AsteriskLabs / devise_google_authenticator

A Devise extension to allow your app to utilise Google's 2FA Mobile app
http://labs.asteriskinfosec.com.au/tag/devise_google_authenticator/
MIT License
216 stars 159 forks source link

Avoid patching Devise controllers #59

Open zedtux opened 6 years ago

zedtux commented 6 years ago

I'm using this gem with the devise_fido_usf gem in order to allow my user to chose a different 2FA option.

The expected workflow would be:

  1. Is Google Authenticator enabled? => No
  2. Is Fido U2F enabled? => No
  3. Redirect to the page to select the option

Then

  1. Is Google Authenticator enabled? => Yes
  2. Redirect to the check GA page

But as this gem is patching the Devise::SessionsController create action it is not possible to do it.

This gem should use the Warden::Manager.after_authentication callback in order to execute its code instead which would allow the above described workflow.