Comments (6)
After a bit more research, I found this:
The :v2_gcm_iv option is available to allow Encryptor to set the IV as it was set in Encryptor v2.0.0. This is provided to assist with migrating data that unsafely encrypted using an AES-*-GCM algorithm from Encryptor v2.0.0.
So it looks like a task could be created which goes through and decrypts passing the v2_gcm_iv: true
and then encrypts it passing v2_gcm_iv: false
(or leaving it off). If there was some way to affect the options at the user level, it seems like it would be as easy as getting the value of otp_secret_key
, turning the option off and then assigning the value back.
from two_factor_authentication.
I wanted to ping you on this again, I'm happy to try to put together a pull request for this, let me know if you're willing to accept a pull request for this issue so that we don't duplicate effort.
from two_factor_authentication.
I will be happy if you can help with pull requests
from two_factor_authentication.
Can you help me with migrating data from Encryptor v2 to v3?
I've managed to decrypt encrypted_otp_secret_key
like this:
decrypted_secret_otp_key = Encryptor.decrypt({
:value => user.encrypted_otp_secret_key.unpack('m').first,
:key => Devise.otp_secret_encryption_key,
:iv => user.encrypted_otp_secret_key_iv.unpack('m').first,
:salt => user.encrypted_otp_secret_key_salt.unpack('m').first,
:v2_gcm_iv => true
})
I then overwrote encrypted_otp_secret_key
in the User model with:
user.update_attributes(
:encrypted_otp_secret_key => Encryptor.encrypt({
:value => decrypted_secret_otp_key,
:key => Devise.otp_secret_encryption_key,
:iv => user.encrypted_otp_secret_key_iv.unpack('m').first,
:salt => user.encrypted_otp_secret_key_salt.unpack('m').first
})
)
But it doesn't work 🤔 Can you help me out with this one 🙏 @Houdini @jetheredge?
from two_factor_authentication.
@nikolalsvk can I check your full commit, please? Could you give me link to your branch?
from two_factor_authentication.
@Houdini The project I'm trying to get this to work is not open source unfortunately 😞
I was trying this in the bundle exec rails console
with the User model.
What happens is:
- old
encrypted_otp_secret_key
gets decrypted (I don't get exceptions and a I get a value). - I try to encrypt it, and succeed with writing the ecrypted value to the database
- I try to log in with 2FA previously set with v2 Encryptor I get some strange behaviour in my application (I get asked to write 2FA again)
I want to know if this is the legit way of doing decrpytion and encrpytion when migrating data from one version to another?
from two_factor_authentication.
Related Issues (20)
- TOTP Codes Entered With Spaces Break Authentication
- Need to upgrade or lock rotp at v3.x HOT 6
- Rails 5.2 Support??
- Manual setup and generator setup are different HOT 1
- Followed guidelines but can't use it.
- Use activeadmin layout
- rotp breaking changes
- Rails 6.1 deprecation warning
- How to turn off two-factor for non password logins i.e. token?
- Add to existing project
- How to encrypt direct otp?
- Upgrading from v1.1.5 to v2.x issues - encrypted_otp_secret_key is nil
- Request for support for backup codes
- Use with Pundit HOT 3
- is_fully_authenticated? returns true when the user model is not called user HOT 2
- 500 error on invalid 2fa code, if user has never authenticated successfully before.
- Is this project dead? HOT 19
- Support for Encryptor 3 - AKA ArgumentError (must specify a key) HOT 1
- Run tests
- Do we need uniqueness index for encrypted_otp_secret_key?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from two_factor_authentication.