• This repository has been archived on 30/May/2022
  • Stars
    star
    201
  • Rank 194,491 (Top 4 %)
  • Language
    Ruby
  • License
    MIT License
  • Created over 11 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Authy Devise plugin to add Two-Factor Authentication

🚨🚨🚨

This library is no longer actively maintained. The Authy API has been replaced with the Twilio Verify API. Twilio will support the Authy API through November 1, 2022 for SMS/Voice. After this date, we’ll start to deprecate the service for SMS/Voice. Any requests sent to the API after May 1, 2023, will automatically receive an error. Push and TOTP will continue to be supported through July 2023.

Learn more about migrating from Authy to Verify.

Please visit the Twilio Docs for:

Please direct any questions to Twilio Support. Thank you!

🚨🚨🚨


Authy Devise Build Status

This is a Devise extension to add Two-Factor Authentication with Authy to your Rails application.

Pre-requisites

To use the Authy API you will need a Twilio Account, sign up for a free Twilio account here.

Create an Authy Application in the Twilio console and take note of the API key.

Demo

See this repo for a full demo of using authy-devise.

Getting started

First get your Authy API key from the Twilio console. We recommend you store your API key as an environment variable.

$ export AUTHY_API_KEY=YOUR_AUTHY_API_KEY

Next add the gem to your Gemfile:

gem 'devise'
gem 'devise-authy'

And then run bundle install

Add Devise Authy to your App:

rails g devise_authy:install

--haml: Generate the views in Haml
--sass: Generate the stylesheets in Sass

Configuring Models

You can add devise_authy to your user model in two ways.

With the generator

Run the following command:

rails g devise_authy [MODEL_NAME]

To support account locking (recommended), you must add :authy_lockable to the devise :authy_authenticatable, ... configuration in your model as this is not yet supported by the generator.

Manually

Add :authy_authenticatable and :authy_lockable to the devise options in your Devise user model:

devise :authy_authenticatable, :authy_lockable, :database_authenticatable, :lockable

(Note, :authy_lockable is optional but recommended. It should be used with Devise's own :lockable module).

Also add a new migration. For example, if you are adding to the User model, use this migration:

class DeviseAuthyAddToUsers < ActiveRecord::Migration[6.0]
  def self.up
    change_table :users do |t|
      t.string    :authy_id
      t.datetime  :last_sign_in_with_authy
      t.boolean   :authy_enabled, :default => false
    end

    add_index :users, :authy_id
  end

  def self.down
    change_table :users do |t|
      t.remove :authy_id, :last_sign_in_with_authy, :authy_enabled
    end
  end
end

Final steps

For either method above, run the migrations:

rake db:migrate

[Optional] Update the default routes to point to something like:

devise_for :users, :path_names => {
	:verify_authy => "/verify-token",
	:enable_authy => "/enable-two-factor",
	:verify_authy_installation => "/verify-installation",
	:authy_onetouch_status => "/onetouch-status"
}

Now whenever a user wants to enable two-factor authentication they can go to:

http://your-app/users/enable-two-factor

And when the user logs in they will be redirected to:

http://your-app/users/verify-token

Custom Views

If you want to customise your views, you can modify the files that are located at:

app/views/devise/devise_authy/enable_authy.html.erb
app/views/devise/devise_authy/verify_authy.html.erb
app/views/devise/devise_authy/verify_authy_installation.html.erb

Request a phone call

The default views come with a button to force a request for an SMS message. You can also add a button that will request a phone call instead. Simply add the helper method to your view:

<%= authy_request_phone_call_link %>

Custom Redirect Paths (eg. using modules)

If you want to customise the redirects you can override them within your own controller like this:

class MyCustomModule::DeviseAuthyController < Devise::DeviseAuthyController

  protected
    def after_authy_enabled_path_for(resource)
      my_own_path
    end

    def after_authy_verified_path_for(resource)
      my_own_path
    end

    def after_authy_disabled_path_for(resource)
      my_own_path
    end

    def invalid_resource_path
      my_own_path
    end
end

And tell the router to use this controller

devise_for :users, controllers: {devise_authy: 'my_custom_module/devise_authy'}

I18n

The install generator also copies a Devise Authy i18n file which you can find at:

config/locales/devise.authy.en.yml

Session variables

If you want to know if the user is signed in using Two-Factor authentication, you can use the following session variable:

session["#{resource_name}_authy_token_checked"]

# Eg.
session["user_authy_token_checked"]

OneTouch support

To enable Authy push authentication, you need to modify the Devise config file config/initializers/devise.rb and add configuration:

config.authy_enable_onetouch = true

Generic authenticator token support

Authy supports other authenticator apps by providing a QR code that your users can scan.

