diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 885571d88..6c899aff2 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -85,9 +85,6 @@ class ApplicationController < ActionController::Base # return auth ok if message == '' - # remember last login - userdata.update_last_login - # set basic auth user to current user current_user_set(userdata) return { diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 9475698a2..64ed4fcce 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -15,9 +15,6 @@ class SessionsController < ApplicationController return end - # remember last login date - user.update_last_login() - # auto population of default collections default_collection = SessionHelper::default_collections(user) @@ -125,7 +122,7 @@ class SessionsController < ApplicationController end # remember last login date - authorization.user.update_last_login() + authorization.user.update_last_login # Log the authorizing user in. session[:user_id] = authorization.user.id diff --git a/app/models/user.rb b/app/models/user.rb index 36077928d..6bb544842 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -51,8 +51,9 @@ class User < ApplicationModel end # check failed logins - if user -# return if user.faild_login > 10 + max_login_failed = Setting.get('password_max_login_failed') || 10 + if user && user.login_failed > max_login_failed + return false end # use auth backends @@ -80,18 +81,20 @@ class User < ApplicationModel # auth ok if user_auth - # update last login - + # remember last login date + user.update_last_login # reset login failed - + user.login_failed = 0 + user.save return user_auth end } # set login failed +1 - + user.login_failed = user.login_failed + 1 + user.save # auth failed sleep 1