devise-otp 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7a2884c76d255b2c2bb3b40859db7018c5668d49fcb6897141dacd8d7df0bc62
-  data.tar.gz: 3c7ee30dd96a9711b4b4194cb2b94cea6abb06113dda2ef58b70c9a96c998ec4
+  metadata.gz: f329ff1fa9732961646ad4169f89921f3429a6aa86744486eafa21a891fd1628
+  data.tar.gz: 8a4797664986ea6c11e21a50a43d5aeda471000ce5610e91451ec37f3d231121
 SHA512:
-  metadata.gz: b099c20c5c6d76fc2e1226511615bb43f2b081620f01bbf1bcc939cec66e286aa3536f8a654495907607e42d23e7f3efd9bb3377ed3a1a8a6ef522ec5e9568e1
-  data.tar.gz: 731d1dc34877d0fe91bb092b33ce4ee7c302c4cb75183daa3ff67a0df7f6d242bc86b3ab4e0923683b8408c8f1e6bab8e8a1d1c5fa10b9b0e104617a9b87ded7
+  metadata.gz: e42b34ea4259e698e75f6408b6d0a0021b39f934d960e039a305ee2f9dc7d443a8dbdc9f99e1df452b75602430e601bf7ece1214b11766ba558fb3806d07355c
+  data.tar.gz: 8c1bde0740a5f96dfc440e976c568a8ef0b7f0ac91e7af620d14aea1e8208811e6339384dc9d7b6363c6f4ed9de363c1637422a82b5f5f5c6696fa17c9879764

data/.github/workflows/ci.yml

@@ -12,15 +12,14 @@ jobs:
       fail-fast: false
       matrix:
         ruby:
+          - '3.4'
           - '3.3'
           - '3.2'
-          - '3.1'
           - 'head'
         rails:
           - rails_8.0
           - rails_7.2
           - rails_7.1
-          - rails_7.0
         exclude:
           - ruby: '3.1'
             rails: 'rails_8.0'
@@ -38,7 +37,8 @@ jobs:
           ruby-version: ${{ matrix.ruby }}
           bundler-cache: true
 
+      - name: Create database
+        run: cd test/dummy && RAILS_ENV=test bundle exec rails db:create db:migrate --trace
+
       - name: Run tests
-        env:
-          DEVISE_ORM: active_record
         run: bundle exec rake test

data/.gitignore

@@ -34,9 +34,7 @@ lib/bundler/man
 ## PROJECT::SPECIFIC
 test/dummy/log/**
 test/dummy/tmp/**
-test/dummy/db/*.sqlite3
-test/dummy/db/*.sqlite3-shm
-test/dummy/db/*.sqlite3-wal
+test/dummy/storage/**
 
 # Ignore Gemfile.lock
 Gemfile.lock

data/Appraisals

@@ -1,19 +1,5 @@
 # frozen_string_literal: true
 
-appraise 'rails_7.0' do
-  gem 'rails', '~> 7.0.0'
-  gem 'sqlite3', '~> 1.5.0'
-
-  # Fix: LoadError: cannot load such file -- base64
-  install_if '-> { Gem::Version.new(RUBY_VERSION) >= Gem::Version.new("3.3.0") }' do
-    gem 'base64'
-    gem 'bigdecimal'
-    gem 'mutex_m'
-    gem 'drb'
-    gem 'logger'
-  end
-end
-
 appraise 'rails_7.1' do
   gem 'rails', '~> 7.1.0'
   gem 'sqlite3', '~> 1.5.0'

data/CHANGELOG.md

@@ -2,7 +2,40 @@
 
 ## Unreleased
 
-- Upgrade gemspec to support Rails v7.2
+## 1.1.0
+
+Bug fixes:
+- Update refreshable hook to ensure that user models without Devise OTP can still sign in
+- Add tests for non-OTP user models to confirm resolution
+
+Improvements:
+- Remove references to MongoDB from test suite
+- Standardize test application's database configuration
+- Add Development Instructions to README
+
+## 1.0.1
+- Add support for Ruby 3.4
+- Set minimum Ruby version to 3.2
+- Set miminum Rails version to 7.1
+- Add MIT license type to gemspec
+- Correct Devise spelling error in README
+
+## 1.0.0
+- Add support for Rails 8
+- Generate QR Codes as SVG
+- Fix Issue with Invalid Token Message
+- Simplify OTP Credentials Controller
+- Expand Flash Message Tests
+- Use Appraisal gem to against older Rails versions
+
+## 0.8.0
+- Add support for Rails 7.2 and drop support for Rails 6.1
+- Fix issue with scoped redirects for non-default resources
+- Add migration version numbers
+- Cleanup old docs
+
+## 0.7.1
+- Fix host and port for 3rd-party tests
 
