Password authentication

This is the default authentication method in Private eazyBI. See alternative LDAP user authentication and OAuth2 user authentication methods.

There are several authentication settings you can modify in the config/eazybi.toml file. See the example file  config/eazybi.toml.sample for commented examples of settings.

Authentication

devise.timeout_in  specifies the time you want to timeout the user session without activity (by default 10 hours). After this time the user will be asked for credentials again.

[devise]
timeout_in = "10 hours"

devise.invite_for specifies the period the generated invitation token (that is sent in the invitation email) is valid (by default 2 weeks).

[devise]
invite_for = "2 weeks"

devise.remember_for sets the time the user will be remembered without asking for credentials again if the "remember me" checkbox is checked during the login (by default 2 weeks).

[devise]
remember_for = "2 weeks"

devise.maximum_attempts sets the number of authentication tries before locking a user if lock_strategy is failed_attempts (by default 5).

[devise]
maximum_attempts = 5

devise.reset_password_within specifies the time interval you can reset your password with a reset password key received in the password reset email (by default 6 hours).

[devise]
reset_password_within = "6 hours"

devise.paranoid can be used to enable "paranoid mode" to avoid enumerating users. If enabled then a potential attacker will not be able to identify from the error messages if the user is registered in the system.

[devise]
paranoid = true

devise.confirmation_required specifies if an email address confirmation email should be sent after a sign up (by default is false).

[devise]
confirmation_required = true

devise.allow_unconfirmed_access_for specifies for how long time user can log in without confirmed email (by default this is not enforced).

[devise]
allow_unconfirmed_access_for = "1 day"

devise.reconfirmation_required specifies if a confirmation email should be sent (to the new email address) after an email is changed (by default is true).

[devise]
reconfirmation_required = true

devise.send_email_changed_notification specifies if a notification email should be sent (to the old email address) after an email is changed (by default is true).

[devise]
send_email_changed_notification = true

Password strength

By default, passwords should be at least 8 characters long and should not be more than 50 characters long. Specify a different range if needed.

[devise]
password_length = "8..50"

Specify the minimum required password entropy (longer passwords or passwords with more unique characters have a higher entropy). Passwords with higher entropy are harder to guess using brute-force password cracking. The default value is 10. Try different complexity passwords to check if you need to increase or decrease this setting.

[password_strength]
min_entropy = 10

Specify if the most common password dictionary should be used to prevent easy-to-guess passwords (by default is enabled).

[password_strength]
use_dictionary = true