Use native rate_limit for lockable

CHANGELOG.md

@@ -1,6 +1,7 @@
 ## Authentication Zero 4.0.0 ##
 
 * Remove system tests
+* Use native rate_limit for lockable
 
 ## Authentication Zero 3.0.2 ##
 

lib/generators/authentication/authentication_generator.rb

@@ -259,7 +259,7 @@ def sudoable?
     end
 
     def redis?
-      options.lockable? || options.ratelimit? || sudoable?
+      options.ratelimit? || sudoable?
     end
 
     def importmaps?

lib/generators/authentication/templates/controllers/api/application_controller.rb.tt

@@ -17,14 +17,4 @@ class ApplicationController < ActionController::API
       Current.user_agent = request.user_agent
       Current.ip_address = request.ip
     end
-    <%- if options.lockable? %>
-    def require_lock(wait: 1.hour, attempts: 10)
-      counter = Kredis.counter("require_lock:#{request.remote_ip}:#{controller_path}:#{action_name}", expires_in: wait)
-      counter.increment
-
-      if counter.value > attempts
-        render json: { error: "You've exceeded the maximum number of attempts" }, status: :too_many_requests
-      end
-    end
-    <%- end -%>
 end

lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt

@@ -2,7 +2,7 @@ class Identity::PasswordResetsController < ApplicationController
   skip_before_action :authenticate
 
   <%- if options.lockable? -%>
-  before_action :require_lock, only: :create
+  rate_limit to: 10, within: 1.hour, only: :create
   <%- end -%>
   before_action :set_user, only: :update
 

lib/generators/authentication/templates/controllers/html/application_controller.rb.tt

@@ -15,16 +15,6 @@ class ApplicationController < ActionController::Base
       Current.user_agent = request.user_agent
       Current.ip_address = request.ip
     end
-    <%- if options.lockable? %>
-    def require_lock(wait: 1.hour, attempts: 10)
-      counter = Kredis.counter("require_lock:#{request.remote_ip}:#{controller_path}:#{action_name}", expires_in: wait)
-      counter.increment
-
-      if counter.value > attempts
-        redirect_to root_path, alert: "You've exceeded the maximum number of attempts"
-      end
-    end
-    <%- end -%>
     <%- if sudoable? %>
     def require_sudo
       unless Current.session.sudo?

lib/generators/authentication/templates/controllers/html/identity/password_resets_controller.rb.tt

@@ -2,7 +2,7 @@ class Identity::PasswordResetsController < ApplicationController
   skip_before_action :authenticate
 
   <%- if options.lockable? -%>
-  before_action :require_lock, only: :create
+  rate_limit to: 10, within: 1.hour, only: :create, with: -> { redirect_to root_path, alert: "Try again later" }
   <%- end -%>
   before_action :set_user, only: %i[ edit update ]
 

lib/generators/authentication/templates/controllers/html/sessions/passwordlesses_controller.rb.tt

@@ -2,7 +2,7 @@ class Sessions::PasswordlessesController < ApplicationController
   skip_before_action :authenticate
 
   <%- if options.lockable? -%>
-  before_action :require_lock, only: :create
+  rate_limit to: 10, within: 1.hour, only: :create, with: -> { redirect_to root_path, alert: "Try again later" }
   <%- end -%>
   before_action :set_user, only: :edit