+ last_attempt

+ @@last_attempt_warning + last_attempt? method; * send :last_attempt key if it is the last attempt + test for last attempt * update test to make two asserts * update message
2013-10-12 02:22:43 +03:00 · 2013-10-12 02:22:43 +03:00 · e20e446cf4
parent e947a9cbec
commit e20e446cf4
4 changed files with 24 additions and 0 deletions
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -11,6 +11,7 @@ en:
      inactive: "Your account is not activated yet."
      invalid: "Invalid email or password."
      locked: "Your account is locked."
+      last_attempt: "You have one more attempt before your account will be locked'"
      not_found_in_database: "Invalid email or password."
      timeout: "Your session expired. Please sign in again to continue."
      unauthenticated: "You need to sign in or sign up before continuing."
--- a/lib/devise.rb
+++ b/lib/devise.rb
@ -268,6 +268,10 @@ module Devise
  mattr_accessor :paranoid
  @@paranoid = false

+  # When true, warn user if he just used next-to-last attempt of authentication
+  mattr_accessor :last_attempt_warning
+  @@last_attempt_warning = false
+
  # Stores the token generator
  mattr_accessor :token_generator
  @@token_generator = nil
--- a/lib/devise/models/lockable.rb
+++ b/lib/devise/models/lockable.rb
@ -112,6 +112,8 @@ module Devise
        # leaks the existence of an account.
        if Devise.paranoid
          super
+        elsif lock_strategy_enabled?(:failed_attempts) && last_attempt?
+          :last_attempt
        elsif lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?
          :locked
        else
@ -125,6 +127,10 @@ module Devise
          self.failed_attempts > self.class.maximum_attempts
        end

+        def last_attempt?
+          self.failed_attempts == self.class.maximum_attempts - 1
+        end
+
        # Tells if the lock is expired if :time unlock strategy is active
        def lock_expired?
          if unlock_strategy_enabled?(:time)
--- a/test/models/lockable_test.rb
+++ b/test/models/lockable_test.rb
@ -279,4 +279,17 @@ class LockableTest < ActiveSupport::TestCase
      assert_equal :invalid, user.unauthenticated_message
    end
  end
+
+  test 'should return last attempt message if user made next-to-last attempt of password entering' do
+    swap Devise, :last_attempt_warning => :true do
+      swap Devise, :lock_strategy => :failed_attempts do
+        user = create_user
+        user.failed_attempts = Devise.maximum_attempts - 2
+        assert_equal :invalid, user.unauthenticated_message
+
+        user.failed_attempts = Devise.maximum_attempts - 1
+        assert_equal :last_attempt, user.unauthenticated_message
+      end
+    end
+  end
 end