Follow best practices for the OTP login codes (#368)

* Update login form to use best practice * Update message to follow the origin-bound one-time codes spec
bikebrigade · May 23, 2024 · 6105ca0 · 6105ca0
1 parent 53dd34e
commit 6105ca0
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 3 deletions.
diff --git a/lib/bike_brigade/authentication_messenger.ex b/lib/bike_brigade/authentication_messenger.ex
@@ -77,7 +77,7 @@ defmodule BikeBrigade.AuthenticationMessenger do
     msg = [
       from: Messaging.outbound_number(),
       to: phone,
-      body: "Your BikeBrigade access code is #{token}."
+      body: "Your BikeBrigade access code is #{token}.\n\n@#{BikeBrigadeWeb.Endpoint.host()} ##{token}"
     ]
 
     SmsService.send_sms(msg)

diff --git a/lib/bike_brigade_web/live/login_live.html.heex b/lib/bike_brigade_web/live/login_live.html.heex
@@ -34,7 +34,11 @@
           </div>
 
           <div class="text-center ">
-            <.button href="https://www.bikebrigade.ca/volunteer-rider-sign-up" color={:white} size={:small}>
+            <.button
+              href="https://www.bikebrigade.ca/volunteer-rider-sign-up"
+              color={:white}
+              size={:small}
+            >
               Sign Up!
             </.button>
           </div>
@@ -65,7 +69,14 @@
             </p>
           </div>
           <.input type="hidden" field={{f, :phone}} />
-          <.input type="text" field={{f, :token_attempt}} label="Authentication Code" />
+          <.input
+            type="text"
+            field={{f, :token_attempt}}
+            label="Authentication Code"
+            inputmode="numeric"
+            autocomplete="one-time-code"
+            pattern="\d{6}"
+          />
           <:actions>
             <.button type="submit" class="w-full">Sign in</.button>
           </:actions>