Comments (4)
philnash
commented on September 17, 2024
1
Agreed. There's no reason not to fix it though!
from authy-devise.
philnash
commented on September 17, 2024
This is an interesting point. If a user does send themselves to the verify page without enabling authy all they can do is submit a verification that will fail.
I guess you're right that we could happily redirect them if they don't have an authy_id. Same for the POST_verify_authy_installation endpoint too.
from authy-devise.
DannyBen
commented on September 17, 2024
Yup. Although it is not a big deal, since a) they have to intentionally go to that page and b) no real harm is done, we always prefer to not allow URLs to be accessed, unless they can fulfill their purpose, and they are allowed - this is especially true in all things that are auth(entication|orization) related.
from authy-devise.
DannyBen
commented on September 17, 2024
Thanks for the fixes blitz! Cant wait for the new version.
from authy-devise.
Related Issues (20)
- Installation Verification Bypassable HOT 4
- Suggestion: Allow "soft disable" HOT 4
- ActiveRecord::RecordNotFound at /users/[object%20Object] Couldn't find User with 'id'=[object Object] after onetouch authentication HOT 11
- Push 2.0.0 release tag to GitHub HOT 1
- devise_authy.js is out of date and doesn't work HOT 2
- Option to disable 2FA without removing the User from Authy HOT 4
- Devise-Authy doesn't work with Active Admin HOT 3
- AUTHY-WITH-QR-CODE HOT 9
- POST_disable_authy action does not clear the session["#{resource_name}_authy_token_checked"] variable HOT 1
- 2.2.1 on rubygems HOT 1
- Bad decision HOT 11
- NoMethodError (undefined method `qr_code' for #<Authy::Response:0x000055948144a7d0>): HOT 2
- Use with JWT? HOT 7
- Not receiving an sms until I click the "request sms" link HOT 3
- Rename last_sign_in_with_authy to last_sign_in_with_authy_at HOT 1
- POST_enable_authy redirects back to the same page HOT 2
- Is it possible to disable 2FA for another user, other than yourself (`current_user`)? HOT 3
- Verify API? HOT 2
- remember_device on logout HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authy-devise.