You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
rather than false maybe raise OTPAlreadyConsumed would be better?
In this case we could tell the user exactly why his login didn't worked.
example: user needs to whitelist his IP first via email confirmation link.
it's all possible to do that within 30 seconds (login, otp, confirm link). now if the OTP would be the same he would just get a login that wasn't performable because we won't capture this event.
rather than
false
mayberaise OTPAlreadyConsumed
would be better?In this case we could tell the user exactly why his login didn't worked.
example: user needs to whitelist his IP first via email confirmation link.
it's all possible to do that within 30 seconds (login, otp, confirm link). now if the OTP would be the same he would just get a login that wasn't performable because we won't capture this event.
https://github.com/tinfoil/devise-two-factor/blob/5549aba9f73827c1b8e925f10f6a518e5b10aaf4/lib/devise_two_factor/models/two_factor_authenticatable.rb#L66
The text was updated successfully, but these errors were encountered: