assert_not_nil mail
+ end
+
+ test 'content type should be set to html' do
+ assert_equal 'text/html', mail.content_type
+ end
+
+ test 'send unlock instructions to the user email' do
+ assert_equal [user.email], mail.to
+ end
+
+ test 'setup sender from configuration' do
+ assert_equal ['test@example.com'], mail.from
+ end
+
+ test 'setup subject from I18n' do
+ store_translations :en, :devise => { :mailer => { :unlock_instructions => 'Unlock instructions' } } do
+ assert_equal 'Unlock instructions', mail.subject
+ end
+ end
+
+ test 'subject namespaced by model' do
+ store_translations :en, :devise => { :mailer => { :user => { :unlock_instructions => 'User Unlock Instructions' } } } do
+ assert_equal 'User Unlock Instructions', mail.subject
+ end
+ end
+
+ test 'body should have user info' do
+ assert_match /#{user.email}/, mail.body
+ end
+
+ test 'body should have link to unlock the account' do
+ host = ActionMailer::Base.default_url_options[:host]
+ unlock_url_regexp = %r{}
+ assert_match unlock_url_regexp, mail.body
+ end
+end
diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb
new file mode 100644
index 00000000..0d516196
--- /dev/null
+++ b/test/models/lockable_test.rb
@@ -0,0 +1,202 @@
+require 'test/test_helper'
+
+class LockableTest < ActiveSupport::TestCase
+
+ def setup
+ setup_mailer
+ end
+
+ test "should increment failed attempts on unsuccessful authentication" do
+ user = create_user
+ assert_equal 0, user.failed_attempts
+ authenticated_user = User.authenticate(:email => user.email, :password => "anotherpassword")
+ assert_equal 1, user.reload.failed_attempts
+ end
+
+ test "should lock account base on maximum_attempts" do
+ user = create_user
+ attempts = Devise.maximum_attempts + 1
+ attempts.times { authenticated_user = User.authenticate(:email => user.email, :password => "anotherpassword") }
+ assert user.reload.locked?
+ end
+
+ test "should respect maximum attempts configuration" do
+ user = create_user
+ swap Devise, :maximum_attempts => 2 do
+ 3.times { authenticated_user = User.authenticate(:email => user.email, :password => "anotherpassword") }
+ assert user.reload.locked?
+ end
+ end
+
+ test "should clear failed_attempts on successfull sign in" do
+ user = create_user
+ User.authenticate(:email => user.email, :password => "anotherpassword")
+ assert_equal 1, user.reload.failed_attempts
+ User.authenticate(:email => user.email, :password => "123456")
+ assert_equal 0, user.reload.failed_attempts
+ end
+
+ test "should verify wheter a user is locked or not" do
+ user = create_user
+ assert_not user.locked?
+ user.lock!
+ assert user.locked?
+ end
+
+ test "active? should be the opposite of locked?" do
+ user = create_user
+ user.confirm!
+ assert user.active?
+ user.lock!
+ assert_not user.active?
+ end
+
+ test "should unlock an user by cleaning locked_at, falied_attempts and unlock_token" do
+ user = create_user
+ user.lock!
+ assert_not_nil user.reload.locked_at
+ assert_not_nil user.reload.unlock_token
+ user.unlock!
+ assert_nil user.reload.locked_at
+ assert_nil user.reload.unlock_token
+ assert 0, user.reload.failed_attempts
+ end
+
+ test 'should not unlcok an unlocked user' do
+ user = create_user
+ assert_not user.unlock!
+ assert_match /not locked/, user.errors[:email]
+ end
+
+ test "new user should not be locked and should have zero failed_attempts" do
+ assert_not new_user.locked?
+ assert_equal 0, create_user.failed_attempts
+ end
+
+ test "should unlock user after unlock_in period" do
+ swap Devise, :unlock_in => 3.hours do
+ user = new_user
+ user.locked_at = 2.hours.ago
+ assert user.locked?
