I want to implement the user lockable functionality for an app which uses Ember-cli as a front-end and Rails using grape-api as a back-end. I used ember-simple-auth and devise gem for user management.
The problem is, the user model on the rails side does not get updated for the invalid login attempts and the devise lockable is not working.
The login functionality is working properly.
Rails: 4.2.5, Ember-cli: 2.4.5, Ember-simple-auth: 1.1.0-beta.5
Ember:
login.js
import Ember from 'ember';
const { service } = Ember.inject;
export default Ember.Component.extend({
session: service('session'),
actions: {
authenticate() {
let { identification, password } = this.getProperties('identification', 'password');
return this.get('session').authenticate('authenticator:devise', identification, password).catch((reason) => {
this.set('errorMessage',reason.error);
console.log(reason.error.message);
});
}
}
});
Rails:
model/user.rb
...
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:confirmable, :lockable
...
db/migration.rb
Have include Lockable attributes in devise user migration
...
## Lockable
t.integer :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
t.string :unlock_token # Only if unlock strategy is :email or :both
t.datetime :locked_at
...
config/initializers/devise.rb
==> Configuration for :lockable
...
config.lock_strategy = :failed_attempts
config.unlock_strategy = :email
config.maximum_attempts = 3
config.last_attempt_warning = true
...
user_api.rb
...
post "sign_in" do
email = params[:user][:email]
password = params[:user][:password]
user = User.find_by(email: email.downcase)
if !user.valid_password?(password)
error!({ error: { status_code: 401, message: "Invalid password"}},401)
return
else
user.ensure_authentication_token
user.save
{token: user.authentication_token, email: user.email, name: user.name}
end
end
...
Aucun commentaire:
Enregistrer un commentaire