Devise-Authy assumes that every user model will be an authy enabled one about authy-devise HOT 12 CLOSED

The with_authy_authentication method is intended to gate sign in and redirect those that have Authy enabled to the verification page, that's why you're seeing the current behaviour.

The original implementation is:

      def with_authy_authentication?(request)
        if self.authy_id.present? && self.authy_enabled
          return true
        end

        return false
      end

But you are trying to enforce the 2FA being enabled for your users. For this, you likely need to add your own controller action filter that checks if your user requires 2FA but doesn't have it enabled and then redirects to the enable page.

I would remove your implementation of with_authy_authentication and add something like this to the application controller.

class ApplicationController < ActionController::Base
  before_action :require_2fa
 
  private
 
  def require_2fa
    return if params[:controller].start_with?("devise")
    # If there is a signed in user that does not have authy enabled and requires authy to be enabled.
    if user_signed_in? && !current_user.with_authy_authentication?(request) && current_user.requires_twofa?
      redirect_to user_enable_authy_path
    end
  end
end

from authy-devise.

After doing some digging I arrived at the that conclusion and had started along a similar solution.

@philnash Your solution above worked perfect. Thanks much!

from authy-devise.

@shaneog Did you find a solution for this?
I'm having the same problem here

from authy-devise.

@brunoasantos I added this method to my non-authy user model.

# This is a hack around the fact that devise-authy does not yet
# know how to apply to specific models only
def with_authy_authentication?(request)
  false
end

from authy-devise.

That's what I ended up doing.
Thanks @shaneog 👍

from authy-devise.

Is there a standard way of doing this nowadays?

from authy-devise.

@RoseAndres The fix in 7597696 means that resources are only checked if they respond_to?(:with_authy_authentication) so this no longer errors.

What are you trying to do here if things aren't working for you?

from authy-devise.

I implemented the with_authy_authentication method, but also have an overridden after_sign_in_path. When I sign in with a user that should use 2fa, but hasn't enabled authy yet, it's still taking me to the 2fa verify page, rather than the 2fa enable page.

from authy-devise.

How did you implement with_authy_authentication?

from authy-devise.

Are you trying to enforce 2FA on your users?

from authy-devise.

We're trying to force 2FA on Users associated with specific centers that require 2FA

In my User model:

def requires_twofa?
  is_twofa_teacher = self.has_role_slug('teacher') && self.center&.require_teacher_twofa
  is_twofa_client = self.has_role_slug('client') && self.center&.require_client_twofa
  is_customer_service = self.has_role_slug('customer_service')

  return is_twofa_teacher || is_twofa_client || is_customer_service
end

def with_authy_authentication?(request)
  requires_twofa?
end

In my ApplicationController:

def after_sign_in_path_for(resource_or_scope)
  if current_user.requires_twofa? && !current_user.authy_enabled?
    enable_authy_path
  else
    stored_location_for(resource_or_scope) || dashboard_path
  end
end

from authy-devise.

Awesome, glad it helped!

from authy-devise.