To use this feature, you need to enable it in your Twilio Console

Once you have enabled generic authenticator tokens, you can enable this in devise-authy by modifying the Devise config file config/initializers/devise.rb and adding the configuration:

config.authy_enable_qr_code = true

This will display a QR code on the verification screen (you still need to take a user's phone number and country code). If you have implemented your own views, the QR code URL is available on the verification page as @authy_qr_code.

Rails 5 CSRF protection

In Rails 5 protect_from_forgery is no longer prepended to the before_action chain. If you call authenticate_user before protect_from_forgery your request will result in a "Can't verify CSRF token authenticity" error.

To remedy this, add prepend: true to your protect_from_forgery call, like in this example from the Authy Devise demo app:

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception, prepend: true
end

Running Tests

Run the following command:

$ bundle exec rspec

Notice: Twilio Authy API’s Sandbox feature will stop working on Sep 30, 2021

Twilio is discontinuing the Authy API’s Sandbox, a feature that allows customers to run continuous integration tests against a mock Authy API for free. The Sandbox is no longer being maintained, so we will be taking the final deprecation step of shutting it down on September 30, 2021. The rest of the Authy API product will continue working as-is.

This repo previously used the sandbox API as part of the test suite, but that has been since removed.

You will only be affected if you are using the sandbox API in your own application or test suite.

For more information please read this article on how we are discontinuing the Twilio Authy sandbox API.

Copyright

Copyright (c) 2012-2021 Authy Inc. See LICENSE.txt for further details.

More Repositories

1

twilio-video-app-react

A collaboration application built with the twilio-video.js SDK and React.js
TypeScript
1,808
star
2

twilio-python

A Python module for communicating with the Twilio API and generating TwiML.
Python
1,707
star
3

stashboard

An open-source status dashboard running on App Engine
Python
1,594
star
4

twilio-php

A PHP library for communicating with the Twilio REST API and generating TwiML.
PHP
1,447
star
5

twilio-ruby

A Ruby gem for communicating with the Twilio API and generating TwiML
Ruby
1,335
star
6

twilio-node

Node.js helper library
TypeScript
1,304
star
7

OpenVBX

OpenVBX is a web-based open source phone system for business.
PHP
699
star
8

twilio-csharp

Twilio C#/.NET Helper Library for .NET Framework 3.5+ and supported .NET Core versions
C#
636
star
9

BankersBox

redis-like wrapper for javascript storage
CoffeeScript
571
star
10

twilio-video.js

Twilio’s Programmable Video JavaScript SDK
JavaScript
569
star
11

video-quickstart-ios

Twilio Video Quickstart for iOS
Swift
458
star
12

twilio-java

A Java library for communicating with the Twilio REST API and generating TwiML.
Java
440
star
13

video-quickstart-js

A quickstart and code samples for Twilio Video JavaScript SDK. https://www.twilio.com/docs/video
JavaScript
390
star
14

shadow

A HTTP debugging proxy that helps you with your continuous deployments
JavaScript
330
star
15

twilio-go

A Go package for communicating with the Twilio API.
Go
278
star
16

twilio-sans-mono

Twilio Sans Mono is a beautiful and extensive open source programming font
Shell
255
star
17

twilio-video-app-ios

A collaboration application built with the Twilio Video iOS SDK
Swift
246
star
18

authy-php

A PHP client for Authy
PHP
245
star
19

twilio-video-app-android

A collaboration application built with the Twilio Video Android SDK
Kotlin
240
star
20

video-quickstart-android

Twilio Video Quickstart for Android
Java
210
star
21

authy-python

Authy API Client for Python
Python
189
star
22

twilio-salesforce

A Salesforce/Force.com library for communicating with the Twilio REST API and generating TwiML. Need help? Post your questions to http://getsatisfaction.com/twilio or email us at [email protected]
Apex
186
star
23

