Skip to content

Demonstration of simple login with Rails and one time passwords

Notifications You must be signed in to change notification settings

ewalk153/simple-login

Repository files navigation

SimpleLogin

Demonstration of setting up login from scratch with Rails.

  • Core of login/profiles
  • Extension of one time password code for 2FA, for example.

This was inspired by DHH's comment on the Remote Ruby podcast that an experienced developer should be able to create a secure login feature using what's in the box with rails. Writing the originally login took less than an hour thanks to the has_secure_password feature built into Rails.

Setup

  1. Run bundle to install the dependencies
  2. Run bin/setup to prepare the database (sqlite3 to keep things simple)
  3. Add a user account with the rails console: bin/rails c to launch and then User.create("[email protected]", "a-really-secure-password")
  4. Launch the app with bin/rails s and access it: open "http://localhost:3000"

For fun, this app also encrypts the totp token in the database (User#encrypts :totp_secret).

The credentials saved in this app won't work for you because they use my config/master.key. I'm not sharing ;)

You can comment out this line if you want to play with this code without setting up encryption credentials. Otherwise, to setup your own keys, you'll need to create your own encryption keys with bin/rails db:encryption:init and then add them to the rails credentails with bin/rails credentials:edit. More info on this can be found with bin/rails credentials:help. By default, creds are not versioned by environment. To add something to just one environment, pass them as an argument: bin/rails credentials:edit --environment development.

More on active_record_encryption and custom credentials

About

Demonstration of simple login with Rails and one time passwords

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published