# File lib/devise/models/lockable.rb, line 75 def valid_for_authentication? return super unless persisted? && lock_strategy_enabled?(:failed_attempts) # Unlock the user if the lock is expired, no matter # if the user can login or not (wrong password, etc) unlock_access! if lock_expired? if super self.failed_attempts = 0 save(:validate => false) true else self.failed_attempts ||= 0 self.failed_attempts += 1 if attempts_exceeded? lock_access! unless access_locked? return :locked else save(:validate => false) end false end end