Two Factor Authentication With Devise Discussion
Naga Krushna Yelisetty
Hi i'm getting this error when entering 2fa and after click login
Help me
Please check my code
https://github.com/ynagakru...
Your code snippets use of the incorrect unicode quote characters just wasted me a lot of time in debugging. Need to fix that.
I've had that issue before when copying code from Medium for example. You get in the habit of looking for it after a while, but it does also highlight it can be better to write out the code which helps you to understand it opposed to just copy and pasting.
Up and running :) thanks
One step from gem doc that I dont think was covered
"Filtering sensitive parameters from the logs
To prevent two-factor authentication codes from leaking if your application logs get breached, you'll want to filter sensitive parameters from the Rails logs. Add the following to config/initializers/filter_parameter_logging.rb:"
Rails.application.config.filter_parameters += [:otp_attempt]
Really great Chris. You can even extend this to send SMS quite easily
def pre_otp
user = User.find_by(otp_params)
@two_factor_enabled = user && user.otp_required_for_login
respond_to do |format|
format.js {
# Users should be able to receive their one-time password via SMS
# through a service like Twilio
@otp = user.current_otp if @two_factor_enabled
# ...logic to send @otp
}
end
I am trying to send the user their current_otp via email, but whenever i call current_otp I get an error of NoMethodError (undefined method `scan' for nil:NilClass): ...
It works fine but once I disabled the 2FA and enabled again, I can't log in with the one time password. Did I miss anything?
Thanks,
Pramod
I got this error when I login with 2 factor authenication.
NoMethodError in Users::SessionsController#create
undefined method `each' for #String:0x000055ad15249060
codes = self.otp_backup_codes || []
codes.each do |backup_code|
next unless Devise::Encryptor.compare(self.class, backup_code, code)
codes.delete(backup_code)
The Error is strange to me. There is no Create method in Users::SessionsController in your example code
Can you create a gist with the Users::SessionsController and your Two Factor Auths controller? The above example isn't enough context to see what's going on
The Error is caused by the Sqllite database which does not support array. Once I change the database to postgresql, it is OK.
Thanks for feedback.
No worries, as a rule of thumb postgres is much more powerful than SQL Lite. To configure your next Rails app for Postgres, run this command: rails new myapp --database=postgresql
There is any way to use the 2FA only in a specific action of a controller, after a non-2fa login?
Example: To autheticate a money transfer operation. So I can login without 2FA and see my operation's history, but to do a new transfer it should force the 2FA.
Amazing tutorial, really clear explanations and overall short solution! My first interaction with the lessons and I feel blessed for stumbling upon this resource.
I'm about 13 minutes into this tutorial and get a routing error.
No route matches {:action=>"show", :controller=>"two_factor"}, missing required keys: [:id]
I've checked and double checked my typing, but I often have routing errors.
Are you getting this on the delete? There is no show method for that controller. Check yoru code in _two_factor.html.erb. Do you have the method: :post or method: :delete on the items?
Working on this and I have a variation on the login that does login OR email per the Devise wiki (https://github.com/heartcombo/devise/wiki/How-To:-Allow-users-to-sign-in-using-their-username-or-email-address) and it has something similar at the bottom, but that code seems outdated and isn't working. So I have email, login , and a virtual attribute of userlogin setup with attr_accessor. When passing to the pre_otp check, it errors that userlogin isn't a column, which is correct. But the form works when not split.
(I did change Pro to Proc in the wiki example as Pro was unknown; That then results in a undefined method 'where' for Proc:Class error, so the issue may be there as opposed to something else)
Any ideas?
Hi @chris. Thanks for the awsm work.
However I realised that there is a bug with devise when used with lockable and two_factor_authenticatable/two_factor_backupable models.
Whenever, I validate the username and password and render the otp prompt screen, devise updates the failed_attempts twice.
This is already a burning issue with a lot of open threads. Please let me know if there is any solution or workaround.
Related threads
https://github.com/tinfoil/devise-two-factor/issues/127
https://stackoverflow.com/questions/70847131/fix-for-devise-two-factor-and-lockable-bug