Skip to content
This repository was archived by the owner on Feb 28, 2023. It is now read-only.

Adds SMS auth endpoints #454

Merged
merged 2 commits into from
Nov 20, 2021
Merged

Adds SMS auth endpoints #454

merged 2 commits into from
Nov 20, 2021

Conversation

tanatorn
Copy link
Contributor

@tanatorn tanatorn commented Nov 17, 2021
edited
Loading

Adds the API endpoints required to actually do SMS auth, there will be a PR on the bank repo to actually do the hooking up of bank.hackclub.com to this.

Notable things:

  • Adds a phone_number field to the Users object as well as a way to update it. Bank will eventually have to make API calls to add a phone number + enroll in SMS login
  • We're going to be using Twilio's Verify API rather than storing our own login codes. This is better because:
    1. We don't actually have to purchase/manage phone numbers
    2. They have auto expiry/rate limits and all other good things out of the box

image
image

@tanatorn tanatorn force-pushed the tan-add-twilio-support branch from a5842b4 to 8df7cfd Compare November 17, 2021 06:04
@tanatorn tanatorn requested a review from maxwofford November 17, 2021 06:08
tanatorn
tanatorn commented Nov 17, 2021
View reviewed changes
app/services/twilio_verification_service.rb
Rails.application.secrets.twilio_account_sid,
Rails.application.secrets.twilio_api_key
)
VERIFY_SERVICE_ID = 'VAa06a66dad4c1ca3c199a46334ff11945'
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this isn't private so it's okay to just hardcode it here

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add a comment above that line that so someone doesn't put it in secrets later?

@cjdenio cjdenio mentioned this pull request Nov 17, 2021
Closed
@maxwofford
Copy link
Member

@tanatorn This is looking great. When I look at this recording, the code feels hard to read in a push-notification. Is there a way to shorten the code or add a hyphen in the middle to help mentally break it down?

@maxwofford
Copy link
Member

Also, is the bank user going to get an sms & email at the same time? Will the codes be the same?

@tanatorn
Copy link
Contributor Author

@maxwofford, unfortunately the text message is controlled fully by Twilio, there's nothing I can do there to change that. Additionally, it'll either go to SMS or Email. However, we don't manage any state on the SMS side, e.g. we'll generate a new user token, but we won't touch the login_codes table.

@tanatorn
Copy link
Contributor Author

PTAL @maxwofford

@tanatorn tanatorn mentioned this pull request Nov 18, 2021
Merged
maxwofford
maxwofford approved these changes Nov 19, 2021
View reviewed changes
Copy link
Member

@maxwofford maxwofford left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great! Please add the heroku env keys before merge if you haven't yet.

I have a couple questions about user experience I'll leave on the bank PR.

@tanatorn
Copy link
Contributor Author

done!

@tanatorn tanatorn merged commit 3f834c2 into master Nov 20, 2021
@tanatorn tanatorn deleted the tan-add-twilio-support branch November 20, 2021 21:04
tanatorn added a commit that referenced this pull request Nov 20, 2021
@tanatorn
Revert "Adds SMS auth endpoints (#454)"
34b81eb 
This reverts commit 3f834c2.
@tanatorn tanatorn mentioned this pull request Nov 20, 2021
Closed
@maxwofford maxwofford mentioned this pull request Feb 21, 2023
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
1 more reviewer

@maxwofford maxwofford maxwofford approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tanatorn @maxwofford