Project

devise_hacker_tracker

0.0
Repository is archived
No commit activity in last 3 years
No release in over 3 years
devise_hacker_trackerabletech/devise_hacker_trackerHomepageDocumentationSource CodeBug TrackerWiki
Track failed attempts to sign in through devise to allow for increased security measures, such as locking sign in after failed attempts on several accounts from a single IP address.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
4,928
Stars
1
Forks
2
Watchers
13
 Releases
Current version
0.1.0
Total releases
1
First release
2015-07-02
Latest release
2015-07-02
 Issues
Open Issues
1
Closed Issues
0
Total Issues
1
Issue Closure Rate
0%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2015-07-01
Reverse Dependencies
0

 Dependencies

Development

bundler
~> 1.10
byebug
~> 5
database_cleaner
~> 1.4
factory_girl
~> 4.5
rake
~> 10.0
rspec
~> 3.3
sqlite3
~> 1.3

Runtime

devise
>= 3.4.1
rails
~> 4.2.0
 Project Readme

DeviseHackerTracker

Track failed attempts to sign in through devise.

This can allow for increased security measures, such as locking sign in after multiple failed attempts on different accounts from a single IP address.

Requirements

  • Devise: follow the setup from their page here

Installation

Add this line to your application's Gemfile:

gem 'devise_hacker_tracker'

And then execute:

$ bundle install

Usage

To setup the gem and generate the relevant config additions and migrations, run:

$ rails generate devise_hacker_tracker sign_in_failures
  • To change the name of the database table storing the failed sign in attempts, replace sign_in_failures with your preferred name
  • To use uuid as the index for the sign_in_failures table, add the flag --enable-uuid

The generator will create the following new files

  • db/migrate/devise_create_sign_in_failures.rb
  • config/locales/devise_hacker_tracker.en.yml

and also add some configuration options to config/initializers/devise.rb.

Create the new sign_in_failures database table by running:

$ rake db:migrate

You can then prevent a user from signing in, if they have made too many attempts at different accounts, by adding the following code to your Devise sessions controller (you may need to create this controller if you haven't already. Follow the devise explanation here). You can change the flash message and redirection path as appropriate for your application.

class SessionsController < Devise::SessionsController

  def create
    if HackerTracker.hacker?(request.remote_ip)
      set_flash_message :alert, :ip_blocked
      redirect_to new_user_session_path
    else
      super
    end
  end

end

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/AbleTech/devise_hacker_tracker.

License

The gem is available as open source under the terms of the MIT License.