 ## 0.7.0
 

data/README.md

@@ -13,7 +13,7 @@ Some of the compatible token devices are:
 * [Google Authenticator](https://code.google.com/p/google-authenticator/)
 * [FreeOTP](https://fedorahosted.org/freeotp/)
 
-Device OTP was recently updated to work with Rails 7+ and Turbo.
+Devise OTP was recently updated to work with Rails 7+ and Turbo.
 
 ## Sponsor
 
@@ -101,6 +101,20 @@ Enforcing mandatory OTP requires adding the ensure\_mandatory\_{scope}\_otp! met
     before_action :authenticate_user!
     before_action :ensure_mandatory_user_otp!
 
+## Development Instructions
+WARNING: Make sure to use the latest Ruby/Rails versions for development. If using older versions of Ruby/Rails, you will need to install all gems for all versions via Appraisal ("bundle exec appraisal install").
+
+To run the devise-otp dummy application in the development environment:
+- Navigate to the dummy app directory ("cd test/dummy")
+- Create and seed the database ("rails db:reset")
+- Run the rails console or server (e.g. "rails c")
+
+To run the tests for devise-otp against your current Ruby/Rails configuration:
+- Navigate to the dummy app directory ("cd test/dummy")
+- Create and migrate the database for the test environment ("RAILS\_ENV=test rails db:drop db:create db:migrate")
+- Return to the root directory of devise-otp
+- Run "rake test"
+
 ## Authors
 
 The project was originally started by Lele Forzani by forking [devise_google_authenticator](https://github.com/AsteriskLabs/devise_google_authenticator) and still contains some devise_google_authenticator code. It's now maintained by [Josef Strzibny](https://github.com/strzibny/) and [Laney Stroup](https://github.com/strouptl).

data/Rakefile

@@ -28,14 +28,3 @@ Rake::TestTask.new(:test) do |test|
   test.pattern = "test/**/*_test.rb"
   test.verbose = true
 end
-
-desc "Run Devise tests for all ORMs."
-task :tests do
-  Dir[File.join(File.dirname(__FILE__), "test", "orm", "*.rb")].each do |file|
-    orm = File.basename(file).split(".").first
-    system "rake test DEVISE_ORM=#{orm}"
-  end
-end
-
-desc "Default: run tests for all ORMs."
-task default: :tests

data/devise-otp.gemspec

@@ -10,11 +10,14 @@ Gem::Specification.new do |gem|
   gem.description = "OTP authentication for Devise"
   gem.summary = "Time Based OTP/rfc6238 compatible authentication for Devise"
   gem.homepage = "https://github.com/wmlele/devise-otp"
+  gem.license = "MIT"
 
   gem.files = `git ls-files`.split($/)
   gem.require_paths = ["lib"]
 
-  gem.add_dependency "rails", ">= 7.0"
+  gem.required_ruby_version = ">= 3.2.0"
+
+  gem.add_dependency "rails", ">= 7.1"
   gem.add_dependency "devise", ">= 4.8.0", "< 5.0"
   gem.add_dependency "rotp", ">= 2.0.0"
   gem.add_dependency "rqrcode", "~> 2.0"

data/lib/devise-otp/version.rb

@@ -1,5 +1,5 @@
 module Devise
   module OTP
-    VERSION = "1.0.0"
+    VERSION = "1.1.0"
   end
 end

data/lib/devise_otp_authenticatable/hooks/refreshable.rb

@@ -1,5 +1,7 @@
 # After each sign in, update credentials refreshed at time
 Warden::Manager.after_set_user except: :fetch do |record, warden, options|
-  warden.session(options[:scope])["credentials_refreshed_at"] = (Time.now + record.class.otp_credentials_refresh)
+  if defined?(record.class.otp_credentials_refresh)
+    warden.session(options[:scope])["credentials_refreshed_at"] = (Time.now + record.class.otp_credentials_refresh)
+  end
 end
 

data/test/dummy/app/controllers/admin_posts_controller.rb

@@ -1,8 +1,6 @@
 class AdminPostsController < ApplicationController
   before_action :authenticate_admin!
 
