【发布时间】:2019-07-19 09:50:51
【问题描述】:
我正在尝试限制每个 ip 的失败登录尝试。
我有以下几点:
def validate(email, context)
attempt = insert_into_attempts(email, context)
return nil unless allow_login_by_ip(context.ip_address)
flag_successful_attempt(attempt, context.ip_address)
load_data
end
def allow_login_by_ip(ip_address)
limit = LoginLimits.new(ip_address).limit
last_5_attempts = AuthenticationAttempt.select("id","successful").where(ip: ip_address).last(5)
last_5_attempts.include?("true")
end
def insert_into_attempts(email, context)
attempt = AuthenticationAttempt.new(
:email => email,
:ip => context.ip_address)
attempt.save
end
def flag_successful_attempt(attempt, ip_address)
AuthenticationAttempt.where(ip: ip_address).last.update(successful: '1')
end
我遇到的问题是它总是返回fasle。我一定是错误地搜索了array,但我不知道为什么。 last_5_attempts 是:
#<AuthenticationAttempt id: 1, successful: false>,
#<AuthenticationAttempt id: 2, successful: false>,
#<AuthenticationAttempt id: 3, successful: true>,
#<AuthenticationAttempt id: 4, successful: false>,
#<AuthenticationAttempt id: 5, successful: false>]
【问题讨论】:
-
您可能需要考虑使用
rack-attackgem 而不是自己实现此功能。
标签: sql ruby-on-rails arrays ruby activerecord