There are several authentication settings you can modify in the
config/eazybi.toml file. See the example file
config/eazybi.toml.sample for commented examples of settings.
devise.timeout_in specifies the time you want to timeout the user session without activity (by default 10 hours). After this time the user will be asked for credentials again.
[devise] timeout_in = "10 hours"
devise.invite_for specifies the period the generated invitation token (that is sent in the invitation email) is valid (by default 2 weeks).
[devise] invite_for = "2 weeks"
devise.remember_for sets the time the user will be remembered without asking for credentials again if the "remember me" checkbox is checked during the login (by default 2 weeks).
[devise] remember_for = "2 weeks"
devise.maximum_attempts sets the number of authentication tries before locking a user if lock_strategy is failed_attempts (by default 5).
[devise] maximum_attempts = 5
devise.reset_password_within specifies the time interval you can reset your password with a reset password key received in the password reset email (by default 6 hours).
[devise] reset_password_within = "6 hours"
devise.paranoid can be used to enable "paranoid mode" to avoid enumerating users. If enabled then a potential attacker will not be able to identify from the error messages if the user is registered in the system. Note, however, there is a limitation in the use of this parameter if the system allows registration. Check here for more.
[devise] paranoid = true
devise.confirmation_required specifies if an email address confirmation email should be sent after a sign up (by default is
[devise] confirmation_required = true
devise.allow_unconfirmed_access_for specifies for how long time user can log in without confirmed email (by default this is not enforced).
[devise] allow_unconfirmed_access_for = "1 day"
devise.reconfirmation_required specifies if a confirmation email should be sent (to the new email address) after an email is changed (by default is
[devise] reconfirmation_required = true
devise.send_email_changed_notification specifies if a notification email should be sent (to the old email address) after an email is changed (by default is
[devise] send_email_changed_notification = true
By default, passwords should be at least 8 characters long and should not be more than 50 characters long. Specify a different range if needed.
[devise] password_length = "8..50"
Specify the minimum required password entropy (longer passwords or passwords with more unique characters have a higher entropy). Passwords with higher entropy are harder to guess using brute-force password cracking. The default value is 10. Try different complexity passwords to check if you need to increase or decrease this setting.
[password_strength] min_entropy = 10
Specify if the most common password dictionary should be used to prevent easy-to-guess passwords (by default is enabled).
[password_strength] use_dictionary = true