How to authenticate otp entered by user from browser in database?

1
votes

I am working on OTP signin rails application.I have used active model otp gem for generating the otp.The gem creates otp_secret_key column to store otp. The application sends the OTP via mail to user.Then the user should enter email and correct otp to login (session should get created).I am stuck on the part of creating session.The code for session is as follows:


     def create
        user = User.find_by(email: params[:session][:email])
        otp = params[:session][:otp_code]
        if user.authenticate_otp(otp)
           session[:user_id] = user.id
           flash[:success] = 'Successfully logged in'
           redirect_to welcome_home_path
        else
           flash.now[:danger] = 'Something wrong with your login information!'
        end
    end

The parameters present in params hash after submitting the form are:


     Parameters: {"utf8"=>"✓", "session"=>{"email"=>"[email protected]", "otp_code"=>"8496"}, "commit"=>"Login"}

But the on the browser it get stucks on the same page and in the terminal it shows tha No template found for SessionsController#create, rendering head :no_content But I want to redirect it to welcome/home path if the values entered are correct.

How to do that?

P.S: I have user table with user_id,user_email and otp_secret_key column Thanks in advance

1
ruby-on-railssession
You have this create method in SessionsController right? Also check if you have added all the routes in routes.rbAkshay Goyal
Yes, this is in session Controller and all the routes mentioned in this method are working.If I simply write the code as `user = User.find_by(email: params[:session][:email]) if user.present? redirect_to welcome_home_path' it goes to that path. I am having trouble with taking otp from browser and checking it from the databaseMoriarty
Your code looks fine to me. Have you checked what does params[:session][:otp_code] return?Akshay Goyal
I tried printing it like this 'puts params[:session][:otp_code]' to check what it returns, it throws error that can't covert symbol to integerMoriarty
So now you now where the problem lies. It might be because you are using :otp_code but in your params its "otp_code". I am not sure if that's the exact issue. Go through this link to read more about it api.rubyonrails.org/classes/ActiveSupport/…Akshay Goyal

1 Answers

1
votes

It turns out that in active otp gem, the otp for a specific user is valid only for 30 seconds. Due to this, if I authenticated the user immediately it was working. However after 30 seconds it was showing as 'invalid login information'. So I used the drift: to increase the otp validity time.