Double devise failed attempts

Due to devise-two-factor/devise-two-factor#28, devise doubles the count stored in the failed_attempts column when 2FA is enabled. In this commit we are doubling the value set in devise_maximum_attempts in CheckConfig, so that devise always doubles it, at least until the issue referred to above is fixed
meedan · Feb 8, 2024 · b97c8db · b97c8db
1 parent fdbabff
commit b97c8db
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
@@ -54,7 +54,7 @@ def http_auth_body
   config.lock_strategy = :failed_attempts
   config.unlock_strategy = :time
   config.unlock_keys = [ :time ]
-  config.maximum_attempts = CheckConfig.get('devise_maximum_attempts', 5)
+  config.maximum_attempts = CheckConfig.get('devise_maximum_attempts', 5) * 2
   config.unlock_in = CheckConfig.get('devise_unlock_accounts_after', 1).hour
 end