passwordless_auth v0.2.0 Release NotesRelease Date: 2019-02-04 // about 5 years ago
💥 BREAKING CHANGES
:attempt_blocked | :code_expired | :does_not_exist | :incorrect_code. Prior to version 0.2.0
verify_code/2returned a boolean. This change allows you to respond to the different reasons why an attempt to verify a code may fail. It is up to you to decide how much information you disclose to the user about why their attempt failed.
This version introduces rate limiting for the number of attempts a user has to verify their code. After 5 failed attempts to enter their code, the user is blocked from further attempts for 60 seconds. The user has the option of requesting a new code at this point, which resets the number of attempts they have and unblocks them from making attempts.
The number of attempts they have before being blocked is configurable by setting
:num_attempts_before_timeoutin your config. The amount of time they are blocked from making attempts is also configurable with
:rate_limit_timeout_lengthin your config.