I recently stumbled on a web app based on helping people who need donations during this pandemic, but one thing I couldn't get right was sending OTP for phone number verifications since email was optional.
I decided to come up with a dummy idea!
Create a user table with a column for saving a temporary generated OTP code, and a column to set account state.
create_table "users", force: :cascade do |t| t.string "email" t.string "phone_number" t.boolean "verified", default: false t.string "tmp_code" end
Implement a method to generate a number from 1012 to 9292, in this case, I will always have numbers of length 4
class User < ApplicationRecord after_create :set_sms_code private def set_sms_code code = Random.rand(1012..9292) self.tmp_code = code end end
In my controller, when a user enters a verification code. I catch it from the params and check it against the one I had saved in the database.
def verify_code if current_user.tmp_code === params[:confirmation_code] current_user.update(activated: true) redirect_to root_path, notice: "account activated" else flash[:alert] = "invalid code" render :welcome end end
I know this was a dummy and probably unhealthy, I, later on, had a background job to set it to a different number every 30 minutes and resend it to the user.