ruby 器械可锁定设置不起作用(使用Docker)

bq8i3lrv  于 2023-01-01  发布在  Ruby
关注(0)|答案(2)|浏览(119)

我是初级开发人员。我已经开始了我的第一份工作最近,我不得不imprement帐户锁定后,几次失败的登录尝试。
Devise已经在项目中实现了。我已经在我的用户模型上设置了使用Devise可锁定。
在特定时间内输入错误的凭据后,帐户仍处于活动状态,并且不会记录failed_attemps。
我已经遵循了这个指南HERE(https://stackoverflow.com/questions/23147889/lockable-is-not-working-in-devise)。
我一直在阅读Devise文档和各种StackOverflow问题和答案,但我无法修复我的问题。
以下是我当前的设置:
devise.rb

# ==> Configuration for :lockable
  # Defines which strategy will be used to lock an account.
  # :failed_attempts = Locks an account after a number of failed attempts to sign in.
  # :none            = No lock strategy. You should handle locking by yourself.
  config.lock_strategy = :failed_attempts

  # Defines which strategy will be used to unlock an account.
  # :email = Sends an unlock link to the user email
  # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
  # :both  = Enables both strategies
  # :none  = No unlock strategy. You should handle unlocking by yourself.
  # config.unlock_strategy = :both
  config.unlock_strategy = :time

  # Number of authentication tries before locking an account if lock_strategy
  # is failed attempts.
  # config.maximum_attempts = 20
  config.maximum_attempts = 5

  # Time interval to unlock the account if :time is enabled as unlock_strategy.
  config.unlock_in = 1.hour

user.rb

class User < ActiveRecord::Base
  devise :invitable, :rememberable, :database_authenticatable, :registerable,
         :recoverable, :trackable, :validatable,
         :authentication_keys => [:login], :reset_password_keys => [:login],
         :cookie_domain => :all
         :lockable

xxxxxx_添加可锁定到用户.rb

class AddLockableToUser < ActiveRecord::Migration
  def self.up
    add_column :users, :locked_at, :datetime
    add_column :users, :failed_attempts, :integer, default: 0, null: false

    execute("UPDATE users SET confirmed_at = NOW()")
  end

  def self.down
    remove_column :users, :failed_attempts
    remove_column :users, :locked_at
  end
end

rails控制台错误消息

irb(main):006:0> User.first.respond_to? :failed_attempts
=> true
irb(main):007:0> User.last.valid_for_authentication?
=> true
irb(main):008:0> User.last.access_locked?
NoMethodError: undefined method `access_locked?' for #<User:0x0000000d2a4a10>
        from /usr/local/bundle/gems/activemodel-3.0.20/lib/active_model/attribute_methods.rb:392:in `method_missing'
        from /usr/local/bundle/gems/activerecord-3.0.20/lib/active_record/attribute_methods.rb:46:in `method_missing'
        from (irb):8
        from /usr/local/bundle/gems/railties-3.0.20/lib/rails/commands/console.rb:44:in `start'
        from /usr/local/bundle/gems/railties-3.0.20/lib/rails/commands/console.rb:8:in `start'
        from /usr/local/bundle/gems/railties-3.0.20/lib/rails/commands.rb:23:in `<top (required)>'
        from script/rails:6:in `require'
        from script/rails:6:in `<main>'

我已经在我的模型文件夹中添加了可锁定的.rb,即使我不认为这是必要的(是吗?)

require "devise/hooks/lockable"

module Devise
  module Models
    # Handles blocking a user access after a certain number of attempts.
    # Lockable accepts two different strategies to unlock a user after it's
    # blocked: email and time. The former will send an email to the user when
    # the lock happens, containing a link to unlock it's account. The second
    # will unlock the user automatically after some configured time (ie 2.hours).
    # It's also possible to setup lockable to use both email and time strategies.
    #
    # == Options
    #
    # Lockable adds the following options to devise_for:
    #
    #   * +maximum_attempts+: how many attempts should be accepted before blocking the user.
    #   * +lock_strategy+: lock the user account by :failed_attempts or :none.
    #   * +unlock_strategy+: unlock the user account by :time, :email, :both or :none.
    #   * +unlock_in+: the time you want to lock the user after to lock happens. Only available when unlock_strategy is :time or :both.
    #   * +unlock_keys+: the keys you want to use when locking and unlocking an account
    #
    module Lockable
      extend  ActiveSupport::Concern

      delegate :lock_strategy_enabled?, :unlock_strategy_enabled?, :to => "self.class"

