x3zczq
Last Updated: October 17, 2018
·
1.903K
· Khor

Rails 'devise' alternative: Password-less (2FA) & Database-less User Sign-in/Sign-up Using One-Time-Password in 2 Minutes

Definition

Password-less login (authentication) means the user does not need to remember her credentials. Instead when she identifies herself using a username, the system sends to the device associated with the username a one-time password (OTP), which she uses to complete the login. By requiring a device in place of a traditional password, you also gain the extra security of two-factor authentication (2FA).

Benefit

Why we implemented database-less, password-less user authentication?

  • Reduce development effort
    • Password-less login obviates a lot of user management flows, e.g., no password reset, no password strength evaluator, etc.
  • Less friction to acquire users; users do not need to create credentials
  • Onboard real users who can be contacted timely, i.e., by phone number, which is critical for economy sharing, fintech, online reservations industry
  • Reduce churn resulting from users abandoning our service because they forget their passwords due to infrequent logins

Outcome in 2 Minutes

You start from creating a brand new Ruby On Rails app, and end up with an app that has password-less sign-up, login, logout pages, and a method in your backend current_user_hash that returns the current logged-in user.

Check out the 2-minute video: http://www.youtube.com/watch?v=MNubspdhWM8_ctg

Check out the sample app code: https://github.com/ringcaptcha/user-management-rails-gem-sample-app

Requirements

Outline

  1. Make Rails app
  2. Install user_management_rails gem
  3. bundle install
  4. Run generator to create sign-up, login, logout pages
  5. Launch Rails server
  6. Try!

Details

1. Make Rails app

$ rails new YOUR_APP_NAME

2. Add user_management_rails to YOUR_APP_NAME/Gemfile directory

gem 'user_management_rails'

3. Install the gem

$ bundle install

4. Generate the routes, controllers, and views

This step requires you to signup for a free account on RingCaptcha, to get API keys for sending SMS, and storing users.

pwl_2.png

pwl_3.png

Configure your app:

  • Select 'Web' as 'App type'
  • Add in your 'Domain' name (without http/https)
  • Click 'Create App'

pwl_4.png

  • On the 'My Apps' screen, you can see your app and under the column 'App Key' is your RINGCAPTCHA_APP_KEY

pwl_5.png

  • Click on the 'Gear Icon' ('Customize') on the right side of your app

pwl_6.png

On the 'Customize' window, customize User Management:

  • Click on 'ADVANCED'
  • Check ''Enable User Management Integration'
  • Click 'Save changes'

pwl_7.png

On the 'Customize' window, get the UM_KEY

  • Click on 'ADVANCED'
  • Now you should see 'UserManagement Application ID', which is your UM_KEY

pwl_8.png

With RINGCAPTCHA_APP_KEY and UM_KEY, you can send SMS/voice OTP and store the verified phone in the cloud respectively. You can generate the route, controllers, and views code using the generator, which expects those keys

$ rails generate user_management_rails:install --ringcaptcha-key=YOUR_RINGCAPTCHA_APP_KEY --um-key=YOUR_UM_KEY

These are the files generated:

create  config/initializers/user_management.rb
create  app/controllers/user_management_controller.rb
create  app/views/user_management/signup.html.erb
create  app/views/user_management/login.html.erb
create  app/views/user_management/home.html.erb
 route  root 'user_management#signup'
 route  post '/logout', to: 'user_management#logout'
 route  get '/login', to: 'user_management#login'
 route  get '/home', to: 'user_management#home'
 route  mount UserManagementRails::Engine, at: '/'

5. Launch Rails server

$ rails s

6. Try!

http://localhost:3000/

Conclusion

In Rails, you can now use the method current_user_hash, to retrieve a Hash representing the logged in user.