Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option for skipping secret generation #56

Merged
merged 3 commits into from
Jun 18, 2019
Merged

Add option for skipping secret generation #56

merged 3 commits into from
Jun 18, 2019

Conversation

matheusazzi
Copy link
Contributor

@matheusazzi matheusazzi commented Jun 17, 2019
edited
Loading

On my app 2FA needs to be an opt-in feature. So I'd like to only generate the otp secret manually when users enable it.

@matheusazzi matheusazzi force-pushed the skip-secret-generation branch 2 times, most recently from 1c5a5b2 to a21d754 Compare June 17, 2019 22:05
@matheusazzi
Copy link
Contributor Author

@robertomiranda Please let me know what do you think about it, this is a useful option in the project I'm working on and it seems others can have that same scenario.

@robertomiranda
Copy link
Member

@matheusazzi sounds like a good idea 👍, thanks for submitting this PR. Although I wondering if we can extend this idea by adding a conditional option if or unless instead?

class User
   has_one_time_password if: :otp_enabled?

wdyt?

@matheusazzi
Copy link
Contributor Author

matheusazzi commented Jun 18, 2019
edited
Loading

@robertomiranda Do you mean that otp_enabled will be a column in database? By now I'm just controlling if otp is enabled for users if they have the otp_column filled or not.
I think that's a possible solution but ideally, I prefer not having another column and I'd like to only skip the before_create callback by default for not generating the secret.

robertomiranda
robertomiranda reviewed Jun 18, 2019
View reviewed changes
lib/active_model/one_time_password.rb Outdated

self.otp_column_name = (options[:column_name] || "otp_secret_key").to_s
self.otp_digits = options[:length] || 6

self.otp_counter_based = (options[:counter_based] || false)
self.otp_counter_column_name = (options[:counter_column_name] || "otp_counter").to_s
self.skip_secret_generation = options[:skip_secret_generation] || false

include InstanceMethodsOnActivation

before_create do
Copy link
Member

@robertomiranda robertomiranda Jun 18, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@robertomiranda Do you mean that otp_enabled will be a column in database? By now I'm just controlling if otp is enabled for users if they have the otp_column filled or not.
I think that's a possible solution but ideally, I prefer not having another column and I'd like to only skip the before_create callback by default for not generating the secret.

@matheusazzi I was thinking of passing the option here:

Suggested change
before_create do
before_create(if: condition) do

It has not to be another column, it could be a method or even a proc taking advantage that active model already provides this functionality:

https://github.com/rails/rails/blob/aeba121a83965d242ed6d7fd46e9c166079a3230/activerecord/test/cases/callbacks_test.rb#L132-L147

https://github.com/rails/rails/blob/aeba121a83965d242ed6d7fd46e9c166079a3230/activerecord/test/cases/callbacks_test.rb#L402-L420

https://github.com/rails/rails/blob/aeba121a83965d242ed6d7fd46e9c166079a3230/activerecord/test/cases/transaction_callbacks_test.rb#L718-L731

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh I see, thanks for clarifying things @robertomiranda, wdyt about 297f0d1?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@robertomiranda robertomiranda merged commit 3280ecd into heapsource:master Jun 18, 2019
@codabrink
Copy link

Can we get a new release for this? It's not in version 2.0.1.

gendosu pushed a commit to gendosu/active_model_otp that referenced this pull request Dec 3, 2020
@matheusazzi @gendosu
Add option for skipping secret generation (heapsource#56)
a5ef28e 
* Add option for skipping secret generation

* Use #nil?

* Send options to callbacks
gendosu pushed a commit to gendosu/active_model_otp that referenced this pull request Dec 4, 2020
@matheusazzi @gendosu
Add option for skipping secret generation (heapsource#56)
5f7b353 
* Add option for skipping secret generation

* Use #nil?

* Send options to callbacks
gendosu added a commit to gendosu/active_model_otp that referenced this pull request Dec 4, 2020
@gendosu
fixup! Add option for skipping secret generation (heapsource#56)
dca89c0
gendosu pushed a commit to gendosu/active_model_otp that referenced this pull request Dec 4, 2020
@matheusazzi @gendosu
Add option for skipping secret generation (heapsource#56)
95ad1ac 
* Add option for skipping secret generation

* Use #nil?

* Send options to callbacks
gendosu pushed a commit to gendosu/active_model_otp that referenced this pull request Dec 4, 2020
@matheusazzi @gendosu
Add option for skipping secret generation (heapsource#56)
e15d0c2 
* Add option for skipping secret generation

* Use #nil?

* Send options to callbacks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robertomiranda robertomiranda robertomiranda left review comments

@houndci-bot houndci-bot houndci-bot left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@matheusazzi @robertomiranda @codabrink @houndci-bot