Authentication
Business Class account authentication is based on Devise and Devise::OTP.
Password-based authentication
Business Class relies on standard password-based authentication with a standard Devise installation. Devise controllers and views are ejected and renamed to accounts to blend with the rest of the application:
app/controllers/accounts/*
app/views/accounts/*
Email confirmations, forgotten passwords, and account locking are supported out of the box.
Some changes has been made to standard Devise controllers to support team invitation confirmations on sign ups and to support quick sign-in in development.
2FA
2FA is implemented using OTP codes and Devise::OTP.
By default, users can enable OTP at their discretion under their account settings. They can use the generated QR code to quickly add the secret to Google Authenticator or similar application.
Similarly to regular Devise screens, Devise::OTP views are ejected under app/views/accounts
for easy maintainance:
app/views/accounts/otp_credentials/*
app/views/accounts/otp_tokens/*
To update devise-otp
gem generate new views and compare them with those under app/views/accounts
.