You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My application has a two step authentication process:
calls out to a 3rd party authentication service to validate a username & password (I have a custom devise strategy for this)
redirects to an otp page for authorization
The TwoFactorAuthenticatable strategy inherits from Devise::Strategies::DatabaseAuthenticatable and does:
if validate(resource) { validate_otp(resource) }
super
end
As soon as super is called, DatabaseAuthenticatable is expecting there to be a password param, and trying to authenticate the user with that. So with my case, it is trying to authenticate twice (as I stated, my custom devise strategy handles username/password authentication), except user password hashes are not stored in my database, so DatabaseAuthenticatable is completely the wrong subclass for TwoFactorAuthenticatable to use in my case...
It would have been so nice if you could have had a configuration flag that would do conditionally execute that super call...
I hate to have to monkey patch, but it seems like the only option.
The text was updated successfully, but these errors were encountered:
My application has a two step authentication process:
The
TwoFactorAuthenticatable
strategy inherits fromDevise::Strategies::DatabaseAuthenticatable
and does:As soon as super is called,
DatabaseAuthenticatable
is expecting there to be a password param, and trying to authenticate the user with that. So with my case, it is trying to authenticate twice (as I stated, my custom devise strategy handles username/password authentication), except user password hashes are not stored in my database, soDatabaseAuthenticatable
is completely the wrong subclass forTwoFactorAuthenticatable
to use in my case...It would have been so nice if you could have had a configuration flag that would do conditionally execute that super call...
I hate to have to monkey patch, but it seems like the only option.
The text was updated successfully, but these errors were encountered: