Logging of successful logins is working as expected, but none of the wrong password attempts are being saved. Running authtrail 0.1.3 with devise 4.5.0 (And devise-two-factor) on 5.2.0.

Am I missing something? Only thing I've changed from the default config is disabling geocoding.

Hey @FanaHOVA, what are you seeing in your logs after a wrong password entry? Does it work without devise-two-factor?

@ankane nothing out of the ordinary, it POSTs to /users/sign_in and redirects with a 302. I'm guessing the failures aren't registered because I had to override the Users::SessionsController and the before_failure Warden hook doesn't run with devise-two-factor. The fix should be made on that gem, I think Authtrail is pretty consistent. Is there a way for me to manually trigger a Authtrail failure?

P.S. I've also noticed that in the source you default to database_authenticatable as a strategy, but we actually use two_factor_authenticatable. I'll see if the Warden env carries that through and it can be fetched from there.

If Warden's before_failure isn't being called, that's why failures aren't being saved. You can call AuthTrail.track manually if needed.

Re strategies: database_authenticatable is only used if no other strategy can be detected.