devise-otp 0.4.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6fda2423bde851bf5adc44a3d702c2c61ddabf128f2e39cd3bca9098efc582f0
-  data.tar.gz: 4086a98d52455eaad597ad2afed8dd3bdbae1e07415865a64409cd58c27304e8
+  metadata.gz: 40ba57c939a2a84a81a014b151a2ea0fe37a4253942df15a703a0fd83aa9e80c
+  data.tar.gz: bba9a1e8d78ea6760c9c32ed643c05ed9138635095c0f9a16451f6a9922bfeba
 SHA512:
-  metadata.gz: aced8c7eba137c8f2851f665c45277044e2b5c7f46fdfec080b506a72f87643ae91b950876c25608d884c63cb6add1fe49df1e19d635656f8e350e13627542f9
-  data.tar.gz: 7796a7911e786070f7c3bf1f061443448034308ef6203bad52907e9b5faf413f901d446440c2ac632612420fa1fde5d6431f5bc0db5050e1b25938ea1ff5e944
+  metadata.gz: 79f30180843989aed3f784e8d775d8d86a206a328f3032b7f202815e1f590fcc5d3bf3d65cccc20731af5d1de227dd2d857111432fc21ad305524a402219f91a
+  data.tar.gz: 905e257c92ef4cad86876a2e37ec46cea614dafc715ebff364e58c580f7ab1528181771ff96534e5e61978168840f4a9820729b9d819f4c7c002ec970de81da5

data/README.md

@@ -15,6 +15,10 @@ Some of the compatible token devices are:
 
 Device OTP was recently updated to work with Rails 7 and Turbo.
 
+## Sponsor
+
+Devise::OTP development is sponsored by [Business Class](https://businessclasskit.com/) Rails SaaS starter kit. If you don't want to setup OTP yourself for your new project, consider starting one on Business Class.
+
 ## Two-factors authentication using OTP
 
 * A shared secret is generated on the server, and stored both on the token device (e.g. the phone) and the server itself.

data/Rakefile

@@ -1,42 +1,41 @@
 #!/usr/bin/env rake
 begin
-  require 'bundler/setup'
+  require "bundler/setup"
 rescue LoadError
-  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+  puts "You must `gem install bundler` and `bundle install` to run rake tasks"
 end
 begin
-  require 'rdoc/task'
+  require "rdoc/task"
 rescue LoadError
-  require 'rdoc/rdoc'
-  require 'rake/rdoctask'
+  require "rdoc/rdoc"
+  require "rake/rdoctask"
   RDoc::Task = Rake::RDocTask
 end
 
 RDoc::Task.new(:rdoc) do |rdoc|
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title    = 'Foobar'
-  rdoc.options << '--line-numbers'
-  rdoc.rdoc_files.include('README.rdoc')
-  rdoc.rdoc_files.include('lib/**/*.rb')
+  rdoc.rdoc_dir = "rdoc"
+  rdoc.title = "Foobar"
+  rdoc.options << "--line-numbers"
+  rdoc.rdoc_files.include("README.rdoc")
+  rdoc.rdoc_files.include("lib/**/*.rb")
 end
 
-
 Bundler::GemHelper.install_tasks
 
-require 'rake/testtask'
+require "rake/testtask"
 Rake::TestTask.new(:test) do |test|
-  test.libs << 'lib' << 'test'
-  test.pattern = 'test/**/*_test.rb'
+  test.libs << "lib" << "test"
+  test.pattern = "test/**/*_test.rb"
   test.verbose = true
 end
 
-desc 'Run Devise tests for all ORMs.'
+desc "Run Devise tests for all ORMs."
 task :tests do
-  Dir[File.join(File.dirname(__FILE__), 'test', 'orm', '*.rb')].each do |file|
+  Dir[File.join(File.dirname(__FILE__), "test", "orm", "*.rb")].each do |file|
     orm = File.basename(file).split(".").first
     system "rake test DEVISE_ORM=#{orm}"
   end
 end
 
-desc 'Default: run tests for all ORMs.'
-task :default => :tests
+desc "Default: run tests for all ORMs."
+task default: :tests

data/app/controllers/devise_otp/devise/otp_credentials_controller.rb

@@ -3,15 +3,15 @@ module DeviseOtp
     class OtpCredentialsController < DeviseController
       helper_method :new_session_path
 
-      prepend_before_action :authenticate_scope!, :only => [:get_refresh, :set_refresh]
-      prepend_before_action :require_no_authentication, :only => [ :show, :update ]
+      prepend_before_action :authenticate_scope!, only: [:get_refresh, :set_refresh]
+      prepend_before_action :require_no_authentication, only: [:show, :update]
 
       #
       # show a request for the OTP token
       #
       def show
         @challenge = params[:challenge]
-        @recovery =  (params[:recovery] == 'true') && recovery_enabled?
+        @recovery = (params[:recovery] == "true") && recovery_enabled?
 
         if @challenge.nil?
           redirect_to :root
@@ -33,28 +33,25 @@ module DeviseOtp
       #
       def update
         resource = resource_class.find_valid_otp_challenge(params[resource_name][:challenge])
-        recovery = (params[resource_name][:recovery] == 'true') && recovery_enabled?
+        recovery = (params[resource_name][:recovery] == "true") && recovery_enabled?
         token = params[resource_name][:token]
 
         if token.blank?
           otp_set_flash_message(:alert, :token_blank)
-          redirect_to otp_credential_path_for(resource_name, :challenge => params[resource_name][:challenge],
-                                                             :recovery => recovery)
+          redirect_to otp_credential_path_for(resource_name, challenge: params[resource_name][:challenge],
+            recovery: recovery)
         elsif resource.nil?
           otp_set_flash_message(:alert, :otp_session_invalid)
           redirect_to new_session_path(resource_name)
-        else
-          if resource.otp_challenge_valid? && resource.validate_otp_token(params[resource_name][:token], recovery)
-            set_flash_message(:success, :signed_in) if is_navigational_format?
-            sign_in(resource_name, resource)
+        elsif resource.otp_challenge_valid? && resource.validate_otp_token(params[resource_name][:token], recovery)
+          sign_in(resource_name, resource)
 
-            otp_set_trusted_device_for(resource) if params[:enable_persistence] == "true"
-            otp_refresh_credentials_for(resource)
-            respond_with resource, :location => after_sign_in_path_for(resource)
-          else
-            otp_set_flash_message :alert, :token_invalid
-            redirect_to new_session_path(resource_name)
-          end
+          otp_set_trusted_device_for(resource) if params[:enable_persistence] == "true"
+          otp_refresh_credentials_for(resource)
+          respond_with resource, location: after_sign_in_path_for(resource)
+        else
+          otp_set_flash_message :alert, :token_invalid
+          redirect_to new_session_path(resource_name)
         end
       end
 
@@ -83,9 +80,7 @@ module DeviseOtp
 
       def done_valid_refresh
         otp_refresh_credentials_for(resource)
-        otp_set_flash_message :success, :valid_refresh if is_navigational_format?
-
-        respond_with resource, :location => otp_fetch_refresh_return_url
+        respond_with resource, location: otp_fetch_refresh_return_url
       end
 
       def failed_refresh
@@ -96,7 +91,6 @@ module DeviseOtp
       def self.controller_path
         "#{::Devise.otp_controller_path}/otp_credentials"
       end
-
     end
   end
 end

data/app/controllers/devise_otp/devise/otp_tokens_controller.rb

@@ -6,7 +6,7 @@ module DeviseOtp
       prepend_before_action :ensure_credentials_refresh
       prepend_before_action :authenticate_scope!
 
-      protect_from_forgery :except => [:clear_persistence, :delete_persistence]
+      protect_from_forgery except: [:clear_persistence, :delete_persistence]
 
       #
       # Displays the status of OTP authentication
@@ -23,8 +23,8 @@ module DeviseOtp
       # Updates the status of OTP authentication
       #
       def update
-        enabled = params[resource_name][:otp_enabled] == '1'
-        if (enabled ? resource.enable_otp! : resource.disable_otp!)
+        enabled = params[resource_name][:otp_enabled] == "1"
+        if enabled ? resource.enable_otp! : resource.disable_otp!
           otp_set_flash_message :success, :successfully_updated
         end
 
@@ -39,7 +39,7 @@ module DeviseOtp
           otp_set_flash_message :success, :successfully_reset_creds
         end
 
-        redirect_to :action => :show
+        redirect_to action: :show
       end
 
       #
@@ -50,7 +50,7 @@ module DeviseOtp
           otp_set_flash_message :success, :successfully_set_persistence
         end
 
-        redirect_to :action => :show
+        redirect_to action: :show
       end
 
       #
@@ -61,7 +61,7 @@ module DeviseOtp
           otp_set_flash_message :success, :successfully_cleared_persistence
         end
 
-        redirect_to :action => :show
+        redirect_to action: :show
       end
 
       #
@@ -72,12 +72,9 @@ module DeviseOtp
           otp_set_flash_message :notice, :successfully_reset_persistence
         end
 
-        redirect_to :action => :show
+        redirect_to action: :show
       end
 
-      #
-      #
-      #
       def recovery
         respond_to do |format|
           format.html
@@ -106,7 +103,6 @@ module DeviseOtp
       def self.controller_path
         "#{::Devise.otp_controller_path}/otp_tokens"
       end
-
     end
   end
 end

data/app/views/devise/otp_credentials/show.html.erb

@@ -20,7 +20,7 @@
   <%= f.text_field :token, :autocomplete => :off, :autofocus => true, :size => 6, :value => '' %><br>
 
   <%= label_tag :enable_persistence do %>
-    <%= check_box_tag :enable_persistence, true, false %> Remember this browser
+    <%= check_box_tag :enable_persistence, true, false %> <%= I18n.t('remember', :scope => 'devise.otp.general') %>
   <% end %>
 
   <p><%= f.submit I18n.t('submit', :scope => 'devise.otp.submit_token') %></p>

data/app/views/devise/otp_tokens/_token_secret.html.erb

@@ -16,8 +16,8 @@
 </p>
 
 <%- if recovery_enabled? %>
-  <h3><%= I18n.t('title', :scope => 'devise.otp.tokens.recovery') %></h3>
-  <p><%= I18n.t('explain', :scope => 'devise.otp.tokens.recovery') %></p>
-  <p><%= link_to I18n.t('codes_list', :scope => 'devise.otp.tokens.recovery'), recovery_otp_token_for(resource_name) %></p>
-  <p><%= link_to I18n.t('download_codes', :scope => 'devise.otp.tokens.recovery'), recovery_otp_token_for(resource_name, format: :text) %></p>
+  <h3><%= I18n.t('title', :scope => 'devise.otp.otp_tokens.recovery') %></h3>
+  <p><%= I18n.t('explain', :scope => 'devise.otp.otp_tokens.recovery') %></p>
+  <p><%= link_to I18n.t('codes_list', :scope => 'devise.otp.otp_tokens.recovery'), recovery_otp_token_for(resource_name) %></p>
+  <p><%= link_to I18n.t('download_codes', :scope => 'devise.otp.otp_tokens.recovery'), recovery_otp_token_for(resource_name, format: :text) %></p>
 <% end %>

data/app/views/devise/otp_tokens/recovery.html.erb

@@ -1,12 +1,12 @@
-<h2><%= I18n.t('title', :scope => 'devise.otp.tokens.recovery') %></h2>
-<p><%= I18n.t('explain', :scope => 'devise.otp.tokens.recovery') %></p>
+<h2><%= I18n.t('title', :scope => 'devise.otp.otp_tokens.recovery') %></h2>
+<p><%= I18n.t('explain', :scope => 'devise.otp.otp_tokens.recovery') %></p>
 
