search

mikker / passwordless

🗝 Authentication for your Rails app without the icky-ness of passwords
MIT License
1.26k stars 85 forks source link

Disable collection of user agent and IP address #138

Closed dhnaranjo closed 11 months ago

dhnaranjo commented 1 year ago

Hello! So. I don't want to store my users user agent or IP associated with their accounts for privacy reasons. I see that this info isn't actually being used by the library in any way, though the Passwordless::Session model does fail to validate if they aren't present. I can work around this by:

module Authentication
  include Passwordless::ControllerHelpers

  ...

  def build_passwordless_session(user)
    Passwordless::Session.new.tap do |session|
      session.authenticatable = user
      session.user_agent = "N/A"
      session.remote_addr = "N/A"
    end

  ...
end

But honestly this should be something that people should not even really be doing at all, and if they feel they have a specific need it should be an affirmative choice, not something automatic.

Thoughts? If we can agree on a way to solve this I'd be happy to do the work n submit a PR.

mikker commented 1 year ago

Totally agree. It should be removed in 1.0. Your workaround is a good solution until then 👍

mikker commented 11 months ago

Closed in #153