Account temporarily locked
Too many unsuccessful sign-in attempts
Wait 15 minutes or request a signed unlock link. Existing sessions were not disclosed.
Recovery and authentication flow
AuthShell-composed recovery, token expiry, locks, two-factor challenges, recovery codes, trust, and pressure states.
Discovery-safe recovery, token expiry, account locks, authenticators, recovery codes, trusted devices, and pressure states.
Temporary lock information avoids disclosing active sessions.
Account security
Temporary lock information avoids disclosing active sessions.
test/dummy/app/components/gallery/flows/account_security_page.rbrender NitroKit::AuthShell.new(id: "gallery-account-security-shell") do
render_header
case state
when "recovery-request", "recovery-validation", "loading" then render_recovery_request
when "recovery-sent" then render_message("Recovery email sent", "Use the link sent to [email protected] within 30 minutes.", :mail_check, "Return to sign in")
when "reset" then render_password_reset
when "reset-expired" then render_message("Recovery link expired", "Request a new link. No password or session changed.", :clock_alert, "Request another link")
when "account-locked" then render_locked
when "unlock-sent" then render_message("Unlock instructions sent", "The unlock link was sent without revealing whether other sessions remain active.", :mail_check, "Return to sign in")
when "two-factor-challenge", "two-factor-invalid" then render_two_factor
when "recovery-code", "recovery-code-invalid" then render_recovery_code
when "trusted-device" then render_trusted_device
when "success" then render_message("Identity verified", "The account is unlocked and the current browser session is active.", :circle_check, "Continue to workspace")
when "long" then render_long
when "mobile" then render_mobile
end
end