search

jeremyevans / rodauth

Ruby's Most Advanced Authentication Framework
http://rodauth.jeremyevans.net
MIT License
1.67k stars 95 forks source link

Add `#otp_available?` and `#recovery_codes_available?` auth methods #238

Closed janko closed 2 years ago

janko commented 2 years ago

This is symmetrical to the #sms_available? method from the sms_codes feature. These methods should make it easier for the developer to manually generate authentication links, for cases when they cannot use #two_factor_auth_links.

In my case, I wanted that requiring multifactor authentication always redirects to the OTP auth page, and that links for authenticating via SMS or recovery code are displayed below the form. This way I would eliminate an additional click needed to get to the recommended MFA page (assuming TOTP is the primary method).

<!-- otp auth form -->
<% if rodauth.recovery_codes_available? %>
  <%= link_to "Authenticate Using Recovery Code", rodauth.recovery_auth_path %>
<% end %>
<% if rodauth.sms_available? %>
  <%= link_to "Authenticate Using SMS Code", rodauth.sms_request_path, data: { turbo_method: :post } %>
<% end %>

While here, I DRYed up #sms_available? a bit by having it call #sms_setup?.

jeremyevans commented 2 years ago

Thanks for the patch! This looks good, I'll try merging later today.