1 Setup flow
2 Enable OTP-based two-factor authentication
3 Disable 2FA
4 Regenerate recovery codes
5 Login flow
6 Login with OTP
7 Login with recovery code
1: The default way of devise-two-factor to do two-factor authentication is to put the email, password, and OTP field on the same page. However, this is not the most common way to do 2FA login.
2: The common way is to allow users to sign in with or without 2FA. So we need to submit email and password first, then submit the 6 digit OTP code on the second page. We need to do some customization based on devise-two-factor gem:
1 Replace devise-two-factor two_factor_authenticatable strategy with otp_attempt_authenticatable otp_attempt_strategy
2 Replace devise-two-factor two_factor_backupable strategy with recovery_code_authenticatable recovery_code_strategy
successfull login/signup
Enable 2FA via app
Scan the Qr and validate the otp
successfull activation leads to backup codes
option to disable 2fa & regenerate backup codes
2 form flow for 2fa login after successfully adding username and password
1: Only support Totp (Time-based One-time Password) for now.
2: Added Helper for system test so it is fairly easy to add system test now but it is not added for now.