0

In my Rails 5.1 app, I use the devise-authy gem to add 2fa to my app. With this form ...

= enable_authy_form multipart: true do
    = text_field_tag :country_code, '', required: true, id: 'country_code', aria_required: 'true'
    = telephone_field :cellphone, '', required: true, autocomplete: 'off', id: 'authy-cellphone', class: 'string required', aria_required: 'true'
    = button 'button', I18n.t( 'enable_authy', { scope: 'devise' } ), nil, 'submit', true, 'flex-end'

... I post to the following controller action (from the gem):

  def POST_enable_authy
    @authy_user = Authy::API.register_user(
      :email => resource.email,
      :cellphone => params[:cellphone],
      :country_code => params[:country_code]
    )

    if @authy_user.ok?
      resource.authy_id = @authy_user.id
      if resource.save
        set_flash_message(:notice, :enabled)
      else
        set_flash_message(:error, :not_enabled)
        redirect_to after_authy_enabled_path_for(resource) and return
      end

      redirect_to [resource_name, :verify_authy_installation]
    else
      set_flash_message(:error, :not_enabled)
      render :enable_authy
    end
  end

But as you can see from the logs, nothing happens:

Started POST "/2fa/enable" for 127.0.0.1 at 2017-06-24 21:19:02 +0200
Processing by Devise::DeviseAuthyController#POST_enable_authy as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"5P1aSzQvWATGEBLEYYwoD7dS/6sCSzpAk24rnh1DK9ZV6S70WWt10ijmoAo9MlxyGDAol+ewZYAszooiDeZKQQ==", "country"=>"United States", "country_code"=>"us", "cellphone"=>["546876578"], "subdomain"=>""}
Cookie#domain returns dot-less domain name now. Use Cookie#dot_domain if you need "." at the beginning.
  Rendering devise/devise_authy/enable_authy.html.haml within layouts/application
Completed 200 OK in 3632ms (Views: 2461.8ms | ActiveRecord: 1.5ms)

It just redirects to the template, where the request originated from. I can't see why this happens.

Even after forking the gem, modifying the controller to redirect to a specific URL, nothing happens.

heroxav
  • 1,387
  • 1
  • 22
  • 65
  • I'm not sure what's going on, R_G's suggestion below might help. I was just wondering why your form was set to `multipart: true` in this case? – philnash Jun 26 '17 at 09:04
  • @philnash Dunno, i removed it :) – heroxav Jun 30 '17 at 09:51
  • Oh, I think I might know what's going on here. Where do you set your Authy API Key? And can you confirm that you are definitely setting it? – philnash Jun 30 '17 at 09:53
  • @philnash In an initializer (`auth.rb`): `Authy.api_key = Settings.devise.authy.key` - unless something is wrong with `Authy.api_key`, I'm convinced that this works as intended. – heroxav Jun 30 '17 at 15:46
  • I'd check that it's set properly from the secrets though. Try logging `Authy.api_key` in your controller and see what comes out. – philnash Jun 30 '17 at 15:50

1 Answers1

1

I am not certain it applies as I experienced this with Ruby/Sinatra. My post seemed to be right but it kept returning the original form. The problem was with AJAX, which was defaulted. Since AJAX intends to update the form, it will not redirect otherwise. I specified data-ajax="false" to resolve it. Let me know if it helps. (Posted comment as answer.)

Richard_G
  • 4,700
  • 3
  • 42
  • 78
  • @jonhue Interesting. Can you tell me what you did and if it made any difference at all? – Richard_G Jun 30 '17 at 12:51
  • Well, so far I have not found a solution. I tried what you suggested and obviously tried to change the controller action by using a forked repository. – heroxav Jun 30 '17 at 15:49