Instead of setting enum _prefix to be working in my Rails 4 app, I've just done this in my User model instead:
`enum otp_module: { otp_module_disabled: 0, otp_module_enabled: 1 }`
Anyway, I think @Kobaltz's suggestion might be better.
Hi Guy!
Thanks for this. It is cool. I can get it working with some pieces modification to where I can make/initial the QRCode worked. And, I'd just like to correct a wrong typo on your migration script as you have `rails g migraiton ...` and it should be `rails g migration ...`.
Hi Kobaltz:
Thanks for sharing.
I'm working on a project with devise, and I want to make user much easier to login with only a token which will be send by SMS. Here is the process:
1. input phone number
2. get the token by SMS and input it, then submit the form
3. if the phone number is new then will create a new user and sign in , or sign in with this phone number
I feel this gem can do this . can you help me show some key steps to implement this ? (devise part and this gem )
thanks.
I think that this would be a great episode. In your example, would the token be used in addition to their username and password for multifactor auth? Or, are you thinking that the user would not have a username and password and they would simply authenticate with the token?
Keep in mind that with security around authentication, ticking off more of these in the list below strengthens the auth wall.
1. something you know (username and password)
2. something you have (registered cell phone with app for token)
3. something you are (fingerprint, facial, etc. i.e., Touch ID to unlock phone)
I would highly advise against using just a token to authenticate without needing the username and password if that was the direction you were referring to.
Yes, that's what I'm thinking: only the token is needed.
Will the gem be strong enough to implement my example ? I mean the OTA part ( generate code and authorized with devise gem )?
You could do it, but you'd likely be overwriting a lot of the devise gem. If this were the direction, I probably wouldn't use devise as it's including so much that wouldn't be applicable in this case. I'd still use the OTP gem as it would be able to handle generating and validating the token.
qr = RQRCode::QRCode.new('http://github.com')
result = ''
qr.qrcode.modules.each do |row|
row.each do |col|
result << (col ? 'X' : 'O')
end
result << "\n"
end
Hey there! First of all, thanks a lot for this tutorial! I need some help:
I have an application that has a lot of instances with lot of users. Most of them got the proper process to enable 2FA. However, some of them didn't get to enable their accounts, forcing myself to allow the users to operate the system without 2FA. The problem is that Google Authenticator reads the QR Code properly but the code the user type to enable the account doesn't match and the process doesn't enable the 2FA. I did some test about to get user's codes and ran bunch of times user.otp_code to compare with user's codes:
Time User's code user.otp_code
00s 542851 => 154955
30s 154955 => 674074
60s 674074 => 998683
90s 998683 => another
Seems there's some delay between Google Authenticator and the gem. I tried to increase the drift to 120, but it didn't work. Some people are posting some comments on the gem github.
So, I was digging until I found some workaround for me: I added also drift_ahead on my verification by overriding the authenticate_otp to add the drift_ahead arg to ROTP::TOTP#verify:
# config/initializers/one_time_password_decorator.rb
ActiveModel::OneTimePassword::InstanceMethodsOnActivation.module_eval do
def authenticate_otp(code, options = {})
return true if backup_codes_enabled? && authenticate_backup_code(code)
if otp_counter_based
hotp = ROTP::HOTP.new(otp_column, digits: otp_digits)
result = hotp.verify(code, otp_counter)
if result && options[:auto_increment]
self.otp_counter += 1
save if respond_to?(:changed?) && !new_record?
end
result
else
totp = ROTP::TOTP.new(otp_column, digits: otp_digits)
if drift = options[:drift]
totp.verify(code, drift_behind: drift, drift_ahead: drift) # <= my change
else
totp.verify(code)
end
end
end
end
That's will solve my problem for now! Thanks a lot!
You could add https://github.com/rails/rails/blob/master/activerecord/lib/active_record/enum.rb to your lib folder and have it loaded in your path on the app boot. It should give you the functionality of enum prefix. I did something similar like this before I had fully upgraded a few Rails 4 apps to Rails 5.
Showing /home/davidnghk/App6/fc4s/code/app/views/devise/sessions/new.html.erb where line #15 raised:
qr = RQRCode::QRCode.new('http://github.com') result = '' qr.qrcode.modules.each do |row| row.each do |col| result << (col ? 'X' : 'O') end result << "\n" endSeems there's some delay between Google Authenticator and the gem. I tried to increase the drift to 120, but it didn't work. Some people are posting some comments on the gem github.
I appreciate your help!
# config/initializers/one_time_password_decorator.rb ActiveModel::OneTimePassword::InstanceMethodsOnActivation.module_eval do def authenticate_otp(code, options = {}) return true if backup_codes_enabled? && authenticate_backup_code(code) if otp_counter_based hotp = ROTP::HOTP.new(otp_column, digits: otp_digits) result = hotp.verify(code, otp_counter) if result && options[:auto_increment] self.otp_counter += 1 save if respond_to?(:changed?) && !new_record? end result else totp = ROTP::TOTP.new(otp_column, digits: otp_digits) if drift = options[:drift] totp.verify(code, drift_behind: drift, drift_ahead: drift) # <= my change else totp.verify(code) end end end endThat's will solve my problem for now! Thanks a lot!