Skip to content
This repository has been archived by the owner on Jan 30, 2024. It is now read-only.

Paranoid Verification

Jump to bottom
Tomas Valent edited this page Apr 7, 2015 · 2 revisions

Generate verification code that user need to insert before using application. User won't be able to access other parts of application until he fills in this verification code.

Verification code is not being sent via email on anything by default but can be introduced in your app. The intention of this module was hardcore security scenario where user needs to contact application support centre and they will provide him verification code to unlock his account.

Unlike Devise builtsin lockable module, this is intention based lock not user "faild x-number of attempts" lock.

user = User.first
user.paranoid_verification_code
# => nil
user.paranoid_verification_attempt
# => 0
user.need_paranoid_verification?
# => false
user.generate_paranoid_code
# => true
user.paranoid_verification_code
# => "9aaf4"
user.need_paranoid_verification?
# => true
user.verify_code 'wrong-code'
user.paranoid_verification_attempt
# => 1
user.need_paranoid_verification?
# => true
user.paranoid_attempts_remaining
# => 9
user.verify_code '9aaf4'
user.need_paranoid_verification?
# => false
user.paranoid_verification_code
# => nil

lock after reset password

One example of usage could be that after user reset his password he needs to contact support center for verification code. Just add to your authentication resource code similar to this:

class User < ActiveRecord::Base
  # ...
  def unlock_access!
    generate_paranoid_code
    super
  end
end

Admin locks account

Another example is when admin want to lock suspicious account

class User < ActiveRecord::Base
  # ...
  def lock_user!
    generate_paranoid_code
  end
end

suspicious_user = User.last
suspicious_user.lock_user!

show remaining attempts

Due to security best practices it's bad idea to show to user how many attempts he has remaining before the code will regenerate ( discussion )

But if you want to show this to user you can do it by adding something like this to your view:

  <p>After <strong><%= Devise.paranoid_code_regenerate_after_attempt %></strong> failed attempts, code will be regenerated<p>
  <p><strong><%= resource.paranoid_attempts_remaining %></strong> attempts remaining</p>

change number of attempts

# config/initializers/devise.rb
Devise.setup do |config|
  # ...
    config.paranoid_code_regenerate_after_attempt = 99
  # ...
end

..or

Devise.paranoid_code_regenerate_after_attempt = 99
Clone this wiki locally