- Maximum attempts changed from 5 to 20

- Lockable is not turned on by default
- Fixed lockable incompatibilities with latest commits

CHANGELOG.rdoc

@@ -1,5 +1,6 @@
 * enhancements
   * Move salt to encryptors
+  * Devise::Lockable
 
 * bug fix
   * Bcrypt generator was not being loaded neither setting the proper salt
@@ -29,7 +30,6 @@
 * enhancements
   * Extract Activatable from Confirmable
   * Decouple Serializers from Devise modules
-  * Devise::Lockable
 
 == 0.7.3
 

generators/devise_install/templates/devise.rb

@@ -8,7 +8,7 @@ Devise.setup do |config|
   # Remember that Devise includes other modules on its own (like :activatable
   # and :timeoutable) which are not included here and also plugins. So be sure
   # to check the docs for a complete set.
-  config.all = [:authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable, :lockable]
+  config.all = [:authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable]
 
   # Configure the e-mail address which will be shown in DeviseMailer.
   config.mailer_sender = "please-change-me@config-initializers-devise.com"
@@ -55,7 +55,7 @@ Devise.setup do |config|
   # config.scoped_views = true
 
   # Number of authentication tries before locking an account.
-  # config.maximum_attempts = 5
+  # config.maximum_attempts = 20
 
   # Defines which strategy will be used to unlock an account.
   # :email = Sends an unlock link to the user email

lib/devise.rb

@@ -109,7 +109,7 @@ module Devise
 
   # Number of authentication tries before locking an account
   mattr_accessor :maximum_attempts
-  @@maximum_attempts = 5
+  @@maximum_attempts = 20
 
   # Defines which strategy can be used to unlock an account.
   # Values: :email, :time, :both

lib/devise/models.rb

@@ -9,6 +9,7 @@ module Devise
     autoload :Timeoutable, 'devise/models/timeoutable' 
     autoload :Trackable, 'devise/models/trackable' 
     autoload :Validatable, 'devise/models/validatable' 
+    autoload :Lockable, 'devise/models/lockable'
 
     # Creates configuration values for Devise and for the given module.
     #

test/mailers/unlock_instructions_test.rb

@@ -4,7 +4,7 @@ class UnlockInstructionsTest < ActionMailer::TestCase
 
   def setup
     setup_mailer
-    DeviseMailer.sender = 'test@example.com'
+    Devise.mailer_sender = 'test@example.com'
   end
 
   def user

test/models_test.rb

@@ -98,7 +98,7 @@ class ActiveRecordTest < ActiveSupport::TestCase
 
   test 'add all modules' do
     assert_include_modules Devisable,
-      :authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable, :lockable
+      :authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable
   end
 
   test 'configure modules with except option' do

test/rails_app/app/active_record/user.rb

@@ -1,4 +1,4 @@
 class User < ActiveRecord::Base
-  devise :all, :timeoutable
+  devise :all, :timeoutable, :lockable
   attr_accessible :username, :email, :password, :password_confirmation
 end

test/rails_app/config/initializers/devise.rb

@@ -8,7 +8,7 @@ Devise.setup do |config|
   # Remember that Devise includes other modules on its own (like :activatable
   # and :timeoutable) which are not included here and also plugins. So be sure
   # to check the docs for a complete set.
-  config.all = [:authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable, :lockable]
+  config.all = [:authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable]
 
   # Invoke `rake secret` and use the printed value to setup a pepper to generate
   # the encrypted password. By default no pepper is used.
@@ -55,7 +55,7 @@ Devise.setup do |config|
   # config.scoped_views = true
 
   # Number of authentication tries before locking an account.
-  # config.maximum_attempts = 5
+  # config.maximum_attempts = 20
 
   # Defines which strategy will be used to unlock an account.
   # :email = Sends an unlock link to the user email