Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Token with empty string return true on authenticate_otp #95

Closed
jarkelen opened this issue Oct 22, 2021 · 2 comments · Fixed by #96
Closed

Token with empty string return true on authenticate_otp #95

jarkelen opened this issue Oct 22, 2021 · 2 comments · Fixed by #96

Comments

@jarkelen
Copy link

I authenticate the token filled in by the user like this, where params[:otp_token] is the user filled token from the view:

result = current_user.authenticate_otp(params[:otp_token], drift: 300)

I noticed when params[:otp_token] is an empty string, that the result is true, which should be false?
In my opinion any empty or nil value should always result in a false result?
@pedrofurtado
Copy link
Collaborator

pedrofurtado commented Oct 22, 2021
edited
Loading

Hello, @jarkelen ! 👋

Thanks for your report.

I've opened a pull request with that bugfix, can you test inside your application? I believe that will be fixed now.

To test, please make something like this in your Gemfile:

gem 'active_model_otp', github: 'heapsource/active_model_otp', branch: 'master'

@pedrofurtado pedrofurtado mentioned this issue Oct 22, 2021
Merged
@jarkelen
Copy link
Author

Sorry for my late reaction, it works, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@jarkelen @pedrofurtado