DEV Community

Sparsh Garg
Sparsh Garg

Posted on

Unlock Superior Security: Implementing 2FA in Ruby on Rails with a Twist!

Introduction:

Welcome to our interactive guide on enhancing your Ruby on Rails application's security with two-factor authentication (2FA)! In this engaging tutorial, we'll show you how to add an extra layer of protection using OTPs and QR codes. But wait, there's more! We'll also optimize the code and give the models a fresh new look! Let's dive in and make your app more secure and user-friendly!

Step 1: Setting up the ROTP Gem 🛠️

Let's start by adding some magic to your Gemfile! 🧙‍♂️

gem 'rotp'
Enter fullscreen mode Exit fullscreen mode

Run bundle install to install the ROTP gem and unlock the power of OTP generation in your Rails app!

Step 2: Creating the User Model 🧑‍💼

Meet your User model, the guardian of your app's security! 🛡️

class User < ApplicationRecord
  attr_accessor :otp

  before_create :create_passkey

  # Add methods for passkey creation and verification
end
Enter fullscreen mode Exit fullscreen mode

Step 3: Generating QR Codes with RQRCode 🌈

Let's add some color to your authentication process with QR codes! 🌟

gem 'rqrcode'
Enter fullscreen mode Exit fullscreen mode

Create a QR code generation method in your QrController to make setting up 2FA a breeze! 🚀

Step 4: Verifying OTPs on Login 🔒

Time to put your 2FA to the test during login! 🚪

Add the verify_passkey method to your ApplicationController to ensure only the rightful users gain access! 🗝️

Optimisation:

💡

Let's optimise the passkey_verification method in the User model for better performance:

def self.passkey_verification(email, otp)
  user = User.find_by(email: email)
  return false unless user

  totp = ROTP::TOTP.new(user.passkey)
  totp.verify(otp)
end
Enter fullscreen mode Exit fullscreen mode

Conclusion:

🎉

Congratulations! You've successfully leveled up your app's security with 2FA in Ruby on Rails! 🚀 By following these steps and adding a touch of magic with gems like ROTP and RQRCode, you've made your app more secure and user-friendly. Keep exploring and enhancing your app's security to provide a top-notch experience for your users! 🌟

Top comments (0)