-
Notifications
You must be signed in to change notification settings - Fork 233
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for Rails 7 #206
Comments
Btw However, yeah, it's be nice if there was a new release. I'm having other issues after bundle, anyways. If you do get it working, let me know. |
I have made a start on Rails 7 support in main...eoinkelly:rails-7-support . The code isn't polished enough for a PR yet but I'd love some feedback from maintainers here on whether my approach is something they would be happy to consider. My approach is: OverviewRemove the dependency on Handling upgradesInline a method to fetch and decrypt the "legacy" The following migration will be required in the app in tandem with this upgrade: class AddOtpSecretToUser < ActiveRecord::Migration[7.0]
def change
# this attribute encrypted by Rails7
add_column :users, :otp_secret, :string
end
end I will create a generator for this. I plan to include a rake task to copy the secret from old to new in all rows of the users table. Using this will allow dev teams to remove the old These changes feel big enough to require a major version bump so I've done that in my PR but obviously happy to go along with whatever the maintainers want. |
Btw check out this related thread: #192 There is also a (working) rails 7 branch linked in there. Perhaps you guys can join forces. |
A note here: we've been using @eoinkelly 's branch successfully for several weeks. |
I've been using cybersecuricy's branch successfully for about the same period, as described at #204 up until the recent CVE came out for Devise Two Factor. We really need the upstream fixed with all the fixes (CVE and Rails 7 support). |
Yes, I can also confirm to be using an offshoot of the cybersecuricy branch in development/testing for now, but it would be nice if rails 7 (+ CVE) were merged upstream 🤔 Not sure I want to release MFA in my app without this, as it's kind of building on a shaky foundation. |
I submitted #211 which has the CVE fix and Rails 7 proper support both included. |
Any update on this? Keen to upgrade to rails 7 but want to work off main rather than a branch |
I think @eoinkelly 's approach is better. It can transparently handle the current version of |
To be clear, I don't mind the mechanism, but Rails 7 has been out a while so the gem should support it out of the box by now... (not really complaining, just saying the maintainer should make a decision and get it working/merged - if not, reach out to the community for additional help maintaining it, if they're too busy) |
I created #214 which has my take on Rails 7 support. I'm not at all bothered which Rails 7 PR lands but it would be awesome to get one of them landed. I'd like to +1 what @andyjeffries said above that if the maintainers need some help on this there are some folks around (myself included) who can help. ❤️ your work on creating and maintaining this gem! |
Heads up @geoffharcourt (and any other folks who may be using my branch): At the suggestion of the maintainer, I'm about to remove the implementation of Basically, just copy https://github.com/eoinkelly/devise-two-factor/blob/c26ffee689f3d4d1f05d22422aa8bd55e3ff4a9f/lib/devise_two_factor/models/two_factor_authenticatable.rb#L22-L88 into your user model and everything will continue working as before. |
any updates? |
#214 has landed! Rails < 7 support will continue in the |
Currently, the last supported Rails version is < 6.2:
https://github.com/tinfoil/devise-two-factor/blob/ecd182e97e8e92436bd908af30165c18f17fe67e/devise-two-factor.gemspec#L24-L25
Upgrading to Rails 7 requires downgrading the gem to 3.0.0.
The text was updated successfully, but these errors were encountered: