devise-two-factor icon indicating copy to clipboard operation
devise-two-factor copied to clipboard

Published 20 hours ago verified publisher icon tinfoil

attr_encrypted via encryption throwing "must specify iv" error

Open pkemble opened this issue 3 years ago • 1 comments

I have just a very basic devise single user app and i'm trying to implement 2fa. I have the following:

def qrcode(user) issuer = 'outlet-dev' #TODO environment specific here label = "#{issuer}:#{current_user.email}" if user.encrypted_otp_secret.nil? user.encrypted_otp_secret = User.generate_otp_secret user.save! end qrcode = user.otp_provisioning_uri(label, issuer: issuer) end

I get a value stored in the 'encrypted_otp_secret' column, but the other two remain empty (encrypted_otp_secret_iv / _salt) which causes the user.otp_provisioning_uri(label, issuer: issuer) part to fail.

Are the iv and salt values supposed to be automatically filled?

devise 4.8.1 devise-two-factor 4.0.1 attr_encrypted 3.1.0 rails 6.1.4.4 ruby 3.0.0

Thanks!

pkemble avatar Jan 02 '22 16:01 pkemble

This is a bit of a pain. You can redefine attr_encrypted and manually specify an iv:

When you do:

  devise :two_factor_authenticatable,  otp_secret_encryption_key: ......

It does

attr_encrypted :otp_secret, key: '(your key from before)', mode: .... but misses out an octal 12 bit iv: param.

Luckily, you can define this one the model.

doconnor-clintel avatar Jan 27 '23 01:01 doconnor-clintel