+
+ Devise.unlock_in = 1.hour
+ assert_not user.locked?
+ end
+ end
+
+ test "should not unlock in 'unlock_in' if :time unlock strategy is not set" do
+ swap Devise, :unlock_strategy => :email do
+ user = new_user
+ user.locked_at = 2.hours.ago
+ assert user.locked?
+ end
+ end
+
+ test "should set unlock_token when locking" do
+ user = create_user
+ assert_nil user.unlock_token
+ user.lock!
+ assert_not_nil user.unlock_token
+ end
+
+ test 'should not regenerate unlock token if it already exists' do
+ user = create_user
+ user.lock!
+ 3.times do
+ token = user.unlock_token
+ user.resend_unlock!
+ assert_equal token, user.unlock_token
+ end
+ end
+
+ test "should never generate the same unlock token for different users" do
+ unlock_tokens = []
+ 3.times do
+ user = create_user
+ user.lock!
+ token = user.unlock_token
+ assert !unlock_tokens.include?(token)
+ unlock_tokens << token
+ end
+ end
+
+ test "should not generate unlock_token when :email is not an unlock strategy" do
+ swap Devise, :unlock_strategy => :time do
+ user = create_user
+ user.lock!
+ assert_nil user.unlock_token
+ end
+ end
+
+ test "should send email with unlock instructions when :email is an unlock strategy" do
+ swap Devise, :unlock_strategy => :email do
+ user = create_user
+ assert_email_sent do
+ user.lock!
+ end
+ end
+ end
+
+ test "should not send email with unlock instructions when :email is not an unlock strategy" do
+ swap Devise, :unlock_strategy => :time do
+ user = create_user
+ assert_email_not_sent do
+ user.lock!
+ end
+ end
+ end
+
+ test 'should find and unlock an user automatically' do
+ user = create_user
+ user.lock!
+ locked_user = User.unlock!(:unlock_token => user.unlock_token)
+ assert_equal locked_user, user
+ assert_not user.reload.locked?
+ end
+
+ test 'should return a new record with errors when a invalid token is given' do
+ locked_user = User.unlock!(:unlock_token => 'invalid_token')
+ assert locked_user.new_record?
+ assert_match /invalid/, locked_user.errors[:unlock_token]
+ end
+
+ test 'should return a new record with errors when a blank token is given' do
+ locked_user = User.unlock!(:unlock_token => '')
+ assert locked_user.new_record?
+ assert_match /blank/, locked_user.errors[:unlock_token]
+ end
+
+ test 'should authenticate a unlocked user' do
+ user = create_user
+ user.lock!
+ user.unlock!
+ authenticated_user = User.authenticate(:email => user.email, :password => user.password)
+ assert_equal authenticated_user, user
+ end
+
+ test 'should find a user to send unlock instructions' do
+ user = create_user
+ user.lock!
+ unlock_user = User.send_unlock_instructions(:email => user.email)
+ assert_equal unlock_user, user
+ end
+
+ test 'should return a new user if no email was found' do
+ unlock_user = User.send_unlock_instructions(:email => "invalid@email.com")
+ assert unlock_user.new_record?
+ end
+
+ test 'should add error to new user email if no email was found' do
+ unlock_user = User.send_unlock_instructions(:email => "invalid@email.com")
+ assert unlock_user.errors[:email]
+ assert_equal 'not found', unlock_user.errors[:email]
+ end
+
+ test 'should not be able to send instructions if the user is not locked' do
+ user = create_user
+ assert_not user.resend_unlock!
+ assert_not user.locked?
