• Sean McGivern's avatar
    Restrict failed login attempts for users with 2FA · 194fbc3c
    Sean McGivern authored
    Copy logic from `Devise::Models::Lockable#valid_for_authentication?`, as
    our custom login flow with two pages doesn't call this method. This will
    increment the failed login counter, and lock the user's account once
    they exceed the number of failed attempts.
    
    Also ensure that users who are locked can't continue to submit 2FA
    codes.
    194fbc3c
sessions_controller_spec.rb 7.08 KB