 <table>
   <caption>
     <thead>
         <tr>
-          <th><%= I18n.t('sequence', :scope => 'devise.otp.tokens.recovery') %></th>
-          <th><%= I18n.t('code', :scope => 'devise.otp.tokens.recovery') %></th>
+          <th><%= I18n.t('sequence', :scope => 'devise.otp.otp_tokens.recovery') %></th>
+          <th><%= I18n.t('code', :scope => 'devise.otp.otp_tokens.recovery') %></th>
         </tr>
     </thead>
     <tbody>

data/app/views/devise/otp_tokens/show.html.erb

@@ -1,18 +1,18 @@
-<h2><%= I18n.t('title', :scope => 'devise.otp.tokens') %></h2>
-<p><%= I18n.t('explain', :scope => 'devise.otp.tokens') %></p>
+<h2><%= I18n.t('title', :scope => 'devise.otp.otp_tokens') %></h2>
+<p><%= I18n.t('explain', :scope => 'devise.otp.otp_tokens') %></p>
 
 <%= form_for(resource, :as => resource_name, :url => [resource_name, :otp_token], :html => { :method => :put, "data-turbo" => false }) do |f| %>
 
   <%= render "devise/shared/error_messages", resource: resource %>
 
-  <h3><%= I18n.t('enable_request', :scope => 'devise.otp.tokens') %></h3>
+  <h3><%= I18n.t('enable_request', :scope => 'devise.otp.otp_tokens') %></h3>
 
   <p>
-    <%= f.label :otp_enabled, I18n.t('status', :scope => 'devise.otp.tokens') %><br />
+    <%= f.label :otp_enabled, I18n.t('status', :scope => 'devise.otp.otp_tokens') %><br />
     <%= f.check_box :otp_enabled %>
   </p>
 
-  <p><%= f.submit I18n.t('submit', :scope => 'devise.otp.tokens') %></p>
+  <p><%= f.submit I18n.t('submit', :scope => 'devise.otp.otp_tokens') %></p>
 <% end %>
 
 <%- if resource.otp_enabled? %>

data/config/locales/en.yml

@@ -1,7 +1,8 @@
 en:
   devise:
-
     otp:
+      general:
+        remember: Remember me
       submit_token:
         title: 'Check Token'
         explain: "You're getting this because you enabled two-factors authentication on your account"
@@ -9,21 +10,18 @@ en:
         recovery_prompt: 'Please enter your recovery code:'
         submit: 'Submit Token'
         recovery_link: "I don't have my device, I want to use a recovery code"
-
-      credentials:
+      otp_credentials:
         token_invalid: 'The token you provided was invalid.'
         token_blank: 'You need to type in the token you generated with your device.'
         need_to_refresh_credentials: 'We need to check your credentials before you can change these settings.'
         valid_refresh: 'Thank you, your credentials were accepted.'
         invalid_refresh: 'Sorry, you provided the wrong credentials.'
-
       credentials_refresh:
         title: 'Please enter your password again.'
         explain: 'In order to ensure this is  safe, please enter your password again.'
         go_on: 'Continue...'
         identity: 'Identity:'
         token: 'Your two-factors authentication token'
-
       token_secret:
         title: 'Your token secret'
         explain: 'Take a photo of this QR code with your mobile'
@@ -31,23 +29,18 @@ en:
         reset_otp: 'Reset your Two Factors Authentication status'
         reset_explain: 'This will reset your credentials, and disable two-factors authentication.'
         reset_explain_warn: 'You will need to enroll your mobile device again.'
-
-      tokens:
+      otp_tokens:
         title: 'Two-factors Authentication:'
         explain: 'Two factors authentication adds an additional layer of security to your account. When logging in you will be asked for a code that you can generate on a physical device, like your phone.'
         enable_request: 'Would you like to enable Two Factors Authenticator?'
-
         status: 'Enable Two-Factors Authentication.'
         submit: 'Continue...'
-
         successfully_updated: 'Your two-factors authentication settings have been updated.'
         successfully_reset_creds: 'Your two-factors credentials has been reset.'
         successfully_set_persistence: 'Your device is now trusted.'
         successfully_cleared_persistence: 'Your device has been removed from the list of trusted devices.'
         successfully_reset_persistence: 'Your list of trusted devices has been cleared.'
-
         need_to_refresh_credentials: 'We need to check your credentials before you can change these settings.'
-
         recovery:
           title: 'Your Emergency Recovery Codes'
           explain: 'Take note or print these recovery codes. The will allow you to log back in in case your token device is lost, stolen, or unavailable.'
@@ -55,7 +48,6 @@ en:
           code: 'Recovery Code'
           codes_list: 'Here is the list of your recovery codes'
           download_codes: 'Download recovery codes'
-
       trusted_browsers:
         title: 'Trusted Browsers'
         explain: 'If you set your browser as trusted, you will not be asked to provide a Two-factor authentication token when logging in from that browser.'