-  # GET /posts
-  # GET /posts.json
   def index
     @posts = Post.all
 
@@ -12,74 +10,4 @@ class AdminPostsController < ApplicationController
     end
   end
 
-  # GET /posts/1
-  # GET /posts/1.json
-  def show
-    @post = Post.find(params[:id])
-
-    respond_to do |format|
-      format.html # show.html.erb
-      format.json { render json: @post }
-    end
-  end
-
-  # GET /posts/new
-  # GET /posts/new.json
-  def new
-    @post = Post.new
-
-    respond_to do |format|
-      format.html # new.html.erb
-      format.json { render json: @post }
-    end
-  end
-
-  # GET /posts/1/edit
-  def edit
-    @post = Post.find(params[:id])
-  end
-
-  # POST /posts
-  # POST /posts.json
-  def create
-    @post = Post.new(params[:post])
-
-    respond_to do |format|
-      if @post.save
-        format.html { redirect_to @post, notice: "Post was successfully created." }
-        format.json { render json: @post, status: :created, location: @post }
-      else
-        format.html { render action: "new" }
-        format.json { render json: @post.errors, status: :unprocessable_entity }
-      end
-    end
-  end
-
-  # PUT /posts/1
-  # PUT /posts/1.json
-  def update
-    @post = Post.find(params[:id])
-
-    respond_to do |format|
-      if @post.update_attributes(params[:post])
-        format.html { redirect_to @post, notice: "Post was successfully updated." }
-        format.json { head :ok }
-      else
-        format.html { render action: "edit" }
-        format.json { render json: @post.errors, status: :unprocessable_entity }
-      end
-    end
-  end
-
-  # DELETE /posts/1
-  # DELETE /posts/1.json
-  def destroy
-    @post = Post.find(params[:id])
-    @post.destroy
-
-    respond_to do |format|
-      format.html { redirect_to posts_url }
-      format.json { head :ok }
-    end
-  end
 end

data/test/dummy/app/controllers/non_otp_posts_controller.rb

@@ -0,0 +1,13 @@
+class NonOtpPostsController < ApplicationController
+  before_action :authenticate_non_otp_user!
+
+  def index
+    @posts = Post.all
+
+    respond_to do |format|
+      format.html # index.html.erb
+      format.json { render json: @posts }
+    end
+  end
+
+end

data/test/dummy/app/controllers/posts_controller.rb

@@ -42,7 +42,7 @@ class PostsController < ApplicationController
   # POST /posts
   # POST /posts.json
   def create
-    @post = Post.new(params[:post])
+    @post = Post.new(post_params)
 
     respond_to do |format|
       if @post.save
@@ -61,7 +61,7 @@ class PostsController < ApplicationController
     @post = Post.find(params[:id])
 
     respond_to do |format|
-      if @post.update_attributes(params[:post])
+      if @post.update_attributes(post_params)
         format.html { redirect_to @post, notice: "Post was successfully updated." }
         format.json { head :ok }
       else
@@ -82,4 +82,10 @@ class PostsController < ApplicationController
       format.json { head :ok }
     end
   end
+
+  private
+
+  def post_params
+    params.require(:post).permit(:title, :body)
+  end
 end

data/test/dummy/app/models/admin.rb

@@ -1,16 +1,4 @@
-class Admin < PARENT_MODEL_CLASS
-  if DEVISE_ORM == :mongoid
-    include Mongoid::Document
-
-    ## Database authenticatable
-    field :email, type: String, null: false, default: ""
-    field :encrypted_password, type: String, null: false, default: ""
-
-    ## Recoverable
-    field :reset_password_token, type: String
-    field :reset_password_sent_at, type: Time
-  end
-
+class Admin < ActiveRecord::Base
   devise :otp_authenticatable, :database_authenticatable, :registerable,
     :trackable, :validatable
 

