search

twilio / authy-devise

Authy Devise plugin to add Two-Factor Authentication
MIT License
201 stars 84 forks source link

Devise-Authy doesn't work with Active Admin #146

Closed paolacastro closed 2 years ago

paolacastro commented 3 years ago

ActiveAdmin installs its own log in controller that does not go through the Devise controllers. Therefore, the Authy flow stops at the method is_signed_in?. The result is that the method check_request_and_redirect_to_verify_token never gets executed.

To get around this issue, we replaced the default Devise ActiveAdmin config in config/routes.rb:

# devise_for :admin_users, ActiveAdmin::Devise.config
  devise_for :admin_users, {:sign_out_via=>[:delete, :get]}

Our solution works, but it would be nice if Authy-Devise integrated well with ActiveAdmin authentication or had a warning that the default Devise controllers change.

philnash commented 3 years ago

Oh, this is interesting. I've not tried using Devise Authy with Active Admin myself.

I will have a go with it and see if there's anything I can do to support Active Admin's devise controllers.

philnash commented 3 years ago

Hey, so, I tried creating a new Rails application to which I then added Devise and ActiveAdmin. I then went through the installation procedure for DeviseAuthy. I then enabled Authy for the admin user and verified it, that worked as expected.

Then something weird happened. I logged out, logged back in and was not asked for a 2FA code. This is what I think you are reporting here too. However, I started investigating, trying to log whether is_signing_in? was called. And once I restarted the server and tried to log out and back in again, it worked. I was asked for the 2FA code as expected.

I think what happened was that I did not restart the server when I installed the DeviseAuthy plugin and the helpers were not loaded to intercept the login. Then when I restarted, things worked as expected.

These helpers are also loaded into ActionController::Base so all controllers will inherit them. The checks for whether a controller is a devise controller will also work successfully for controllers that inherit from the Devise controllers, as they do in ActiveAdmin.

Right now I'm stuck trying to fix this as I can't reproduce. Can you give me any more detail about your application or how this caused a problem for you?

Thanks!

philnash commented 2 years ago

This library is no longer actively maintained. The Authy API has been replaced with the Twilio Verify API. Twilio will support the Authy API through November 1, 2022 for SMS/Voice. After this date, we’ll start to deprecate the service for SMS/Voice. Any requests sent to the API after May 1, 2023, will automatically receive an error. Push and TOTP will continue to be supported through July 2023.

Learn more about migrating from Authy to Verify.

Please visit the Twilio Docs for:

Please direct any questions to Twilio Support. Thank you!