在* X登录失败后，Devise会添加验证码登录页面* [英] Devise add captcha to login page *after* X failed logins

问题描述

我想在之后的Devise登录表单中实施一个验证码，X失败的登录尝试（说3）

I would like to implement a captcha inside my Devise login form after, X failed login attempts ( say 3 )

有没有人试过这个？
我唯一的想法是在会话中存储失败的尝试，然后在X失败的尝试后，视图登录页面将与验证码补充

Has anyone attempted this? The only idea I have is storing the failed attempts in a session, then after X failed attempts the view login page would be complemented with the captcha

这是不是故障安全：

• 用户可以重置会话


• 也许会话不起作用，这使得这个想法无用的。

有没有一个很好的方法来做这个Devise？

Is there a good solid way to do this with Devise?

推荐答案

您可以将缓存存储区中给定用户ID的尝试次数存储（甚至根据您站点流量的大小而定）。然后在X次尝试之后，根据用户的电子邮件地址呈现部分。

You could store the number of attempts for a given user ID in a cache store (or even persist, depending on the volume of traffic to your site). Then after X number of attempts, render that partial based on the user's email address.

您可以通过执行视图或控制器将其绑定在一起，如果键/值对是为给定的用户ID /电子邮件地址设置的。如果是，并且它大于阈值，则显示验证码。

You would tie it together by doing a check in view or controller for if a key/value pair is set for a given user ID / email address. If it is and it's greater than your threshold, show the captcha.

这篇关于在* X登录失败后，Devise会添加验证码登录页面*的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！