Send the verification request
Now that a user can add their phone number to their account you can use that number to verify them when they log in to the site.
To use the Verify API, you will need to add the vonage
gem to your project. You will also need to configure the vonage
gem to use your API key and secret, which you will load from a .env
file.
Add the following lines to the application's Gemfile
:
gem 'vonage'
gem 'dotenv-rails', groups: [:development, :test]
Then, create a .env
file in your application's route directory and configure it with your API key and secret which you will find in the Developer Dashboard:
.env
VONAGE_API_KEY=your_api_key
VONAGE_API_SECRET=your_api_secret
Add a before_action
to your ApplicationController
that checks if the user has two-factor authentication enabled. If they do, make sure that they are verified before they are allowed to continue:
app/controllers/application_controller.rb
before_action :verify_user!, unless: :devise_controller?
def verify_user!
start_verification if requires_verification?
end
To determine if the user requires verification, check if they have registered with a phone number and that the :verified
session property has not been set:
app/controllers/application_controller.rb
def requires_verification?
session[:verified].nil? && !current_user.phone_number.blank?
end
To start the verification process, call send_verification_request
on the Vonage::Client
object. You don’t need to pass in your API key and secret because it has already been initialized through the environment values you configured in .env
:
app/controllers/application_controller.rb
def start_verification
result = Vonage::Client.new.verify.request(
number: current_user.phone_number,
brand: "Kittens and Co",
sender_id: 'Kittens'
)
if result['status'] == '0'
redirect_to edit_verification_path(id: result['request_id'])
else
sign_out current_user
redirect_to :new_user_session, flash: {
error: 'Could not verify your number. Please contact support.'
}
end
end
Note that you pass the verification request the name of the web application. This is used in the text message the user receives so that they can recognize where it came from.
If the message was sent successfully you need to redirect the user to a page where they can enter the code they received. You will do this and check if the code is correct in the next step.
Two-factor authentication for security and spam prevention
Learn how to implement 2fa in your Ruby applicationsSteps