devise_xfactor_authentication

Two factor authentication for Devise

This is a fork of the orignal two_factor_authentication plugin for devise from Houdini/two_factor_authentication

It is currently under recombobulation, so a some of the below documentation is incorrect.

I will attept to have the readme redone on some level by 11/21/2022 - JP

Features

• Currently Supports sending of OTP codes directly to the user
• Ability to turn on second factor autnenication on a per user basis

• Configurable OTP code digit length
• Configurable max login attempts

• Configurable period where users won't be asked for 2FA again

Configuration

Initial Setup

Devise must be installed and set up. In a Rails environment, require the gem in your Gemfile:

gem 'devise_xfactor_authentication'

Once that's done, run:

bundle install

Installation

Automatic initial setup

To set up the model and database migration file automatically, run the following command:

rails g two_factor_authentication MODEL Where MODEL is your model name (e.g. User or Admin). This generator will add :devise_xfactor_authenticatable to your model's Devise options and create a migration in db/migrate/, which will add the following columns to your table:

• :second_factor_attempts_count

• :encrypted_otp_secret_key

• :encrypted_otp_secret_key_iv

• :encrypted_otp_secret_key_salt

• :direct_otp

• :direct_otp_sent_at

• :totp_timestamp

• :otp_secret_key

• :uses_two_factor

  run: rake db:migrate

Add the following line to your model to fully enable two-factor auth:

has_one_time_password(encrypted: true)

Set config values in config/initializers/devise.rb:

config.max_login_attempts = 3  # Maximum second factor attempts count.
config.allowed_otp_drift_seconds = 30  # Allowed TOTP time drift between client and server.
config.otp_length = 6  # TOTP code length
config.direct_otp_valid_for = 5.minutes  # Time before direct OTP becomes invalid
config.direct_otp_length = 6  # Direct OTP code length
config.remember_otp_session_for_seconds = 30.days  # Time before browser has to perform 2fA again. Default is 0.
config.otp_secret_encryption_key = ENV['OTP_SECRET_ENCRYPTION_KEY']
config.second_factor_resource_id = 'id' # Field or method name used to set value for 2fA remember cookie
config.delete_cookie_on_logout = false # Delete cookie when user signs out, to force 2fA again on login

You an also set some of them in your controller as follows an example for a User model: