Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # this works very nicely
- def self.authenticate(email, password)
- user = self.find_by_email(email)
- locked_for_x_seconds = 0
- if user && user.account_locked_until && Time.now < user.account_locked_until
- locked_for_x_seconds = (user.account_locked_until - Time.now).round
- user = nil
- end
- if user
- expected_password = encrypted_password(password, user.salt)
- unless user.hashed_password == expected_password
- user.login_attempts += 1
- if(user.login_attempts >= 5)
- user.account_locked_until = Time.now + 30.seconds
- user.login_attempts = 0
- end
- user.save!
- user = nil
- else
- user.login_attempts = 0
- user.account_locked_until = nil
- user.save!
- end
- end
- user ||= locked_for_x_seconds
- end
Add Comment
Please, Sign In to add comment
