c_meyer/thingspeak
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases Wiki Activity
master
thingspeak/app/controllers/sessions_controller.rb
Lee Lawlor 774543e678 update authentication system to Devise
2014-03-13 19:16:35 -04:00

33 lines
797 B
Ruby
Raw Permalink Blame History

class SessionsController < Devise::SessionsController
after_filter :log_failed_login, :only => :new
# don't modify default devise controllers
def create; super; end
def new; super; end
private
# logs failed login attempts
def log_failed_login
if failed_login?
# log to failedlogins
failed = Failedlogin.new
failed.login = params['user']['login']
failed.password = params['user']['password']
failed.ip_address = get_header_value('X_REAL_IP')
failed.save
# prevent timing and brute force password attacks
sleep 1
end
end
# true if a login fails
def failed_login?
options = env["warden.options"]
return (options.present? && options[:action] == "unauthenticated")
end
end
Reference in New Issue View Git Blame Copy Permalink