Comments (10)
andersr
commented on May 22, 2024
1
@dev-xo I think a 2-step route auth path would be preferable, as I think having separate routes would provide more flexibility.
Re. submitting a new login email, I think the the most recently submitted email should just overwrite what's currently in the session.
from remix-auth-totp.
dev-xo
commented on May 22, 2024
1
Yeah, already working on a fix for it.
This will be integrated directly into the Strategy, while keeping the client implementation unchanged.
If the provided form email is not the one that's already stored in session, the authentication flow should reset.
Will probably be ready today.
Thank you for the feedback @andersr!
from remix-auth-totp.
andersr
commented on May 22, 2024
1
Excellent , thanks!
from remix-auth-totp.
dev-xo
commented on May 22, 2024
1
v1.0.4 has been published @andersr.
Feel free to have a look, test it and tell me if everything works as expected.
In my dev environment it does.
Will require to add proper tests to it.
from remix-auth-totp.
dev-xo
commented on May 22, 2024
Hello @andersr! Good question actually.
I usually tend up to remove the cookie from the browser, but I think users should not do that, instead we should provide an easy way for them to enter another email, or simply reset the authentication flow.
Gonna look into it, and I will come up with an example for you.
Thanks for noticing @andersr!
P.S: Also, an advanced-usage.md file will be created inside the /docs folder. I have some advanced cases that could fit there.
from remix-auth-totp.
dev-xo
commented on May 22, 2024
Check the new Starter Example @andersr. It uses a 2-Step route verification.
If you go back to /login after inputed the first email, you could enter a different email or simlpy fix the typo from the first one.
On submit, database will invalidate previous OTP.
Notice me if this is what you was looking for @andersr.
Some new changes and advanced usages will be added soon.
P.S: Just added 3 new examples in case you wanna check them.
from remix-auth-totp.
andersr
commented on May 22, 2024
@dev-xo thanks for all the great insights and for updating the example to include a separate verify page. I tried running it and found that if I go back to the login page and submit a new email address, it does send another email, but to the original email rather than the new one.
from remix-auth-totp.
dev-xo
commented on May 22, 2024
Yeah, good point @andersr.
Noticed the OTP was correctly invalidated but didn't went deeper.
It has a lot of sense actually. We are probably re-sending the email that's already stored in session.
Ideally, I would want a client-side fix to avoid updating the Strategy.
Otherwise I should come up with a handler that could invalidate the Session on call.
Thanks for noticing! Will looking into it.
P.S: Also question for you @andersr.
- Do you prefer the 2-step route authentication path? (
/login & /verify) - Or for simplicity you would stick with a single one?
from remix-auth-totp.
andersr
commented on May 22, 2024
@dev-xo pulled the new version and tested it. Everything works as expected (email address updates on 2nd submit)
from remix-auth-totp.
dev-xo
commented on May 22, 2024
Happy to hear that @andersr. Thank you for the feedback!
Feel free to come up with more ideas / fixes. Them will be welcomed.
from remix-auth-totp.
Related Issues (18)
- [ Feat ] Lack of Remix v1.0 Support Due to ESM-only Dependency
- [ Feat ] 2FA Authentication Support HOT 3
- [ Feat ] Add `expiresAt` field to clean-up unused / expired OTPs from database.
- [ Feat ]: Add session flash message for new code requests. HOT 4
- Can `maxAttempts` be optional in `TOTPGenerationOptions` interface? HOT 2
- Wrapping authenticate in try/catch prevents redirect HOT 6
- [ Feat ]: Support Cloudflare Runtime HOT 15
- [ Feat ] Make TOTP_NOT_FOUND error message customizable HOT 1
- [ Feat ] Remove hostUrl from MagicLinkGenerationOptions HOT 1
- [ Refactor ] Decomplect handleTOTP() API HOT 1
- [ Request ] Allow the flow to continue when emails are invalid. HOT 13
- [ Fix ]: Broke link on totp.fly.dev HOT 1
- [ Chore ] Simplify Tests
- [ Refactor ] Store TOTP Data in Session Instead of Database HOT 3
- [ Feat ] Add support for different OTP sending methods. HOT 15
- [ Feat ] Add support for Session ID rotation. HOT 5
- [ Discussion ] Add support for different OTP sending methods. HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from remix-auth-totp.