Skip to content

Paranoid Verification

Jump to bottom
Nate Bird edited this page Apr 17, 2018 · 1 revision

Paranoid verification generates a verification code that the user needs to submit before using application. The user won't be able to access other parts of the application until the verification code is valid. The intention of this module was hardcore security scenario where the user needs to contact application support and they provide a verification code to unlock his account.

The verification code is not sent via email by default but can be introduced in your app.

user = User.first
user.paranoid_verification_code
# => nil
user.paranoid_verification_attempt
# => 0
user.need_paranoid_verification?
# => false
user.generate_paranoid_code
# => true
user.paranoid_verification_code
# => "9aaf4"
user.need_paranoid_verification?
# => true
user.verify_code 'wrong-code'
user.paranoid_verification_attempt
# => 1
user.need_paranoid_verification?
# => true
user.paranoid_attempts_remaining
# => 9
user.verify_code '9aaf4'
user.need_paranoid_verification?
# => false
user.paranoid_verification_code
# => nil

lock after reset password

One example of usage could be that after a user resets their password they need to contact support for the verification code. Just add to your authentication resource code similar to this:

class User < ActiveRecord::Base
  # ...
  def unlock_access!
    generate_paranoid_code
    super
  end
end

Admin locks account

Another example is when admin wants to lock a suspicious account

class User < ActiveRecord::Base
  # ...
  def lock_user!
    generate_paranoid_code
  end
end

suspicious_user = User.last
suspicious_user.lock_user!

show remaining attempts

Due to security best practices, it's a bad idea to show to the user how many attempts are remaining before the code will regenerate.

However, if you still want to show this to the user you can do it by adding something like this to your view:

  <p>After <strong><%= Devise.paranoid_code_regenerate_after_attempt %></strong> failed attempts, code will be regenerated<p>
  <p><strong><%= resource.paranoid_attempts_remaining %></strong> attempts remaining</p>

change number of attempts

# config/initializers/devise.rb
Devise.setup do |config|
  # ...
    config.paranoid_code_regenerate_after_attempt = 99
  # ...
end

..or

Devise.paranoid_code_regenerate_after_attempt = 99
Clone this wiki locally