devise-otp 0.4.0 → 0.6.0

data/lib/devise_otp_authenticatable/hooks/sessions.rb

@@ -4,7 +4,7 @@ module DeviseOtpAuthenticatable::Hooks
     include DeviseOtpAuthenticatable::Controllers::UrlHelpers
 
     included do
-      alias_method  :create, :create_with_otp
+      alias_method :create, :create_with_otp
     end
 
     #
@@ -18,19 +18,19 @@ module DeviseOtpAuthenticatable::Hooks
 
       otp_refresh_credentials_for(resource)
 
+      yield resource if block_given?
       if otp_challenge_required_on?(resource)
         challenge = resource.generate_otp_challenge!
         warden.logout
         store_location_for(resource, devise_stored_location) # restore the stored location
-        respond_with resource, :location => otp_credential_path_for(resource, {:challenge => challenge})
+        respond_with resource, location: otp_credential_path_for(resource, {challenge: challenge})
       elsif otp_mandatory_on?(resource) # if mandatory, log in user but send him to the must activate otp
         set_flash_message(:notice, :signed_in_but_otp) if is_navigational_format?
         sign_in(resource_name, resource)
-        respond_with resource, :location => otp_token_path_for(resource)
+        respond_with resource, location: otp_token_path_for(resource)
       else
-        set_flash_message(:notice, :signed_in) if is_navigational_format?
         sign_in(resource_name, resource)
-        respond_with resource, :location => after_sign_in_path_for(resource)
+        respond_with resource, location: after_sign_in_path_for(resource)
       end
     end
 
@@ -49,7 +49,7 @@ module DeviseOtpAuthenticatable::Hooks
     # the resource -should- have otp turned on, but it isn't
     #
     def otp_mandatory_on?(resource)
-      return true if resource.class.otp_mandatory
+      return true if resource.class.otp_mandatory && !resource.otp_enabled
       return false unless resource.respond_to?(:otp_mandatory)
 
       resource.otp_mandatory && !resource.otp_enabled

data/lib/devise_otp_authenticatable/hooks.rb

@@ -1,13 +1,11 @@
 module DeviseOtpAuthenticatable
   module Hooks
-
-    autoload :Sessions, 'devise_otp_authenticatable/hooks/sessions.rb'
+    autoload :Sessions, "devise_otp_authenticatable/hooks/sessions.rb"
 
     class << self
       def apply
         ::Devise::SessionsController.send(:include, Hooks::Sessions)
       end
     end
-
   end
 end

data/lib/devise_otp_authenticatable/models/otp_authenticatable.rb

@@ -1,27 +1,27 @@
-require 'rotp'
+require "rotp"
 
 module Devise::Models
   module OtpAuthenticatable
     extend ActiveSupport::Concern
 
     included do
-      before_validation :generate_otp_auth_secret, :on => :create
-      before_validation :generate_otp_persistence_seed, :on => :create
-      scope :with_valid_otp_challenge, lambda { |time| where('otp_challenge_expires > ?', time) }
+      before_validation :generate_otp_auth_secret, on: :create
+      before_validation :generate_otp_persistence_seed, on: :create
+      scope :with_valid_otp_challenge, lambda { |time| where("otp_challenge_expires > ?", time) }
     end
 
     module ClassMethods
       ::Devise::Models.config(self, :otp_authentication_timeout, :otp_drift_window, :otp_trust_persistence,
-                                    :otp_mandatory, :otp_credentials_refresh, :otp_issuer, :otp_recovery_tokens,
-                                    :otp_controller_path)
+        :otp_mandatory, :otp_credentials_refresh, :otp_issuer, :otp_recovery_tokens,
+        :otp_controller_path)
 
       def find_valid_otp_challenge(challenge)
-        with_valid_otp_challenge(Time.now).where(:otp_session_challenge => challenge).first
+        with_valid_otp_challenge(Time.now).where(otp_session_challenge: challenge).first
       end
     end
 
     def time_based_otp
-      @time_based_otp ||= ROTP::TOTP.new(otp_auth_secret, issuer: "#{self.class.otp_issuer || Rails.application.class.module_parent_name}")
+      @time_based_otp ||= ROTP::TOTP.new(otp_auth_secret, issuer: (self.class.otp_issuer || Rails.application.class.module_parent_name).to_s)
     end
 
     def recovery_otp
@@ -36,15 +36,14 @@ module Devise::Models
       email
     end
 
-
     def reset_otp_credentials
       @time_based_otp = nil
       @recovery_otp = nil
       generate_otp_auth_secret
       reset_otp_persistence
-      update!(:otp_enabled => false,
-             :otp_session_challenge => nil, :otp_challenge_expires => nil,
-             :otp_recovery_counter => 0)
+      update!(otp_enabled: false,
+        otp_session_challenge: nil, otp_challenge_expires: nil,
+        otp_recovery_counter: 0)
     end
 
     def reset_otp_credentials!
@@ -66,16 +65,16 @@ module Devise::Models
         reset_otp_credentials!
       end
 
-      update!(:otp_enabled => true, :otp_enabled_on => Time.now)
+      update!(otp_enabled: true, otp_enabled_on: Time.now)
     end
 
     def disable_otp!
-      update!(:otp_enabled => false, :otp_enabled_on => nil)
+      update!(otp_enabled: false, otp_enabled_on: nil)
     end
 
     def generate_otp_challenge!(expires = nil)
-      update!(:otp_session_challenge => SecureRandom.hex,
-             :otp_challenge_expires => DateTime.now + (expires || self.class.otp_authentication_timeout))
+      update!(otp_session_challenge: SecureRandom.hex,
+        otp_challenge_expires: DateTime.now + (expires || self.class.otp_authentication_timeout))
       otp_session_challenge
     end
 
@@ -83,7 +82,6 @@ module Devise::Models
       (otp_challenge_expires.nil? || otp_challenge_expires > Time.now)
     end
 
-
     def validate_otp_token(token, recovery = false)
       if recovery
         validate_otp_recovery_token token
@@ -100,9 +98,8 @@ module Devise::Models
     alias_method :valid_otp_time_token?, :validate_otp_time_token
 
     def next_otp_recovery_tokens(number = self.class.otp_recovery_tokens)
-      (otp_recovery_counter..otp_recovery_counter + number).inject({}) do |h, index|
+      (otp_recovery_counter..otp_recovery_counter + number).each_with_object({}) do |index, h|
         h[index] = recovery_otp.at(index)
-        h
       end
     end
 
@@ -114,15 +111,13 @@ module Devise::Models
     end
     alias_method :valid_otp_recovery_token?, :validate_otp_recovery_token
 
-
-
     private
 
     def validate_otp_token_with_drift(token)
-
       # should be centered around saved drift
-      (-self.class.otp_drift_window..self.class.otp_drift_window).any? {|drift|
-        (time_based_otp.verify(token, at: Time.now.ago(30 * drift))) }
+      (-self.class.otp_drift_window..self.class.otp_drift_window).any? { |drift|
+        time_based_otp.verify(token, at: Time.now.ago(30 * drift))
+      }
     end
 
     def generate_otp_persistence_seed
@@ -133,6 +128,5 @@ module Devise::Models
       self.otp_auth_secret = ROTP::Base32.random_base32
       self.otp_recovery_secret = ROTP::Base32.random_base32
     end
-
   end
 end

data/lib/devise_otp_authenticatable/routes.rb

@@ -1,27 +1,24 @@
 module ActionDispatch::Routing
   class Mapper
-
     protected
 
     def devise_otp(mapping, controllers)
-      namespace :otp, :module => :devise_otp do
-        resource :token, :only => [:show, :update, :destroy],
-                 :path => mapping.path_names[:token], :controller => controllers[:otp_tokens] do
-
+      namespace :otp, module: :devise_otp do
+        resource :token, only: [:show, :update, :destroy],
+          path: mapping.path_names[:token], controller: controllers[:otp_tokens] do
           if Devise.otp_trust_persistence
-            get  :persistence, :action => 'get_persistence'
-            post :persistence, :action => 'clear_persistence'
-            delete :persistence, :action => 'delete_persistence'
+            get :persistence, action: "get_persistence"
+            post :persistence, action: "clear_persistence"
+            delete :persistence, action: "delete_persistence"
           end
 
-          get  :recovery
+          get :recovery
         end
 
-        resource :credential, :only => [:show, :update],
-                 :path => mapping.path_names[:credentials], :controller => controllers[:otp_credentials] do
-
-          get :refresh, :action => 'get_refresh'
-          put :refresh, :action => 'set_refresh'
+        resource :credential, only: [:show, :update],
+          path: mapping.path_names[:credentials], controller: controllers[:otp_credentials] do
+          get :refresh, action: "get_refresh"
+          put :refresh, action: "set_refresh"
         end
       end
     end

data/lib/generators/active_record/devise_otp_generator.rb

@@ -1,4 +1,4 @@
-require 'rails/generators/active_record'
+require "rails/generators/active_record"
 
 module ActiveRecord
   module Generators

data/lib/generators/devise_otp/devise_otp_generator.rb

@@ -1,17 +1,16 @@
 module DeviseOtp
-	module Generators
-		class DeviseOtpGenerator < Rails::Generators::NamedBase
+  module Generators
+    class DeviseOtpGenerator < Rails::Generators::NamedBase
+      namespace "devise_otp"
 
-			namespace "devise_otp"
+      desc "Add :otp_authenticatable directive in the given model, plus accessors. Also generate migration for ActiveRecord"
 
-			desc "Add :otp_authenticatable directive in the given model, plus accessors. Also generate migration for ActiveRecord"
+      def inject_devise_otp_content
+        path = File.join("app", "models", "#{file_path}.rb")
+        inject_into_file(path, "otp_authenticatable, :", after: "devise :") if File.exist?(path)
+      end
 
-			def inject_devise_otp_content
-				path = File.join("app","models","#{file_path}.rb")
-				inject_into_file(path, "otp_authenticatable, :", :after => "devise :") if File.exists?(path)
-			end
-
-			hook_for :orm
-		end
-	end
-end
+      hook_for :orm
+    end
+  end
+end

data/lib/generators/devise_otp/install_generator.rb

@@ -7,8 +7,7 @@ module DeviseOtp
       desc "Install the devise OTP authentication extension"
 
       def add_configs
-
-content = <<-CONTENT
+        content = <<-CONTENT
 
   # ==> Devise OTP Extension
   # Configure OTP extension for devise
@@ -43,9 +42,9 @@ content = <<-CONTENT
   # Custom view path for Devise OTP controllers
   #config.otp_controller_path = 'devise'
 
-CONTENT
+        CONTENT
 
-        inject_into_file "config/initializers/devise.rb", content, :before => /end[ |\n|]+\Z/
+        inject_into_file "config/initializers/devise.rb", content, before: /end[ |\n]+\Z/
       end
 
       def copy_locale

data/lib/generators/devise_otp/views_generator.rb

@@ -1,17 +1,17 @@
-require 'generators/devise/views_generator'
+require "generators/devise/views_generator"
 
 module DeviseOtp
   module Generators
     class ViewsGenerator < Rails::Generators::Base
-      desc 'Copies all Devise OTP views to your application.'
+      desc "Copies all Devise OTP views to your application."
 
-      argument :scope, :required => false, :default => nil,
-                       :desc => "The scope to copy views to"
+      argument :scope, required: false, default: nil,
+        desc: "The scope to copy views to"
 
       include ::Devise::Generators::ViewPathTemplates
       source_root File.expand_path("../../../../app/views", __FILE__)
       def copy_views
-        view_directory :devise, 'app/views/devise'
+        view_directory :devise, "app/views/devise"
       end
     end
   end

data/test/dummy/Rakefile

@@ -2,6 +2,6 @@
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 
-require File.expand_path('../config/application', __FILE__)
+require File.expand_path("../config/application", __FILE__)
 
 Dummy::Application.load_tasks

data/test/dummy/app/controllers/posts_controller.rb

@@ -46,7 +46,7 @@ class PostsController < ApplicationController
 
     respond_to do |format|
       if @post.save
-        format.html { redirect_to @post, notice: 'Post was successfully created.' }
+        format.html { redirect_to @post, notice: "Post was successfully created." }
         format.json { render json: @post, status: :created, location: @post }
       else
         format.html { render action: "new" }
@@ -62,7 +62,7 @@ class PostsController < ApplicationController
 
     respond_to do |format|
       if @post.update_attributes(params[:post])
-        format.html { redirect_to @post, notice: 'Post was successfully updated.' }
+        format.html { redirect_to @post, notice: "Post was successfully updated." }
         format.json { head :ok }
       else
         format.html { render action: "edit" }

data/test/dummy/app/models/user.rb

@@ -3,18 +3,18 @@ class User < PARENT_MODEL_CLASS
     include Mongoid::Document
 
     ## Database authenticatable
-    field :email,              :type => String, :null => false, :default => ""
-    field :encrypted_password, :type => String, :null => false, :default => ""
+    field :email, type: String, null: false, default: ""
+    field :encrypted_password, type: String, null: false, default: ""
 
     ## Recoverable
-    field :reset_password_token,   :type => String
-    field :reset_password_sent_at, :type => Time
+    field :reset_password_token, type: String
+    field :reset_password_sent_at, type: Time
   end
 
   devise :otp_authenticatable, :database_authenticatable, :registerable,
-         :trackable, :validatable
+    :trackable, :validatable
 
   # Setup accessible (or protected) attributes for your model
-  #attr_accessible :otp_enabled, :otp_mandatory, :as => :otp_privileged
-  #attr_accessible :email, :password, :password_confirmation, :remember_me
-end
+  # attr_accessible :otp_enabled, :otp_mandatory, :as => :otp_privileged
+  # attr_accessible :email, :password, :password_confirmation, :remember_me
+end

data/test/dummy/config/application.rb

@@ -1,10 +1,10 @@
-require File.expand_path('../boot', __FILE__)
+require File.expand_path("../boot", __FILE__)
 
 # Pick the frameworks you want:
 require "active_record/railtie"
 require "action_controller/railtie"
 require "action_mailer/railtie"
-#require "active_resource/railtie"
+# require "active_resource/railtie"
 require "sprockets/railtie"
 # require "rails/test_unit/railtie"
 
@@ -15,7 +15,7 @@ begin
   require "#{DEVISE_ORM}/railtie"
 rescue LoadError
 end
-PARENT_MODEL_CLASS = DEVISE_ORM == :active_record ? ActiveRecord::Base : Object
+PARENT_MODEL_CLASS = (DEVISE_ORM == :active_record) ? ActiveRecord::Base : Object
 
 require "devise"
 require "devise-otp"
@@ -64,6 +64,6 @@ module Dummy
     config.assets.enabled = true
 
     # Version of your assets, change this if you want to expire all your assets
-    config.assets.version = '1.0'
+    config.assets.version = "1.0"
   end
 end

data/test/dummy/config/boot.rb

@@ -1,10 +1,10 @@
-require 'rubygems'
-gemfile = File.expand_path('../../../../Gemfile', __FILE__)
+require "rubygems"
+gemfile = File.expand_path("../../../../Gemfile", __FILE__)
 
 if File.exist?(gemfile)
-  ENV['BUNDLE_GEMFILE'] = gemfile
-  require 'bundler'
+  ENV["BUNDLE_GEMFILE"] = gemfile
+  require "bundler"
   Bundler.setup
 end
 
-$:.unshift File.expand_path('../../../../lib', __FILE__)
+$:.unshift File.expand_path("../../../../lib", __FILE__)

data/test/dummy/config/environment.rb

@@ -1,5 +1,5 @@
 # Load the rails application
-require File.expand_path('../application', __FILE__)
+require File.expand_path("../application", __FILE__)
 
 # Initialize the rails application
 Dummy::Application.initialize!

data/test/dummy/config/environments/development.rb

@@ -10,7 +10,7 @@ Dummy::Application.configure do
   config.eager_load = false
 
   # Show full error reports and disable caching
-  config.consider_all_requests_local       = true
+  config.consider_all_requests_local = true
   config.action_controller.perform_caching = false
 
   # Don't care if the mailer can't send

data/test/dummy/config/environments/production.rb

@@ -11,7 +11,7 @@ Dummy::Application.configure do
   config.eager_load = true
 
   # Full error reports are disabled and caching is turned on
-  config.consider_all_requests_local       = false
+  config.consider_all_requests_local = false
   config.action_controller.perform_caching = true
 
   # Disable Rails's static asset server (Apache or nginx will already do this)

data/test/dummy/config/environments/test.rb

@@ -17,14 +17,14 @@ Dummy::Application.configure do
   config.static_cache_control = "public, max-age=3600"
 
   # Show full error reports and disable caching
-  config.consider_all_requests_local       = true
+  config.consider_all_requests_local = true
   config.action_controller.perform_caching = false
 
   # Raise exceptions instead of rendering exception templates
   config.action_dispatch.show_exceptions = false
 
   # Disable request forgery protection in test environment
-  config.action_controller.allow_forgery_protection    = false
+  config.action_controller.allow_forgery_protection = false
 
   # Tell Action Mailer not to deliver emails to the real world.
   # The :test delivery method accumulates sent emails in the

data/test/dummy/config/initializers/devise.rb

@@ -1,8 +1,7 @@
 # Use this hook to configure devise mailer, warden hooks and so forth.
 # Many of these configuration options can be set straight in your model.
 Devise.setup do |config|
-
-  config.secret_key = '638da6a325f1de9038321504c4a06ef7f4f7f835331a63ba41b93732b3830d032b6a10b38afa67427e050b19f9717b1e7a45f650ac5631c53cc9dd85264fdfb0'
+  config.secret_key = "638da6a325f1de9038321504c4a06ef7f4f7f835331a63ba41b93732b3830d032b6a10b38afa67427e050b19f9717b1e7a45f650ac5631c53cc9dd85264fdfb0"
 
   # ==> Mailer Configuration
   # Configure the e-mail address which will be shown in Devise::Mailer,
@@ -16,7 +15,7 @@ Devise.setup do |config|
   # Load and configure the ORM. Supports :active_record (default) and
   # :mongoid (bson_ext recommended) by default. Other ORMs may be
   # available as additional gems.
-  require 'devise/orm/active_record'
+  require "devise/orm/active_record"
 
   # ==> Configuration for any authentication mechanism
   # Configure which keys are used when authenticating a user. The default is
@@ -38,12 +37,12 @@ Devise.setup do |config|
   # Configure which authentication keys should be case-insensitive.
   # These keys will be downcased upon creating or modifying a user and when used
   # to authenticate or find a user. Default is :email.
-  config.case_insensitive_keys = [ :email ]
+  config.case_insensitive_keys = [:email]
 
   # Configure which authentication keys should have whitespace stripped.
   # These keys will have whitespace before and after removed upon creating or
   # modifying a user and when used to authenticate or find a user. Default is :email.
-  config.strip_whitespace_keys = [ :email ]
+  config.strip_whitespace_keys = [:email]
 
   # Tell if authentication through request.params is enabled. True by default.
   # It can be set to an array that will enable params authentication only for the
@@ -245,9 +244,8 @@ Devise.setup do |config|
   # Configure extension for devise
 
   # How long should the user have to enter their token. To change the default, uncomment and change the below:
-  #config.otp_authentication_timeout = 3.minutes
+  # config.otp_authentication_timeout = 3.minutes
 
   # Change time drift settings for valid token values. To change the default, uncomment and change the below:
-  #config.otp_authentication_time_drift = 3
-
+  # config.otp_authentication_time_drift = 3
 end

data/test/dummy/config/initializers/secret_token.rb

@@ -4,5 +4,5 @@
 # If you change this key, all old signed cookies will become invalid!
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
-Dummy::Application.config.secret_token = '7854ba4c663086c191afbc2e05384503b5529fa2c8e51417539db1cbe7c68e8490e9d57a1d908d4e82816a522edb97f71a8de9233272a5598534a38ef1b08697'
-Dummy::Application.config.secret_key_base = '7854ba4c663086c191afbc2e05384503b5529fa2c8e51417539db1cbe7c68e8490e9d57a1d908d4e82816a522edb97f71a8de9233272a5598534a38ef1b08697'
+Dummy::Application.config.secret_token = "7854ba4c663086c191afbc2e05384503b5529fa2c8e51417539db1cbe7c68e8490e9d57a1d908d4e82816a522edb97f71a8de9233272a5598534a38ef1b08697"
+Dummy::Application.config.secret_key_base = "7854ba4c663086c191afbc2e05384503b5529fa2c8e51417539db1cbe7c68e8490e9d57a1d908d4e82816a522edb97f71a8de9233272a5598534a38ef1b08697"

data/test/dummy/config/initializers/session_store.rb

@@ -1,6 +1,6 @@
 # Be sure to restart your server when you modify this file.
 
-Dummy::Application.config.session_store :cookie_store, :key => '_dummy_session'
+Dummy::Application.config.session_store :cookie_store, key: "_dummy_session"
 
 # Use the database for sessions instead of the cookie-based default,
 # which shouldn't be used to store highly confidential information

data/test/dummy/config/initializers/wrap_parameters.rb

@@ -5,7 +5,7 @@
 
 # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
 ActiveSupport.on_load(:action_controller) do
-  wrap_parameters :format => [:json]
+  wrap_parameters format: [:json]
 end
 
 # Disable root element in JSON by default.

data/test/dummy/config/routes.rb

@@ -2,5 +2,5 @@ Dummy::Application.routes.draw do
   devise_for :users
 
   resources :posts
-  root :to => 'posts#index'
+  root to: "posts#index"
 end

data/test/dummy/config.ru

@@ -1,4 +1,4 @@
 # This file is used by Rack-based servers to start the application.
 
-require ::File.expand_path('../config/environment',  __FILE__)
+require ::File.expand_path("../config/environment", __FILE__)
 run Dummy::Application

data/test/dummy/db/migrate/20130131092406_add_devise_to_users.rb

@@ -2,22 +2,22 @@ class AddDeviseToUsers < ActiveRecord::Migration[5.0]
   def self.up
     change_table(:users) do |t|
       ## Database authenticatable
-      t.string :email,              :null => false, :default => ""
-      t.string :encrypted_password, :null => false, :default => ""
+      t.string :email, null: false, default: ""
+      t.string :encrypted_password, null: false, default: ""
 
       ## Recoverable
-      t.string   :reset_password_token
+      t.string :reset_password_token
       t.datetime :reset_password_sent_at
 
       ## Rememberable
       t.datetime :remember_created_at
 
       ## Trackable
-      t.integer  :sign_in_count, :default => 0
+      t.integer :sign_in_count, default: 0
       t.datetime :current_sign_in_at
       t.datetime :last_sign_in_at
-      t.string   :current_sign_in_ip
-      t.string   :last_sign_in_ip
+      t.string :current_sign_in_ip
+      t.string :last_sign_in_ip
 
       ## Confirmable
       # t.string   :confirmation_token
@@ -26,23 +26,22 @@ class AddDeviseToUsers < ActiveRecord::Migration[5.0]
       # t.string   :unconfirmed_email # Only if using reconfirmable
 
       ## Lockable
-      t.integer  :failed_attempts, :default => 0 # Only if lock strategy is :failed_attempts
-      t.string   :unlock_token # Only if unlock strategy is :email or :both
+      t.integer :failed_attempts, default: 0 # Only if lock strategy is :failed_attempts
+      t.string :unlock_token # Only if unlock strategy is :email or :both
       t.datetime :locked_at
 
       ## Token authenticatable
       t.string :authentication_token
 
-
       # Uncomment below if timestamps were not included in your original model.
       # t.timestamps
     end
 
-    add_index :users, :email,                :unique => true
-    add_index :users, :reset_password_token, :unique => true
+    add_index :users, :email, unique: true
+    add_index :users, :reset_password_token, unique: true
     # add_index :users, :confirmation_token,   :unique => true
-    add_index :users, :unlock_token,         :unique => true
-    add_index :users, :authentication_token, :unique => true
+    add_index :users, :unlock_token, unique: true
+    add_index :users, :authentication_token, unique: true
   end
 
   def self.down

data/test/dummy/db/migrate/20130131160351_devise_otp_add_to_users.rb

@@ -1,28 +1,28 @@
 class DeviseOtpAddToUsers < ActiveRecord::Migration[5.0]
   def self.up
     change_table :users do |t|
-      t.string    :otp_auth_secret
-      t.string    :otp_recovery_secret
-      t.boolean   :otp_enabled,          :default => false, :null => false
-      t.boolean   :otp_mandatory,        :default => false, :null => false
-      t.datetime  :otp_enabled_on
-      t.integer   :otp_time_drift,       :default => 0, :null => false
-      t.integer   :otp_failed_attempts,  :default => 0, :null => false
-      t.integer   :otp_recovery_counter, :default => 0, :null => false
-      t.string    :otp_persistence_seed
+      t.string :otp_auth_secret
+      t.string :otp_recovery_secret
+      t.boolean :otp_enabled, default: false, null: false
+      t.boolean :otp_mandatory, default: false, null: false
+      t.datetime :otp_enabled_on
+      t.integer :otp_time_drift, default: 0, null: false
+      t.integer :otp_failed_attempts, default: 0, null: false
+      t.integer :otp_recovery_counter, default: 0, null: false
+      t.string :otp_persistence_seed
 
-      t.string    :otp_session_challenge
-      t.datetime  :otp_challenge_expires
+      t.string :otp_session_challenge
+      t.datetime :otp_challenge_expires
     end
 
-    add_index :users, :otp_session_challenge,  :unique => true
+    add_index :users, :otp_session_challenge, unique: true
     add_index :users, :otp_challenge_expires
   end
 
   def self.down
     change_table :users do |t|
       t.remove :otp_auth_secret, :otp_recovery_secret, :otp_enabled, :otp_mandatory, :otp_enabled_on, :otp_session_challenge,
-          :otp_challenge_expires, :otp_time_drift, :otp_failed_attempts, :otp_recovery_counter, :otp_persistence_seed
+        :otp_challenge_expires, :otp_time_drift, :otp_failed_attempts, :otp_recovery_counter, :otp_persistence_seed
     end
   end
 end