Allow disabling brute force prevention

pull/240/head
Michael Frister 11 years ago committed by Michael Frister
parent 536cbc5cc1
commit 19155db133
  1. 5
      app/models/user.rb
  2. 6
      features/users/brute_force_prevention.feature

@ -225,7 +225,9 @@ class User < Principal
end
unless prevent_brute_force_attack(result, login).nil?
user.update_attribute(:last_login_on, Time.now) if user && !user.new_record?
return user
# don't let brute force prevention allow a user access that was
# denied earlier
return user if result
end
nil
end
@ -353,6 +355,7 @@ class User < Principal
#
def failed_too_many_recent_login_attempts?
block_threshold = Setting.brute_force_block_after_failed_logins.to_i
return false if block_threshold == 0 # disabled
return (last_failed_login_within_block_time? and
self.failed_login_count >= block_threshold)
end

@ -33,3 +33,9 @@ Feature: Prevent brute force attacks
And I try to log in with user "bob"
Then I should see "Bob Bobbit"
Scenario: Brute force prevention is disabled
Given users are blocked for 5 minutes after 0 failed login attempts
When I try to log in with user "bob" and a wrong password
Then I should not see "Bob Bobbit"
When I try to log in with user "bob"
Then I should see "Bob Bobbit"

Loading…
Cancel
Save