provisioning_uri called with no otp_secret_key set
cchandler81 opened this issue · 2 comments
I used this post as a guide for implementing this gem into an existing app that uses Devise and I'm getting the error from the title when I update a user to enable two factor auth, specifically on the user.provisioning_uri line of the following helper:
def google_authenticator_qrcode(user)
data = user.provisioning_uri
data = Rack::Utils.escape(data)
url = "https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl=#{data}"
return image_tag(url, :alt => 'Google Authenticator QRCode')
end
Which is called from /users/registrations/confirm_two_factor_authentication.html.erb:
<%= google_authenticator_qrcode(resource) %>
Which the user is redirected to via my overridden after_update_path_for(resource).
Do I need to do anything specific to set the encrypted_otp_secret_x columns for the existing users?
TIA
So I added a before_save call to the following method in my User class:
def update_two_factor
if two_factor_enabled_changed? && two_factor_enabled?
self.otp_secret_key = self.generate_totp_secret
elsif two_factor_enabled_changed? && !two_factor_enabled?
self.unconfirmed_two_factor = true
self.encrypted_otp_secret_key = nil
self.encrypted_otp_secret_key_iv = nil
self.encrypted_otp_secret_key_salt = nil
end
This seems to work, with the added bonus of disabling everything if the user disables their 2FA setting, but I'm all ears if this isn't a good way to do it.
I got an error on that too, had to put self.otp_secret_key = self.generate_totp_secret before user.provisioning_uri and make sure the otp_secret_encryption_key was a valid secret key (used rake secret to generate one).
If you want to disable 2fa for a user you can just make the encrypted_otp_secret_key field nil.