Devise Require Authentication Again for Specific Case
Update January 2022
For new evolution, we encourage you lot to use the Verify API instead of the Authy API. The Verify API is an evolution of the Authy API with continued back up for SMS, voice, and email quondam passcodes, an improved developer experience and new features including:
- Twilio supported helper libraries in JavaScript, Java, C#, Python, Ruby, PHP, and Go
- Access via the Twilio CLI
- WhatsApp channel
- App-agnostic TOTP
- Push authentication SDK embeddable in your own application
This weblog postal service uses the Authy API. Any new features and development will exist on the Verify API. Check out the FAQ for more information and Verify API Reference to go started.
Passwords aren't enough whatsoever more. Keeping user data safe is hard enough without users themselves choosing the worst passwords in the globe. Yes, "123456" has topped the list of most commonly used password of the year once more.
Two factor hallmark keeps your users' accounts secure by requiring a second factor of authentication, something a user has (their phone) as well every bit something they know (their password). Two factor hallmark tin be hard to implement and even harder to secure properly. Authy is a Twilio service that provides two factor authentication as an API, making it like shooting fish in a barrel to secure our users' accounts.
Your countersign needs to incorporate a capital alphabetic character a number an emoji a plot and a protagonist with some character development and a twist finish.
— Jake Lawrence (@TheTimeCowboy) January 5, 2013
In this post I want to show you lot how to implement two gene authentication using Authy in your Track 4 apps using Devise. We already have a tutorial that walks you lot through adding two gene authentication to a Runway awarding, but as Devise is the most pop authentication framework for Track I thought it would be unwise to leave it out. In this mail service we'll take a bones Runway application, add user accounts with Devise and brand them extra secure past enabling two factor authentication.
The tools
To put this application together we're going to need a couple of things:
- a Twilio account (sign up for free hither)
- Cherry installed (I'm using the current latest, 2.iii.0, only any version that runs Track will piece of work)
- Bundler, so we can install our dependencies.
And that's it. Allow's become going.
Something to protect
And then that we don't have to build a whole Rails awarding upwardly from scratch I have created a starter application for the states. It's called Super Underground Puppies and is a simple app that allows users to log in and look at pictures of puppies. All nosotros demand to exercise is build that login functionality.
Allow's get the app upwards and running. You lot tin clone the repository, install the dependencies and start the app with the following commands:
$ git clone https://github.com/philnash/super-surreptitious-puppies.git $ cd super-secret-puppies $ package install $ bundle exec runway server Navigate to http://localhost:3000 and y'all'll see the dwelling page.
You'll detect y'all tin can click on the phone call to action to encounter the puppies and you lot'll be directed to a folio of puppy pictures. I'll requite y'all a minute while you lot enjoy that.
Ok information technology'south just 1 puppy, my one, but she's called Ruby so I'chiliad pretty happy that this is on topic for today.
For the rest of this post nosotros're going to implement user accounts with two factor authentication to restrict access to this folio to our registered users.
Implementing user accounts with Devise
We'll commencement by adding Devise to our Gemfile. Add the following line after all the regular gems (that is, non inside any of the groups).
Bundle the new gem into the project.
Run the Devise generators and migrate the database.
$ bundle exec rail yard devise:install $ parcel exec rails k devise User $ parcel exec rake db:migrate This installs Devise and then creates a User model that we volition use to sign upwards to our application with.
Let's protect our puppies controller from not-logged in users. Open up app/controllers/puppies_controller.rb and add the following before_action at the summit of the file:
# app/controllers/puppies_controller.rb class PuppiesController < ApplicationController before_action :authenticate_user! def alphabetize end terminate This is a Devise helper that ensures there is a logged in user in the session. If there is no logged in user and so the response volition be a redirect to the login page.
