passwordless_auth v0.2.0 Release Notes

Release Date: 2019-02-04 // about 1 year ago
  • 🔄 Changelog

    💥 BREAKING CHANGES

    • PasswordlessAuth.verify_code/2 now returns :ok or {:error, verification_failed_reason()} where verification_failed_reason() is :attempt_blocked | :code_expired | :does_not_exist | :incorrect_code. Prior to version 0.2.0 verify_code/2 returned a boolean. This change allows you to respond to the different reasons why an attempt to verify a code may fail. It is up to you to decide how much information you disclose to the user about why their attempt failed.

    Rate limiting

    This version introduces rate limiting for the number of attempts a user has to verify their code. After 5 failed attempts to enter their code, the user is blocked from further attempts for 60 seconds. The user has the option of requesting a new code at this point, which resets the number of attempts they have and unblocks them from making attempts.

    The number of attempts they have before being blocked is configurable by setting :num_attempts_before_timeout in your config. The amount of time they are blocked from making attempts is also configurable with :rate_limit_timeout_length in your config.


Previous changes from v0.1.0