Comments (4)
Hmm, I'll have a think about this. I'm not sure what you're doing is the best idea, but I can understand why you are doing it (having to have many accounts within the authy app to sort between over just the one).
In the meantime you could override the devise authy controllers to implement this soft removal yourself.
from authy-devise.
You are right, to soft disable a user in your own application without removing them in the API you would just set authy_enabled
to false. You could then re-enable the user by just setting it back to true rather than putting the user back through the verification flow.
The potential issue here is that if your user is using the Authy app and has disabled 2FA for themselves, your application is still going to appear in the Authy app for them. If you do the full remove via the API, their tokens will be revoked immediately and the application will be removed from the app. That's why the docs describe this as the best practice.
Can you give me the use case for not removing them through the API, so I can consider whether to add this to the gem?
from authy-devise.
Thank you for the quick response.
The use case I have is this:
We have several different "instances" of the same application, all using the same Authy API key.
Although I know I can easily use a different key for each, I intentionally picked the same key, since the majority of my users (clients) only use their own instance, where we - the "super admins" - use all instances.
So - my options were to have many keys (with many Authy "accounts"), or this one key for all instances. Of course, I realize each of these options has its downside, but for now I chose to use one key.
Perhaps a better suggestion than "providing a config option", would be for the controller to look for params[;soft]
? This is an easy change no?
Of course, I completely understand if this use case is not enough to justify such a change.
from authy-devise.
The more I think about it, the more it sounds like a bad idea. I will go ahead and switch to the best practice and avoid all that uncertainty.
from authy-devise.
Related Issues (20)
- Installation Verification Bypassable HOT 4
- GET verify_authy_installation should redirect if authy_id is nil HOT 4
- ActiveRecord::RecordNotFound at /users/[object%20Object] Couldn't find User with 'id'=[object Object] after onetouch authentication HOT 11
- Push 2.0.0 release tag to GitHub HOT 1
- devise_authy.js is out of date and doesn't work HOT 2
- Option to disable 2FA without removing the User from Authy HOT 4
- Devise-Authy doesn't work with Active Admin HOT 3
- AUTHY-WITH-QR-CODE HOT 9
- POST_disable_authy action does not clear the session["#{resource_name}_authy_token_checked"] variable HOT 1
- 2.2.1 on rubygems HOT 1
- Bad decision HOT 11
- NoMethodError (undefined method `qr_code' for #<Authy::Response:0x000055948144a7d0>): HOT 2
- Use with JWT? HOT 7
- Not receiving an sms until I click the "request sms" link HOT 3
- Rename last_sign_in_with_authy to last_sign_in_with_authy_at HOT 1
- POST_enable_authy redirects back to the same page HOT 2
- Is it possible to disable 2FA for another user, other than yourself (`current_user`)? HOT 3
- Verify API? HOT 2
- remember_device on logout HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authy-devise.