Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

calling super in the two factor strategy is problematic... #241

Open
patrick99e99 opened this issue Jun 15, 2023 · 0 comments
Open

calling super in the two factor strategy is problematic... #241

patrick99e99 opened this issue Jun 15, 2023 · 0 comments

Comments

@patrick99e99
Copy link

patrick99e99 commented Jun 15, 2023
edited

My application has a two step authentication process:

  1. calls out to a 3rd party authentication service to validate a username & password (I have a custom devise strategy for this)
  2. redirects to an otp page for authorization

The TwoFactorAuthenticatable strategy inherits from Devise::Strategies::DatabaseAuthenticatable and does:

        if validate(resource) { validate_otp(resource) }
          super
        end

As soon as super is called, DatabaseAuthenticatable is expecting there to be a password param, and trying to authenticate the user with that. So with my case, it is trying to authenticate twice (as I stated, my custom devise strategy handles username/password authentication), except user password hashes are not stored in my database, so DatabaseAuthenticatable is completely the wrong subclass for TwoFactorAuthenticatable to use in my case...

It would have been so nice if you could have had a configuration flag that would do conditionally execute that super call...

I hate to have to monkey patch, but it seems like the only option.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@patrick99e99