voice-quickstart-android

Quickstart app for the Voice Android SDK
Java
184
star
24

voice-quickstart-ios

Twilio Voice Quickstart for iOS with Swift
Objective-C
179
star
25

twilio-cli

Unleash the power of Twilio from your command prompt
JavaScript
160
star
26

audioswitch

An Android audio management library for real-time communication apps.
Kotlin
159
star
27

authy-ruby

**Deprecated** Ruby library to access the authy API
Ruby
156
star
28

authy-openvpn

Authy Open VPN Two-Factor Authentication
C
152
star
29

gameday

A collection of Twilio SRE's Gameday Templates
140
star
30

twilio-oai

The Twilio OpenAPI Specification
Makefile
122
star
31

TwilioChatJsReactNative

ReactNative app example for Twilio Programmable Chat with working iOS and Android push messages https://www.twilio.com/chat
JavaScript
114
star
32

chessms

Play Chess over SMS!
Erlang
112
star
33

media-streams

Quick start guides for configuring and consuming Twilio Media Streams
Ruby
102
star
34

twilio-conversations-demo-react

Twilio Conversations Demo Web Application
TypeScript
97
star
35

apkscale

A Gradle plugin to measure the app size impact of Android libraries
Kotlin
93
star
36

OpenVBX-iPhone

OpenVBX for iPhone
Objective-C
92
star
37

twilio-chat-demo-js

Programmable Chat API Demo Application for JavaScript
JavaScript
92
star
38

starter-node

A starter app for node.js developers embarking on their first Twilio quest!
JavaScript
84
star
39

authy-form-helpers

Authy javascripts and css file to help create quick forms for the authy api
CoffeeScript
83
star
40

flex-plugin-builder

Packages related to building a Twilio Flex Plugin
TypeScript
83
star
41

starter-python

A starter app for Python developers embarking on their first Twilio quest!
CSS
76
star
42

sourd.io

sourd.io: temperature, humidity, and rise monitoring for your sourdough starter
C++
73
star
43

twilio-voice-react-native

TypeScript
67
star
44

twilio-client.js

Twilio’s Programmable Voice JavaScript SDK
TypeScript
67
star
45

authy-java

Java Client for Twilio Authy Two-Factor Authentication (2FA) API
Java
65
star
46

twilio-video-ios

Programmable Video SDK by Twilio
Swift
64
star
47

twilio-chat-demo-android

Chat API Demo Application for Android
Kotlin
63
star
48

twilio-webchat-react-app

Twilio Webchat React App is an application that demonstrates a website chat widget built with Twilio's Conversations JS SDK, Twilio Paste Design library and Create React App.
TypeScript
63
star
49

terraform-provider-twilio

Terraform Twilio provider
Go
62
star
50

twilio-voice.js

Twilio's JavaScript Voice SDK
TypeScript
50
star
51

twilio-webrtc.js

WebRTC-related APIs and shims used by twilio-video.js
JavaScript
49
star
52

rtc-diagnostics

TypeScript
44
star
53

flex-ui-sample

Twilio Flex UI Sample
JavaScript
44
star
54

twilio-video-diagnostics-react-app

A diagnostics tool that tests a participant's ability to have a quality video call. Built with the twilio-video.js SDK, RTC Diagnostics SDK, and React.js.
TypeScript
41
star
55

wiztowar

Build WARs from your Dropwizard apps
Java
40
star
56

hackathons

A collection of tips and tricks for using Twilio at hackathons
40
star
57

twilio-voice-ios

Programmable Voice SDK by Twilio
Swift
39
star
58

voice-quickstart-objc

Twilio Voice Quickstart for iOS with Objective-C
Objective-C
38
star
59

twilio-voice-notification-app

Reference app built in ReactJS that demonstrates how to leverage Twilio Programmable Voice and Twilio SDKs to create a voice notification system.
TypeScript
36
star
60

sample-code

Auto-generated code samples for the Twilio REST API
Java
35
star
61

draw-with-twilio

Draw with Twilio
JavaScript
35
star
62

video-quickstart-objc

Twilio Video Quickstart for iOS with Objective-C
Objective-C
33
star
63

twilio-video-processors.js

Twilio Video Processors is a collection of video processing tools which can be used with Twilio Video JavaScript SDK to apply transformations and filters to a video track.
TypeScript
33
star
64

