-
-
Notifications
You must be signed in to change notification settings - Fork 241
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2FA should be re-enabled. #507
Comments
I added those two gems to the Gemfile in the starter repository which got rid of the uninitialized constant error for I had to edit the credentials for Rails 7 to actually show the QR code, but once I added it to my authenticator app, the login page wasn't letting me sign in with the 2FA code, so I feel close to solving it but not quite there yet. I'd like to see 2FA enabled again too. |
Hi @gazayas 👋 I'm Bhumi, I'm new around here, to Bullet Train development. Nice to meet you! So I started taking a look at this as well...and starting at the beginning by reading devise-two-factor, as I have not used this gem before. When you say 'the login page wasn't letting me sign in with the 2FA code' curious what the error is. I working on how to reproduce this issue locally atm. |
Hello @bhumi1102, welcome! 🎉 Nice to meet you too. SetupBasically, I did this.
ErrorAs you can see here, I'm just getting a
Potentially an issue with
|
@gazayas yeah what you say makes sense about the Regarding Thanks for the message! I'm going to continue on this tomorrow/Monday. |
Yes, and as far as I know Here's the original PR: I would take a look through this issue, it might have some leads for fixing our issue: devise-two-factor/devise-two-factor#192 |
That 404 for me. Changing it to this also doesn't find anything #125 |
I've investigated this and noting my findings here of what I think needs to be done: user model
keys
TWO_FACTOR_ENCRYPTION_KEY It seems that we no longer need this key, and 2FA can use the rails 7 active record encryption keys generated. At least from this comment and this comment. |
@bhumi1102 Awesome report, I agree we need to do the following things that you mentioned:
I think that would be enough to open a pull request! As far as the encryption key itself, if we're exclusively enabling 2FA for Rails 7 I think we can safely replace |
Hey, just a heads up that we need to maintain Rails 6 compatibility for this at the moment. 😬 Not saying we can't use Active Record encryption, just need to also support not having it as well. 😐 |
👍 will do. For the latest version of the 2FA gem we do have to use AR encryption as they have deprecated attr_encrypted gem used previously. But we'll can do a migration strategy that allows existing data and Rails 6 to keep working.
|
Back from vacation. Got 2FA working with devise_two_factor, Submitted PR #519 |
We had this enabled previously, but we disabled it when upgrading to Rails 7. You can see where we were including it at https://github.com/bullet-train-co/bullet_train-base/blob/main/bullet_train.gemspec#L46 . Would love to see this working again.
The text was updated successfully, but these errors were encountered: