Comments (12)
The with_authy_authentication
method is intended to gate sign in and redirect those that have Authy enabled to the verification page, that's why you're seeing the current behaviour.
The original implementation is:
def with_authy_authentication?(request)
if self.authy_id.present? && self.authy_enabled
return true
end
return false
end
But you are trying to enforce the 2FA being enabled for your users. For this, you likely need to add your own controller action filter that checks if your user requires 2FA but doesn't have it enabled and then redirects to the enable page.
I would remove your implementation of with_authy_authentication
and add something like this to the application controller.
class ApplicationController < ActionController::Base
before_action :require_2fa
private
def require_2fa
return if params[:controller].start_with?("devise")
# If there is a signed in user that does not have authy enabled and requires authy to be enabled.
if user_signed_in? && !current_user.with_authy_authentication?(request) && current_user.requires_twofa?
redirect_to user_enable_authy_path
end
end
end
from authy-devise.
After doing some digging I arrived at the that conclusion and had started along a similar solution.
@philnash Your solution above worked perfect. Thanks much!
from authy-devise.
@shaneog Did you find a solution for this?
I'm having the same problem here
from authy-devise.
@brunoasantos I added this method to my non-authy user model.
# This is a hack around the fact that devise-authy does not yet
# know how to apply to specific models only
def with_authy_authentication?(request)
false
end
from authy-devise.
That's what I ended up doing.
Thanks @shaneog 👍
from authy-devise.
Is there a standard way of doing this nowadays?
from authy-devise.
@RoseAndres The fix in 7597696 means that resources are only checked if they respond_to?(:with_authy_authentication)
so this no longer errors.
What are you trying to do here if things aren't working for you?
from authy-devise.
I implemented the with_authy_authentication
method, but also have an overridden after_sign_in_path
. When I sign in with a user that should use 2fa, but hasn't enabled authy yet, it's still taking me to the 2fa verify page, rather than the 2fa enable page.
from authy-devise.
How did you implement with_authy_authentication
?
from authy-devise.
Are you trying to enforce 2FA on your users?
from authy-devise.
We're trying to force 2FA on Users associated with specific centers that require 2FA
In my User model:
def requires_twofa?
is_twofa_teacher = self.has_role_slug('teacher') && self.center&.require_teacher_twofa
is_twofa_client = self.has_role_slug('client') && self.center&.require_client_twofa
is_customer_service = self.has_role_slug('customer_service')
return is_twofa_teacher || is_twofa_client || is_customer_service
end
def with_authy_authentication?(request)
requires_twofa?
end
In my ApplicationController:
def after_sign_in_path_for(resource_or_scope)
if current_user.requires_twofa? && !current_user.authy_enabled?
enable_authy_path
else
stored_location_for(resource_or_scope) || dashboard_path
end
end
from authy-devise.
Awesome, glad it helped!
from authy-devise.
Related Issues (20)
- Installation Verification Bypassable HOT 4
- GET verify_authy_installation should redirect if authy_id is nil HOT 4
- Suggestion: Allow "soft disable" HOT 4
- ActiveRecord::RecordNotFound at /users/[object%20Object] Couldn't find User with 'id'=[object Object] after onetouch authentication HOT 11
- Push 2.0.0 release tag to GitHub HOT 1
- devise_authy.js is out of date and doesn't work HOT 2
- Option to disable 2FA without removing the User from Authy HOT 4
- Devise-Authy doesn't work with Active Admin HOT 3
- AUTHY-WITH-QR-CODE HOT 9
- POST_disable_authy action does not clear the session["#{resource_name}_authy_token_checked"] variable HOT 1
- 2.2.1 on rubygems HOT 1
- Bad decision HOT 11
- NoMethodError (undefined method `qr_code' for #<Authy::Response:0x000055948144a7d0>): HOT 2
- Use with JWT? HOT 7
- Not receiving an sms until I click the "request sms" link HOT 3
- Rename last_sign_in_with_authy to last_sign_in_with_authy_at HOT 1
- POST_enable_authy redirects back to the same page HOT 2
- Is it possible to disable 2FA for another user, other than yourself (`current_user`)? HOT 3
- Verify API? HOT 2
- remember_device on logout HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authy-devise.