heapsource / active_model_otp

Adds methods to set and authenticate against one time passwords (Two-Factor Authentication). Inspired in AM::SecurePassword
MIT License
773 stars 81 forks source link

"Preventing reuse of Time based OTP's" not working #112

Open aditya-kreditz opened 1 year ago

aditya-kreditz commented 1 year ago

I have applied this gem to my "User' Model like this:

class User < ApplicationRecord
  has_one_time_password interval: 600, after_column_name: :last_otp_at
end

Here I have set interval of 10 minutes for otp. I want to make it invalid once authenticated. But even after authenticating once, It can be authnticated again.

User.last.otp_code => "985983"
User.last.authenticate_otp("985983") => true
User.last.authenticate_otp("985983") => true

Also there is no update in last_otp_at column. User.last.last_otp_at => nil

Am I missing something? What else I need to do?

aditya-kreditz commented 1 year ago

Sorry. There was a mistake at my end. Gem version was 2.3.1. Now upgraded to 2.3.2 and getting last_otp_at time. Now It authenticates once. But it doesn't generate new otp before time interval.