[Proposal] Allow configuring default strategy stored in database on fail
alexsoble opened this issue · comments
Hey there @ankane! I've been evaluating authtrail for use in an open-source product for schools, https://github.com/studentinsights/studentinsights.
Our app uses a custom Devise strategy we're calling "ldap_authenticatable_tiny" instead of the default "database_authenticatable" strategy.
One issue I noticed while testing out authtrail is that when a user fails a login attempt, that login activity is always stored with a strategy of "database_authenticatable", whether or not that was the actual strategy used. Here's the relevant line of code: https://github.com/ankane/authtrail/blob/master/lib/auth_trail/manager.rb#L32.
I looked through the code and saw that in the Warden::Manager.before_failure
callback, Warden doesn't pass in enough information to let us know what strategy is used. That makes me think "database_authenticatable" is being used as a generic default.
Would you be open to a pull request that allows a developer installing authtrail to configure which string they'd like to pass in as a default for the "strategy" column on failed LoginActivity records? In the case of my app, I'd like to pass in "ldap_authenticatable_tiny". That will help keep our LoginActivity table correct and sensible, since it wouldn't make sense to fill the table with failed logins using a strategy we don't support.
If this would be a welcome PR, I'd want to take a pass at it. Thanks!
Hey @alexsoble, it looks like env["warden"]
has info on default strategies. I think we can use that to populate the field.
@ankane Good catch! Looking into it now.