Wrong attempts not being saved
FanaHOVA opened this issue · comments
Logging of successful logins is working as expected, but none of the wrong password attempts are being saved. Running authtrail 0.1.3
with devise 4.5.0
(And devise-two-factor
) on 5.2.0.
Am I missing something? Only thing I've changed from the default config is disabling geocoding.
Hey @FanaHOVA, what are you seeing in your logs after a wrong password entry? Does it work without devise-two-factor?
@ankane nothing out of the ordinary, it POSTs to /users/sign_in
and redirects with a 302. I'm guessing the failures aren't registered because I had to override the Users::SessionsController
and the before_failure
Warden hook doesn't run with devise-two-factor
. The fix should be made on that gem, I think Authtrail is pretty consistent. Is there a way for me to manually trigger a Authtrail failure?
P.S. I've also noticed that in the source you default to database_authenticatable
as a strategy, but we actually use two_factor_authenticatable
. I'll see if the Warden env
carries that through and it can be fetched from there.
If Warden's before_failure
isn't being called, that's why failures aren't being saved. You can call AuthTrail.track
manually if needed.
Re strategies: database_authenticatable
is only used if no other strategy can be detected.
authtrail/lib/auth_trail/manager.rb
Line 39 in 04b6272