AuthTrail

Track Devise login activity

🍊 Battle-tested at Instacart

Installation

Add this line to your application’s Gemfile:

gem 'authtrail'

And run:

rails generate authtrail:install
rake db:migrate

How It Works

A LoginActivity record is created every time a user tries to login. You can then use this information to detect suspicious behavior. Data includes:

• scope - Devise scope
• strategy - database_authenticatable for password logins, rememberable for remember me cookie, or the name of the OmniAuth strategy
• identity - email address
• success - whether the login succeeded
• failure_reason - if the login failed
• user - the user if the login succeeded
• context - controller and action
• ip - IP address
• user_agent and referrer - from browser
• city, region, and country - from IP
• created_at - time of event

IP geocoding is performed in a background job so it doesn’t slow down web requests. You can disable it entirely with:

AuthTrail.geocode = false

Features

Exclude certain attempts from tracking - useful if you run acceptance tests

AuthTrail.exclude_method = proc do |info|
  info[:identity] == "[email protected]"
end

Write data somewhere other than the login_activities table.

AuthTrail.track_method = proc do |info|
  # code
end

Set job queue for geocoding

AuthTrail::GeocodeJob.queue_as :low

Other Notes

We recommend using this in addition to Devise’s Lockable module and Rack::Attack.

Works with Rails 5+

History

View the changelog

Contributing

Everyone is encouraged to help improve this project. Here are a few ways you can help:

• Report bugs
• Fix bugs and submit pull requests
• Write, clarify, or fix documentation
• Suggest or add new features