search

heapsource / active_model_otp

Adds methods to set and authenticate against one time passwords (Two-Factor Authentication). Inspired in AM::SecurePassword
MIT License
773 stars 81 forks source link

one_time_backup_codes not working as expected #98

Closed QihaoVanilla closed 2 years ago

QihaoVanilla commented 2 years ago

Hi all! I am trying to use onetime backup codes feature, but it is not working as expected. Not sure if it is a bug or I missed anything. Any help will be appreciated. Thanks!

a.otp_one_time_backup_codes
=> true

a.otp_backup_codes
=> "[\"115800\", \"262347\", \"495694\", \"737253\", \"636428\", \"661834\", \"859156\", \"287292\"]"

a.authenticate_otp('115800')
=> true

a.authenticate_otp('115800')
=> true

a.otp_backup_codes
=> "[\"115800\", \"262347\", \"495694\", \"737253\", \"636428\", \"661834\", \"859156\", \"287292\"]"

From https://github.com/heapsource/active_model_otp/blob/fb8b178ad6fa374210b6dc66b62a8125eb013a48/lib/active_model/one_time_password.rb#L203-L207, it should remove that used onetime back up code, but it is still there.

QihaoVanilla commented 2 years ago

ah, I noticed Then use array type in schema or serialize attribute in model as Array (depending on used db type). After changing backup codes column to array of text, it works perfectly now.