twilio-voice-react-native-app

TypeScript
32
star
65

TwilioChatXamarinBindings

Twilio Chat Bindings for Xamarin (Android and iOS) and Sample app with working FCM and APN pushes using those bindings.
C#
32
star
66

flex-webchat-ui-sample

Twilio Flex Web Chat UI Sample
JavaScript
31
star
67

twilio-live-interactive-video

An interactive live video app built with Twilio Live and Twilio Video
TypeScript
31
star
68

twilio-video.js-recording-bot

JavaScript
30
star
69

twilio-chat-demo-ios

Twilio Programmable Chat Demo Application for iOS
Objective-C
28
star
70

calcite-kudu

Apache Calcite Adapter for Apache Kudu
Java
28
star
71

ortc-adapter

ORTC to WebRTC Adapter
JavaScript
28
star
72

cloudsec

27
star
73

starter-ruby

A starter app for Ruby developers embarking on their first Twilio quest!
JavaScript
27
star
74

twilio-oai-generator

Twilio OpenAPI client generator
Java
26
star
75

autopilot-cli

The Twilio Autopilot CLI is now deprecated. Please use the Autopilot Plugin for the Twilio CLI here https://www.twilio.com/docs/autopilot/twilio-autopilot-cli
JavaScript
26
star
76

voice-quickstart-server-python

Python
25
star
77

twilio-taskrouter.js

JS SDK v2 for Twilio's TaskRouter skills based routing system.
JavaScript
24
star
78

twilio-boost-build

Build tool for boost libraries on android, ios, linux and osx
Shell
24
star
79

wireless-security-camera

Create a Twilio-powered device that keeps watch over dangerous and remote locations and alerts stakeholders of intrusions or safety concerns.
CSS
24
star
80

twilio-video-room-monitor.js

A browser-based tool that displays information and metrics about Twilio Video JavaScript applications
TypeScript
24
star
81

video-shared-arkit-sample

ARKit + Twilio Video Data Tracks demo
Swift
24
star
82

voice-quickstart-server-node

voice quickstart server example in node
JavaScript
24
star
83

starter-java

A starter app for Java developers embarking on their first Twilio quest!
CSS
22
star
84

wireless-fleet-tracker

Create a Twilio-powered Fleet Tracker that uses off-the-shelf components to track and log: miles driven, hours of uptime and downtime, locations, average speed, and fuel consumption.
CSS
22
star
85

voices

Twilio Voices - Contribute programming tutorials to the Twilio blog. Get paid for each post you publish.
20
star
86

rtc-diagnostics-react-app

TypeScript
20
star
87

autopilot-templates

JavaScript
19
star
88

client-js-1.4-examples

Examples for using the new Client JS 1.4 Audio functionality
JavaScript
19
star
89

wp-click2call

Wordpress Plugin for Click2Call
PHP
19
star
90

authy.net

.NET Library to access the Authy API
C#
19
star
91

starter-php

A starter app for PHP developers embarking on their first Twilio quest!
PHP
19
star
92

Breakout_Arduino_Library

C
18
star
93

howtos

Sample applications that cover common use cases in a variety of languages.
Python
18
star
94

twilio-conversations-demo-android-kotlin

An application demonstrating use of Twilio Conversations on Android - this is a full working Kotlin application
Kotlin
18
star
95

cerebro

Python
17
star
96

linkit-one-sensor-samples

Samples for the LinkIt ONE Starter Kit
C++
17
star
97

twilio-flex-token-validator

Flex JWE Token Validator
TypeScript
17
star
98

wireless-postman-collection

This repository includes a group of Programmable Wireless HTTP requests for your convenience. You can learn more about Programmable Wireless HTTP request formats in the Programmable Wireless Documentation.
17
star
99

twilio-verify-ios

Twilio Verify Push SDK helps you verify users by adding a low-friction, secure, cost-effective, "push verification" factor into your own apps. This project provides an SDK to implement Verify Push for your iOS app.
Swift
17
star
100

twilio-conversations-demo-ios-swift

Twilio Conversations for iOS Demo application in Swift
Swift
17
star