data/devise-otp.gemspec

@@ -1,23 +1,22 @@
 # frozen_string_literal: true
 
-require_relative 'lib/devise-otp/version'
+require_relative "lib/devise-otp/version"
 
 Gem::Specification.new do |gem|
-  gem.name          = "devise-otp"
-  gem.version       = Devise::OTP::VERSION
-  gem.authors       = ["Lele Forzani", "Josef Strzibny"]
-  gem.email         = ["lele@windmill.it", "strzibny@strzibny.name"]
-  gem.description   = %q{Time Based OTP/rfc6238 compatible authentication for Devise}
-  gem.summary       = %q{Time Based OTP/rfc6238 compatible authentication for Devise}
-  gem.homepage      = "http://git.windmill.it/wm/devise-otp"
+  gem.name = "devise-otp"
+  gem.version = Devise::OTP::VERSION
+  gem.authors = ["Lele Forzani", "Josef Strzibny"]
+  gem.email = ["lele@windmill.it", "strzibny@strzibny.name"]
+  gem.description = "Time Based OTP/rfc6238 compatible authentication for Devise"
+  gem.summary = "Time Based OTP/rfc6238 compatible authentication for Devise"
+  gem.homepage = "http://git.windmill.it/wm/devise-otp"
 
-  gem.files         = `git ls-files`.split($/)
-  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.files = `git ls-files`.split($/)
   gem.require_paths = ["lib"]
 
-  gem.add_runtime_dependency 'rails',  '>= 7.0', '< 7.1'
-  gem.add_runtime_dependency 'devise', '>= 4.8.0', '< 4.9.0'
-  gem.add_runtime_dependency 'rotp',   '>= 2.0.0'
+  gem.add_runtime_dependency "rails", ">= 6.1", "< 7.2"
+  gem.add_runtime_dependency "devise", ">= 4.8.0", "< 5.0"
+  gem.add_runtime_dependency "rotp", ">= 2.0.0"
 
   gem.add_development_dependency "capybara"
   gem.add_development_dependency "cuprite"
@@ -27,4 +26,5 @@ Gem::Specification.new do |gem|
   gem.add_development_dependency "shoulda"
   gem.add_development_dependency "sprockets-rails"
   gem.add_development_dependency "sqlite3"
+  gem.add_development_dependency "standardrb"
 end

data/lib/devise-otp/version.rb

@@ -1,5 +1,5 @@
 module Devise
   module OTP
-    VERSION = "0.4.0"
+    VERSION = "0.6.0"
   end
 end

data/lib/devise-otp.rb

@@ -1,31 +1,21 @@
 require "devise-otp/version"
 
 # cherry pick active-support extensions
-#require 'active_record/connection_adapters/abstract/schema_definitions'
-require 'active_support/core_ext/integer'
-require 'active_support/core_ext/string'
-require 'active_support/ordered_hash'
-require 'active_support/concern'
+# require 'active_record/connection_adapters/abstract/schema_definitions'
+require "active_support/core_ext/integer"
+require "active_support/core_ext/string"
+require "active_support/ordered_hash"
+require "active_support/concern"
 
-require 'devise'
+require "devise"
 
 module Devise
-
-  #
-  #
-  #
   mattr_accessor :otp_mandatory
   @@otp_mandatory = false
 
-  #
-  #
-  #
   mattr_accessor :otp_authentication_timeout
   @@otp_authentication_timeout = 3.minutes
 
-  #
-  #
-  #
   mattr_accessor :otp_recovery_tokens
   @@otp_recovery_tokens = 10  ## false to disable
 
@@ -36,11 +26,8 @@ module Devise
   mattr_accessor :otp_trust_persistence
   @@otp_trust_persistence = 30.days
 
-  #
-  #
-  #
- 	mattr_accessor :otp_drift_window
- 	@@otp_drift_window = 3 # in minutes
+  mattr_accessor :otp_drift_window
+  @@otp_drift_window = 3 # in minutes
 
   #
   # if the user wants to change Otp settings,
@@ -56,7 +43,6 @@ module Devise
   mattr_accessor :otp_issuer
   @@otp_issuer = Rails.application.class.module_parent_name
 
-
   #
   # custom view path
   #
@@ -68,17 +54,17 @@ module Devise
 end
 
 module DeviseOtpAuthenticatable
-  autoload :Hooks,   'devise_otp_authenticatable/hooks'
+  autoload :Hooks, "devise_otp_authenticatable/hooks"
 
   module Controllers
-    autoload :Helpers,    'devise_otp_authenticatable/controllers/helpers'
-    autoload :UrlHelpers, 'devise_otp_authenticatable/controllers/url_helpers'
+    autoload :Helpers, "devise_otp_authenticatable/controllers/helpers"
+    autoload :UrlHelpers, "devise_otp_authenticatable/controllers/url_helpers"
   end
 end
 
-require 'devise_otp_authenticatable/routes'
-require 'devise_otp_authenticatable/engine'
+require "devise_otp_authenticatable/routes"
+require "devise_otp_authenticatable/engine"
 
 Devise.add_module :otp_authenticatable,
-                  :controller => :tokens,
-                  :model => 'devise_otp_authenticatable/models/otp_authenticatable', :route => :otp
+  controller: :tokens,
+  model: "devise_otp_authenticatable/models/otp_authenticatable", route: :otp

data/lib/devise_otp_authenticatable/controllers/helpers.rb

@@ -1,9 +1,8 @@
 module DeviseOtpAuthenticatable
   module Controllers
     module Helpers
-
       def authenticate_scope!
-        send(:"authenticate_#{resource_name}!", :force => true)
+        send(:"authenticate_#{resource_name}!", force: true)
         self.resource = send("current_#{resource_name}")
       end
 
@@ -11,7 +10,7 @@ module DeviseOtpAuthenticatable
       # similar to DeviseController#set_flash_message, but sets the scope inside
       # the otp controller
       #
-      def otp_set_flash_message(key, kind, options={})
+      def otp_set_flash_message(key, kind, options = {})
         options[:scope] ||= "devise.otp.#{controller_name}"
         options[:default] = Array(options[:default]).unshift(kind.to_sym)
         options[:resource_name] = resource_name
@@ -20,7 +19,7 @@ module DeviseOtpAuthenticatable
         flash[key] = message if message.present?
       end
 
-      def otp_t()
+      def otp_t
       end
 
       def trusted_devices_enabled?
@@ -67,7 +66,7 @@ module DeviseOtpAuthenticatable
         return false unless resource.class.otp_trust_persistence
         if cookies[otp_scoped_persistence_cookie].present?
           cookies.signed[otp_scoped_persistence_cookie] ==
-              [resource.to_key, resource.authenticatable_salt, resource.otp_persistence_seed]
+            [resource.to_key, resource.authenticatable_salt, resource.otp_persistence_seed]
         else
           false
         end
@@ -79,9 +78,9 @@ module DeviseOtpAuthenticatable
       def otp_set_trusted_device_for(resource)
         return unless resource.class.otp_trust_persistence
         cookies.signed[otp_scoped_persistence_cookie] = {
-            :httponly => true,
-            :expires => Time.now + resource.class.otp_trust_persistence,
-            :value => [resource.to_key, resource.authenticatable_salt, resource.otp_persistence_seed]
+          httponly: true,
+          expires: Time.now + resource.class.otp_trust_persistence,
+          value: [resource.to_key, resource.authenticatable_salt, resource.otp_persistence_seed]
         }
       end
 
@@ -91,7 +90,6 @@ module DeviseOtpAuthenticatable
 
       def otp_fetch_refresh_return_url
         session.delete(otp_scoped_refresh_return_url_property) { :root }
-
       end
 
       def otp_scoped_refresh_return_url_property
@@ -131,27 +129,27 @@ module DeviseOtpAuthenticatable
       private
 
       def otp_authenticator_token_image_js(otp_url)
-        content_tag(:div, :class => 'qrcode-container') do
-          tag(:div, :id => 'qrcode', :class => 'qrcode') +
-          javascript_tag(%Q[
-            new QRCode("qrcode", {
-              text: "#{otp_url}",
-              width: 256,
-              height: 256,
-              colorDark : "#000000",
-              colorLight : "#ffffff",
-              correctLevel : QRCode.CorrectLevel.H
-            });
-          ]) + tag("/div")
+        content_tag(:div, class: "qrcode-container") do
+          content_tag(:div, id: "qrcode", class: "qrcode") do
+            javascript_tag(%[
+              new QRCode("qrcode", {
+                text: "#{otp_url}",
+                width: 256,
+                height: 256,
+                colorDark : "#000000",
+                colorLight : "#ffffff",
+                correctLevel : QRCode.CorrectLevel.H
+              });
+            ])
+          end
         end
       end
 
       def otp_authenticator_token_image_google(otp_url)
         otp_url = Rack::Utils.escape(otp_url)
         url = "https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl=#{otp_url}"
-        image_tag(url, :alt => 'OTP Url QRCode')
+        image_tag(url, alt: "OTP Url QRCode")
       end
-
     end
   end
 end

data/lib/devise_otp_authenticatable/controllers/url_helpers.rb

@@ -1,7 +1,6 @@
 module DeviseOtpAuthenticatable
   module Controllers
     module UrlHelpers
-
       def recovery_otp_token_for(resource_or_scope, opts = {})
         scope = ::Devise::Mapping.find_scope!(resource_or_scope)
         send("recovery_#{scope}_otp_token_path", opts)
@@ -26,7 +25,6 @@ module DeviseOtpAuthenticatable
         scope = ::Devise::Mapping.find_scope!(resource_or_scope)
         send("#{scope}_otp_credential_path", opts)
       end
-
     end
   end
 end

data/lib/devise_otp_authenticatable/engine.rb

@@ -1,5 +1,7 @@
 module DeviseOtpAuthenticatable
   class Engine < ::Rails::Engine
+    config.devise_otp = ActiveSupport::OrderedOptions.new
+    config.devise_otp.precompile_assets = true
 
     # We use to_prepare instead of after_initialize here because Devise is a Rails engine;
     config.to_prepare do
@@ -19,12 +21,12 @@ module DeviseOtpAuthenticatable
 
       # See: https://guides.rubyonrails.org/engines.html#separate-assets-and-precompiling
       # check if Rails api mode
-      if app.config.respond_to?(:assets)
-        if defined?(Sprockets) && Sprockets::VERSION >= "4"
-          app.config.assets.precompile << "devise-otp.js"
+      if app.config.respond_to?(:assets) && app.config.devise_otp.precompile_assets
+        app.config.assets.precompile << if defined?(Sprockets) && Sprockets::VERSION >= "4"
+          "devise-otp.js"
         else
           # use a proc instead of a string
-          app.config.assets.precompile << proc { |path| path == "devise-otp.js" }
+          proc { |path| path == "devise-otp.js" }
         end
       end
     end