Looking for good approach for two levels of authentication in Rails
Question
I need two levels of authentication in a Rails app using the same username. One to login and a second to view more sensitive areas such as billing and credit card info. The first level is implemented with Devise. For second level can I use Devise again a different model like setting? Cancan require separate logins.
Not sure of the best approach.
Any ideas would be appreciated!
1 answers
solution1
0 ACCPTED 2012-04-29 11:04:15
This problem is so unconventional that it seems there can not be used a ready solution. In my opinion, dual authorization is not necessary in this case (the second password is usually used to confirm some action, not for a second authorization), but sometimes we do not choose such things.
Dirty solution would be to hold another encrypted password, and when you enter to second level give the user a different role temporarily. This role will be checked at the cancan. The role resets during for a while or at the next login (so that an attacker have not at the same time access to billing). I think it's very rough, but a quick solution.
This is just my 50 cents, I doubt that this is a good solution.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.