'SMS verification after devise login, how?

I am using devise for user authentication, how i can request from user, after clicking on sign in button, to enter sms code which is automaticaly sent to his mobile phone, for successful sign in.

I followed some instructions from internet, also i made twilio and got API key, but still no idea how to finish this.

ruby-on-railsdevisesms


Solution 1:[1]

We need more info for a complete answer (if possible).

First you need a sms provider (you seem to have chosen twilio). Then you need code to be able to send sms using that provider. https://www.twilio.com/blog/2012/02/adding-twilio-sms-messaging-to-your-rails-app.html

Then you need the logic. This is one way of doing it. I am assuming you are using a database with login credentials.

Add a new table with 3 columns (adding another for primary key would not hurt), one columns for user_id, one column for a code, the next for a date.

Then when a user want to login create a code (numeric or not) and add the code to the table with current date and user_id, then send the sms to the users phone number and redirect the user to a page where he can enter the code. When he enters the code you compare it to your row in the database and validates it, having the date will make it easy to add a timeout of the code so that the user would have to enter the code in 60 seconds or what time you would prefer. You would have to send a id to the page where the user enters the sms code so you know which user it is, and that should of course be checked against the table. Using this approach makes it easy to track all tries the user has made.

A tip would be to add a limit on the numbers of sms per day/hour the user can use. Then he would be locked out for the rest of the day and would have to try again tomorrow. Otherwise someone with a user/pass could send thousands of request and forcing you to send out that many sms costing you a lot of money. That of course depend on is you debit the sms to the users account in some way.. Just wanted to mention it..

Solution 2:[2]

As my way....may be this process

  1. create a dumy page for devise login .. in which take login details
  2. Find users details from db and send him/her message
  3. After submit on dummy page, next step will be to enter message otp code
  4. after submit on this .... match otp of user with send otp
  5. if it is correct than logged into device panel by api's

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 MrApnea
Solution 2 John Bachir

Related Questions