+ assert_equal 'not locked', user.errors[:email]
+ end
+
+end
\ No newline at end of file
diff --git a/test/models_test.rb b/test/models_test.rb
index 9286cf0c..9718dccd 100644
--- a/test/models_test.rb
+++ b/test/models_test.rb
@@ -24,6 +24,10 @@ class Timeoutable < User
devise :authenticatable, :timeoutable
end
+class Lockable < User
+ devise :authenticatable, :lockable
+end
+
class IsValidatable < User
devise :authenticatable, :validatable
end
@@ -33,7 +37,7 @@ class Devisable < User
end
class Exceptable < User
- devise :all, :except => [:recoverable, :rememberable, :validatable]
+ devise :all, :except => [:recoverable, :rememberable, :validatable, :lockable]
end
class Configurable < User
@@ -84,13 +88,17 @@ class ActiveRecordTest < ActiveSupport::TestCase
assert_include_modules Timeoutable, :authenticatable, :timeoutable
end
+ test 'add lockable module only' do
+ assert_include_modules Lockable, :authenticatable, :lockable
+ end
+
test 'add validatable module only' do
assert_include_modules IsValidatable, :authenticatable, :validatable
end
test 'add all modules' do
assert_include_modules Devisable,
- :authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable
+ :authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable, :lockable
end
test 'configure modules with except option' do
diff --git a/test/orm/active_record.rb b/test/orm/active_record.rb
index 79ff1b99..0a681ac7 100644
--- a/test/orm/active_record.rb
+++ b/test/orm/active_record.rb
@@ -16,6 +16,7 @@ ActiveRecord::Schema.define(:version => 1) do
t.recoverable
t.rememberable
t.trackable
+ t.lockable
end
t.timestamps
diff --git a/test/rails_app/app/active_record/admin.rb b/test/rails_app/app/active_record/admin.rb
index df67d149..b700b0b8 100644
--- a/test/rails_app/app/active_record/admin.rb
+++ b/test/rails_app/app/active_record/admin.rb
@@ -1,5 +1,5 @@
class Admin < ActiveRecord::Base
- devise :all, :timeoutable, :except => [:recoverable, :confirmable, :rememberable, :validatable, :trackable]
+ devise :all, :timeoutable, :except => [:recoverable, :confirmable, :rememberable, :validatable, :trackable, :lockable]
def self.find_for_authentication(conditions)
last(:conditions => conditions)
diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb
index 75778c04..bd4bf61d 100644
--- a/test/rails_app/config/initializers/devise.rb
+++ b/test/rails_app/config/initializers/devise.rb
@@ -8,7 +8,7 @@ Devise.setup do |config|
# Remember that Devise includes other modules on its own (like :activatable
# and :timeoutable) which are not included here and also plugins. So be sure
# to check the docs for a complete set.
- config.all = [:authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable]
+ config.all = [:authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable, :lockable]
# Invoke `rake secret` and use the printed value to setup a pepper to generate
# the encrypted password. By default no pepper is used.
@@ -54,6 +54,18 @@ Devise.setup do |config|
# are using only default views.
# config.scoped_views = true
+ # Number of authentication tries before locking an account.
+ # config.maximum_attempts = 5
+
+ # Defines which strategy will be used to unlock an account.
+ # :email = Sends an unlock link to the user email
+ # :time = Reanables login after a certain ammount of time (see :unlock_in below)
+ # :both = enables both strategies
+ # config.unlock_strategy = :both
+
+ # Time interval to unlock the account if :time is enabled as unlock_strategy.
+ # config.unlock_in = 1.hour
+
# If you want to use other strategies, that are not (yet) supported by Devise,
# you can configure them inside the config.warden block. The example below
# allows you to setup OAuth, using http://github.com/roman/warden_oauth
diff --git a/test/support/integration_tests_helper.rb b/test/support/integration_tests_helper.rb
index 0debb78b..6f747785 100644
--- a/test/support/integration_tests_helper.rb
+++ b/test/support/integration_tests_helper.rb
@@ -10,6 +10,7 @@ class ActionController::IntegrationTest
:email => 'user@test.com', :password => '123456', :password_confirmation => '123456', :created_at => Time.now.utc
)
user.confirm! unless options[:confirm] == false
+ user.lock! if options[:locked] == true
user
end
end