| ... | ... | @@ -93,10 +93,6 @@ Devise.setup do |config| |
|
|
|
# If true, extends the user's remember period when remembered via cookie.
|
|
|
|
# config.extend_remember_period = false
|
|
|
|
|
|
|
|
# If true, uses the password salt as remember token. This should be turned
|
|
|
|
# to false if you are not using database authenticatable.
|
|
|
|
config.use_salt_as_remember_token = true
|
|
|
|
|
|
|
|
# Options to be passed to the created cookie. For instance, you can set
|
|
|
|
# :secure => true in order to force SSL only cookies.
|
|
|
|
# config.cookie_options = {}
|
| ... | ... | @@ -119,7 +115,7 @@ Devise.setup do |config| |
|
|
|
# Defines which strategy will be used to lock an account.
|
|
|
|
# :failed_attempts = Locks an account after a number of failed attempts to sign in.
|
|
|
|
# :none = No lock strategy. You should handle locking by yourself.
|
|
|
|
# config.lock_strategy = :failed_attempts
|
|
|
|
config.lock_strategy = :failed_attempts
|
|
|
|
|
|
|
|
# Defines which key will be used when locking and unlocking an account
|
|
|
|
# config.unlock_keys = [ :email ]
|
| ... | ... | @@ -129,14 +125,14 @@ Devise.setup do |config| |
|
|
|
# :time = Re-enables login after a certain amount of time (see :unlock_in below)
|
|
|
|
# :both = Enables both strategies
|
|
|
|
# :none = No unlock strategy. You should handle unlocking by yourself.
|
|
|
|
# config.unlock_strategy = :both
|
|
|
|
config.unlock_strategy = :time
|
|
|
|
|
|
|
|
# Number of authentication tries before locking an account if lock_strategy
|
|
|
|
# is failed attempts.
|
|
|
|
# config.maximum_attempts = 20
|
|
|
|
config.maximum_attempts = 10
|
|
|
|
|
|
|
|
# Time interval to unlock the account if :time is enabled as unlock_strategy.
|
|
|
|
# config.unlock_in = 1.hour
|
|
|
|
config.unlock_in = 10.minutes
|
|
|
|
|
|
|
|
# ==> Configuration for :recoverable
|
|
|
|
#
|
| ... | ... | @@ -160,9 +156,9 @@ Devise.setup do |config| |
|
|
|
# Defines name of the authentication token params key
|
|
|
|
config.token_authentication_key = :private_token
|
|
|
|
|
|
|
|
# If true, authentication through token does not store user in session and needs
|
|
|
|
# Authentication through token does not store user in session and needs
|
|
|
|
# to be supplied on each request. Useful if you are using the token as API token.
|
|
|
|
config.stateless_token = true
|
|
|
|
config.skip_session_storage << :token_auth
|
|
|
|
|
|
|
|
# ==> Scopes configuration
|
|
|
|
# Turn scoped views on. Before rendering "sessions/new", it will first check for
|
| ... | ... | |
| ... | ... | |