Skip to content

Version 0.2.0

Latest
Latest
Compare
Choose a tag to compare
@samueljmurray samueljmurray released this 04 Feb 12:26
· 3 commits to master since this release
v0.2.0
d3d4025

Changelog

BREAKING CHANGES

  • PasswordlessAuth.verify_code/2 now returns :ok or {:error, verification_failed_reason()} where verification_failed_reason() is :attempt_blocked | :code_expired | :does_not_exist | :incorrect_code. Prior to version 0.2.0 verify_code/2 returned a boolean. This change allows you to respond to the different reasons why an attempt to verify a code may fail. It is up to you to decide how much information you disclose to the user about why their attempt failed.

Rate limiting

This version introduces rate limiting for the number of attempts a user has to verify their code. After 5 failed attempts to enter their code, the user is blocked from further attempts for 60 seconds. The user has the option of requesting a new code at this point, which resets the number of attempts they have and unblocks them from making attempts.

The number of attempts they have before being blocked is configurable by setting :num_attempts_before_timeout in your config. The amount of time they are blocked from making attempts is also configurable with :rate_limit_timeout_length in your config.

Assets 2
Loading