I similar to make one other alter to the default Devise setup. That is to allow logging out by Get request. Open upward config/initializers/devise.rb and modify the line
# config/initializers/devise.rb config.sign_out_via = :delete to
# config/initializers/devise.rb config.sign_out_via = :become Restart the application and load up the home folio once more. You'll detect links to sign upwardly and log in at the top right (I snuck those into the base app to save usa writing HTML). Try navigating to the page of puppies. You lot're now redirected to the login page. Hit the link to sign upward, enter your email and a password, submit the course and y'all're signed up and looking at a page of puppy pictures. Lovely, but we can brand it more secure. Permit's get Authy involved and add together two factor authentication to this experience.
Adding two factor authentication to Devise with Authy
Get-go affair we need to do is install the devise-authy jewel that will handle most of the integration. Add together another line to your Gemfile, below the Devise gem nosotros added earlier.
# Gemfile jewel 'devise' gem 'devise-authy' Packet the new dependency.
Create an initialiser for Authy in config/initializers.
$ touch config/initializers/authy.rb Add the following code to the initialiser.
# config/initializers/authy.rb Authy.api_key = ENV["AUTHY_API_KEY"] Authy.api_uri = "https://api.authy.com/" You'll find we need an API fundamental for Authy. You can get this from your Twilio account portal. Click the link to admission the Authy dashboard.
If you don't already have an Authy account, this volition set i up for y'all. Yous will need to verify your electronic mail address and prepare ii gene hallmark. So you can create an application with Authy and this will give you lot your API key.
If you already take an Authy account, click "New application" at the lesser of your dashboard card and y'all volition go through the same process.
Now you take your API cardinal, re-create config/env.yml.example to config/env.yml and make full in the key.
# config/env.yml evolution: AUTHY_API_KEY: 'YOUR_AUTHY_API_KEY_HERE' Nosotros're using a gem called envyable to set up the API key in your awarding's surroundings. It'due south all set for you, but if you're interested in this setup more, I wrote about environments and envyable last year.
Now we're ready to run our Devise Authy install script. On the control line enter:
$ rails one thousand devise_authy:install $ rails yard devise_authy User $ rake db:drift This installs the Devise Authy plugin and updates the User model to utilise two gene authentication if it is enabled for the account. Let's enable this for our user that nosotros created before at present.
Restart your server and visit this folio: http://localhost:3000/users/enable_authy. Fill in your country and your mobile telephone number and you will become an SMS with a vii digit token. Or, if you are already a user of the Authy app, y'all will receive a push notification adding the Super Underground Puppies app to your account and showing you the token (though you can force the token to get in past SMS if you need). Submit the token to the form in the puppies app and 2 factor authentication will exist enabled on your business relationship.
Yous can exam this past logging out with the link in the acme right of the page and then logging in again. You volition be asked once again for a token which you should receive by SMS or awarding and once yous enter the token you will be logged in.
Two Gene Hallmark in simply a few lines of code
Since we were using Devise, adding ii cistron authentication using Authy was pretty straightforward. All nosotros had to practise was add an initializer for Authy, enter our API key, run an install control and migrate the database.
If you didn't follow along with the code, but y'all desire to encounter the finished application, y'all can check out the complete co-operative in the GitHub repository.
If you want to customise your application a scrap more there are a few options. You tin can edit the views, ready up custom redirects and add internationalised messages throughout the flow. If you're not using Devise, or are interested in how information technology works, check out the tutorial on securing your user accounts using just Authy and Rails.
If you've got any questions about two factor hallmark or using Authy, then exercise exit a annotate below, drop me an email at philnash@twilio.com or hit me up on Twitter at @philnash.
**Okay, okay, no-one needs to go on pictures of puppies rubber. Everyone wants to show off pictures of puppies, why else exercise yous retrieve I'd use them every bit an example in a blog postal service? Hope yous enjoyed them!
Source: https://www.twilio.com/blog/2016/01/two-factor-authentication-in-rails-4-with-devise-authy-and-puppies.html
0 Response to "Devise Require Authentication Again for Specific Case"
Postar um comentário