-
-
Save andrewhaines/9bcb051ab700ab60f38f0e9bbed40b92 to your computer and use it in GitHub Desktop.
Using Duo MFA with Devise in a Rails app
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DUO_INT_KEY=your_identity_key_from_duo | |
DUO_SECRET_KEY=your_secret_key_from_duo | |
DUO_APP_KEY=your_secret_string # Generatie with SecureRandom.gen_random(40) | |
DUO_HOST=api-123abc.duosecurity.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<script src="https://api.duosecurity.com/frame/hosted/Duo-Web-v2.js" type="text/javascript"></script> | |
<iframe id="connect_with_duo" data-host="<%= ENV["DUO_HOST"] %>" data-sig-request="<%= @sig_request %>" data-post-action="/registrations/verify_duo"></iframe> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Gemfile | |
gem 'duo_web' | |
# routes.rb | |
devise_scope :user do | |
post 'registrations/verify_duo', to: 'registrations#verify_duo', as: :verify_duo | |
get 'registrations/connect_with_duo', to: 'registrations#connect_with_duo', as: :connect_with_duo | |
authenticated do | |
root :to => "registrations#connect_with_duo" | |
end | |
end | |
# registrations_controller.rb | |
class RegistrationsController < Devise::RegistrationsController | |
skip_before_action :require_no_authentication, only: [:verify_duo] | |
skip_before_action :verify_authenticity_token | |
def connect_with_duo | |
@sig_request = Duo.sign_request(ENV["DUO_INT_KEY"], ENV["DUO_SECRET_KEY"], ENV["DUO_APP_KEY"], current_user.email) | |
end | |
def verify_duo | |
@authenticated_user = Duo.verify_response(ENV["DUO_INT_KEY"], ENV["DUO_SECRET_KEY"], ENV["DUO_APP_KEY"], params['sig_response']) | |
if @authenticated_user | |
session[:duo_authentication] = true | |
redirect_to some_path_you_want | |
else | |
redirect_to some_other_path_you_want | |
end | |
end | |
end | |
# application_controller.rb | |
before_action :confirm_duo_authentication # Use this on whatever controllers you want to exempt | |
def confirm_duo_authentication | |
if !session[:duo_authentication] | |
redirect_to connect_with_duo_path | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment