Barry Allen said over 7 years ago on Two Factor Authentication :
Thanks for sharing, any suggestions for rails 4? It seems that enum _prefix is not implemented yet in rails 4.

David Kimura PRO said over 7 years ago on Two Factor Authentication :

You could add https://github.com/rails/rails/blob/master/activerecord/lib/active_record/enum.rb to your lib folder and have it loaded in your path on the app boot. It should give you the functionality of enum prefix. I did something similar like this before I had fully upgraded a few Rails 4 apps to Rails 5.


Pirun Seng said over 6 years ago on Two Factor Authentication :
Instead of setting enum _prefix to be working in my Rails 4 app, I've just done this in my User model instead: `enum otp_module: { otp_module_disabled: 0, otp_module_enabled: 1 }` Anyway, I think @Kobaltz's suggestion might be better.

Pirun Seng said over 6 years ago on Two Factor Authentication :
Hi Guy! Thanks for this. It is cool. I can get it working with some pieces modification to where I can make/initial the QRCode worked. And, I'd just like to correct a wrong typo on your migration script as you have `rails g migraiton ...` and it should be `rails g migration ...`.

David Kimura PRO said over 6 years ago on Two Factor Authentication :
Thanks for pointing this out! I'll get it corrected.

cfpmb018 said about 6 years ago on Two Factor Authentication :
Hi Kobaltz: Thanks for sharing. I'm working on a project with devise, and I want to make user much easier to login with only a token which will be send by SMS. Here is the process: 1. input phone number 2. get the token by SMS and input it, then submit the form 3. if the phone number is new then will create a new user and sign in , or sign in with this phone number I feel this gem can do this . can you help me show some key steps to implement this ? (devise part and this gem ) thanks.

David Kimura PRO said about 6 years ago on Two Factor Authentication :
I think that this would be a great episode. In your example, would the token be used in addition to their username and password for multifactor auth? Or, are you thinking that the user would not have a username and password and they would simply authenticate with the token? Keep in mind that with security around authentication, ticking off more of these in the list below strengthens the auth wall. 1. something you know (username and password) 2. something you have (registered cell phone with app for token) 3. something you are (fingerprint, facial, etc. i.e., Touch ID to unlock phone) I would highly advise against using just a token to authenticate without needing the username and password if that was the direction you were referring to.

cfpmb018 said about 6 years ago on Two Factor Authentication :
Yes, that's what I'm thinking: only the token is needed. Will the gem be strong enough to implement my example ? I mean the OTA part ( generate code and authorized with devise gem )?

David Kimura PRO said about 6 years ago on Two Factor Authentication :
You could do it, but you'd likely be overwriting a lot of the devise gem. If this were the direction, I probably wouldn't use devise as it's including so much that wouldn't be applicable in this case. I'd still use the OTP gem as it would be able to handle generating and validating the token.

David Ng said over 4 years ago on Two Factor Authentication :
I got this error, how does opt_code work?  


Showing /home/davidnghk/App6/fc4s/code/app/views/devise/sessions/new.html.erb where line #15 raised:

undefined method `otp_code_token' for #<User:0x00005611ff730138>
Did you mean?  otp_code

David Ng said over 4 years ago on Two Factor Authentication :
Showing /home/davidnghk/App6/fc4s/code/app/views/devise/registrations/edit.html.erb where line #91 raised:

undefined method `dark?' for #<RQRCode::QRCode:0x00007f8f111d7200>


<tr> <% qr.modules.each_index do |y| %> <% if qr.dark?(x,y) %> <td class="black"/> <% else %> <td class="white"/>

David Kimura PRO said over 4 years ago on Two Factor Authentication :
  Looks like they changed their API a bit.

user.otp_code # => '850738'

qr = RQRCode::QRCode.new('http://github.com')
result = ''

qr.qrcode.modules.each do |row|
  row.each do |col|
    result << (col ? 'X' : 'O')
  end

  result << "\n"
end

diegopolido said over 3 years ago on Two Factor Authentication :
Hey there! First of all, thanks a lot for this tutorial! I need some help:

I have an application that has a lot of instances with lot of users. Most of them got the proper process to enable 2FA. However, some of them didn't get to enable their accounts, forcing myself to allow the users to operate the system without 2FA. The problem is that Google Authenticator reads the QR Code properly but the code the user type to enable the account doesn't match and the process doesn't enable the 2FA. I did some test about to get user's codes and ran bunch of times user.otp_code to compare with user's codes:

Time  User's code   user.otp_code  
00s        542851    =>   154955
30s        154955    =>   674074
60s        674074    =>   998683
90s        998683    =>   another

Seems there's some delay between Google Authenticator and the gem. I tried to increase the drift to 120, but it didn't work. Some people are posting some comments on the gem github.

I appreciate your help!

David Kimura PRO said over 3 years ago on Two Factor Authentication :
  have you tried some of their suggestions? have you also tried a different authenticator app like FreeOTP or using something like 1Password?

diegopolido said over 3 years ago on Two Factor Authentication :
I asked my customer to try to use FreeOTP, he's read the QR code and he didn't get to enable the account. I have no clue what's happening.

diegopolido said over 3 years ago on Two Factor Authentication :
So, I was digging until I found some workaround for me: I added also drift_ahead on my verification by overriding the authenticate_otp to add the drift_ahead arg to ROTP::TOTP#verify:

# config/initializers/one_time_password_decorator.rb

ActiveModel::OneTimePassword::InstanceMethodsOnActivation.module_eval do
  def authenticate_otp(code, options = {})
    return true if backup_codes_enabled? && authenticate_backup_code(code)

    if otp_counter_based
      hotp = ROTP::HOTP.new(otp_column, digits: otp_digits)
      result = hotp.verify(code, otp_counter)
      if result && options[:auto_increment]
        self.otp_counter += 1
        save if respond_to?(:changed?) && !new_record?
      end
      result
    else
      totp = ROTP::TOTP.new(otp_column, digits: otp_digits)
      if drift = options[:drift]
        totp.verify(code, drift_behind: drift, drift_ahead: drift) # <= my change
      else
        totp.verify(code)
      end
    end
  end
end

That's will solve my problem for now! Thanks a lot!

Login to Comment