      # Lock a user setting it's locked_at to actual time.
      def lock_access!
        self.locked_at = Time.now

        if unlock_strategy_enabled?(:email)
          generate_unlock_token
          send_unlock_instructions
        end

        save(:validate => false)
      end

      # Unlock a user by cleaning locket_at and failed_attempts.
      def unlock_access!
        self.locked_at = nil
        self.failed_attempts = 0 if respond_to?(:failed_attempts=)
        self.unlock_token = nil  if respond_to?(:unlock_token=)
        save(:validate => false)
      end

      # Verifies whether a user is locked or not.
      def access_locked?
        !!locked_at && !lock_expired?
      end

      # Send unlock instructions by email
      def send_unlock_instructions
        ::Devise.mailer.unlock_instructions(self).deliver
      end

      # Resend the unlock instructions if the user is locked.
      def resend_unlock_token
        if_access_locked { send_unlock_instructions }
      end

      # Overwrites active? from Devise::Models::Activatable for locking purposes
      # by verifying whether a user is active to sign in or not based on locked?
      def active?
        super && !access_locked?
      end

      # Overwrites invalid_message from Devise::Models::Authenticatable to define
      # the correct reason for blocking the sign in.
      def inactive_message
        access_locked? ? :locked : super
      end

      # Overwrites valid_for_authentication? from Devise::Models::Authenticatable
      # for verifying whether a user is allowed to sign in or not. If the user
      # is locked, it should never be allowed.
      def valid_for_authentication?
        puts "mark 1"
        return super unless persisted? && lock_strategy_enabled?(:failed_attempts)
        puts "mark 2"

        # Unlock the user if the lock is expired, no matter
        # if the user can login or not (wrong password, etc)
        unlock_access! if lock_expired?

        case (result = super)
        when Symbol
          return result
        when TrueClass
          self.failed_attempts = 0
          save(:validate => false)
        when FalseClass
          # PostgreSQL uses nil as the default value for integer columns set to 0
          self.failed_attempts ||= 0
          self.failed_attempts += 1
          if attempts_exceeded?
            lock_access!
            return :locked
          else
            save(:validate => false)
          end
        end

        result
      end

      protected

        def attempts_exceeded?
          self.failed_attempts > self.class.maximum_attempts
        end

        # Generates unlock token
        def generate_unlock_token
          self.unlock_token = self.class.unlock_token
        end

        # Tells if the lock is expired if :time unlock strategy is active
        def lock_expired?
          if unlock_strategy_enabled?(:time)
            locked_at && locked_at < self.class.unlock_in.ago
          else
            false
          end
        end

        # Checks whether the record is locked or not, yielding to the block
        # if it's locked, otherwise adds an error to email.
        def if_access_locked
          if access_locked?
            yield
          else
            self.errors.add(:email, :not_locked)
            false
          end
        end

      module ClassMethods
        # Attempt to find a user by it's email. If a record is found, send new
        # unlock instructions to it. If not user is found, returns a new user
        # with an email not found error.
        # Options must contain the user email
        def send_unlock_instructions(attributes={})
         lockable = find_or_initialize_with_errors(unlock_keys, attributes, :not_found)
         lockable.resend_unlock_token if lockable.persisted?
         lockable
        end

        # Find a user by it's unlock token and try to unlock it.
        # If no user is found, returns a new user with an error.
        # If the user is not locked, creates an error for the user
        # Options must have the unlock_token
        def unlock_access_by_token(unlock_token)
          lockable = find_or_initialize_with_error_by(:unlock_token, unlock_token)
          lockable.unlock_access! if lockable.persisted?
          lockable
        end

        # Is the unlock enabled for the given unlock strategy?
        def unlock_strategy_enabled?(strategy)
          [:both, strategy].include?(self.unlock_strategy)
        end

        # Is the lock enabled for the given lock strategy?
        def lock_strategy_enabled?(strategy)
          self.lock_strategy == strategy
        end

        def unlock_token
          Devise.friendly_token
        end

        Devise::Models.config(self, :maximum_attempts, :lock_strategy, :unlock_strategy, :unlock_in, :unlock_keys)
      end
    end
  end
end

如果有人能帮助指导我完成设置,我将非常感谢您的帮助。抱歉,如果这个问题是多余的或不清楚。
先谢谢你的帮助。

ee7vknir

ee7vknir1#

通过将:locked_at, :failed_attempts添加到user.rb中的attr_accessible,我的问题现已得到解决

attr_accessible :account_name, :account_id, :email, :username, :password, :password_confirmation, :loginable_token, [...] :locked_at, :failed_attempts
yeotifhr

yeotifhr2#

您是否尝试将可锁定装置移到前面:

devise :lockable,:invitable, :rememberable, :database_authenticatable, 
         :registerable,
         :recoverable, :trackable, :validatable,
         :authentication_keys => [:login], :reset_password_keys => [:login],
         :cookie_domain => :all

相关问题