data/test/dummy/app/models/non_otp_user.rb

@@ -0,0 +1,4 @@
+class NonOtpUser < ActiveRecord::Base
+  devise :database_authenticatable, :registerable, :trackable, :validatable
+
+end

data/test/dummy/app/models/post.rb

@@ -1,2 +1,2 @@
-class Post < PARENT_MODEL_CLASS
+class Post < ActiveRecord::Base
 end

data/test/dummy/app/models/user.rb

@@ -1,16 +1,4 @@
-class User < PARENT_MODEL_CLASS
-  if DEVISE_ORM == :mongoid
-    include Mongoid::Document
-
-    ## Database authenticatable
-    field :email, type: String, null: false, default: ""
-    field :encrypted_password, type: String, null: false, default: ""
-
-    ## Recoverable
-    field :reset_password_token, type: String
-    field :reset_password_sent_at, type: Time
-  end
-
+class User < ActiveRecord::Base
   devise :otp_authenticatable, :database_authenticatable, :registerable,
     :trackable, :validatable
 

data/test/dummy/app/views/admin_posts/index.html.erb

@@ -13,13 +13,6 @@
   <tr>
     <td><%= post.title %></td>
     <td><%= post.body %></td>
-    <td><%= link_to 'Show', post %></td>
-    <td><%= link_to 'Edit', edit_admin_post_path(post) %></td>
-    <td><%= link_to 'Destroy', [:admin, post], confirm: 'Are you sure?', method: :delete %></td>
   </tr>
 <% end %>
 </table>
-
-<br />
-
-<%= link_to 'New Post', new_admin_post_path %>

data/test/dummy/app/views/non_otp_posts/index.html.erb

@@ -0,0 +1,18 @@
+<h1>Listing posts</h1>
+
+<table>
+  <tr>
+    <th>Title</th>
+    <th>Body</th>
+    <th></th>
+    <th></th>
+    <th></th>
+  </tr>
+
+<% @posts.each do |post| %>
+  <tr>
+    <td><%= post.title %></td>
+    <td><%= post.body %></td>
+  </tr>
+<% end %>
+</table>

data/test/dummy/config/application.rb

@@ -9,13 +9,6 @@ require "sprockets/railtie"
 # require "rails/test_unit/railtie"
 
 Bundler.require
-Bundler.require(:default, DEVISE_ORM) if defined?(Bundler)
-
-begin
-  require "#{DEVISE_ORM}/railtie"
-rescue LoadError
-end
-PARENT_MODEL_CLASS = (DEVISE_ORM == :active_record) ? ActiveRecord::Base : Object
 
 require "devise"
 require "devise-otp"

data/test/dummy/config/database.yml

@@ -1,25 +1,32 @@
-# SQLite version 3.x
+# SQLite. Versions 3.8.0 and up are supported.
 #   gem install sqlite3
 #
 #   Ensure the SQLite 3 gem is defined in your Gemfile
-#   gem 'sqlite3'
-development:
+#   gem "sqlite3"
+#
+default: &default
   adapter: sqlite3
-  database: ":memory:"
-  pool: 5
+  pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
   timeout: 5000
 
+development:
+  <<: *default
+  database: storage/development.sqlite3
+
 # Warning: The database defined as "test" will be erased and
 # re-generated from your development database when you run "rake".
 # Do not set this db to the same as development or production.
 test:
-  adapter: sqlite3
-  database: db/test.sqlite3
-  pool: 5
-  timeout: 5000
+  <<: *default
+  database: storage/test.sqlite3
+
 
+# SQLite3 write its data on the local filesystem, as such it requires
+# persistent disks. If you are deploying to a managed service, you should
+# make sure it provides disk persistence, as many don't.
+#
+# Similarly, if you deploy your application as a Docker container, you must
+# ensure the database is located in a persisted volume.
 production:
-  adapter: sqlite3
-  database: db/production.sqlite3
-  pool: 5
-  timeout: 5000
+  <<: *default
+  # database: path/to/persistent/storage/production.sqlite3

data/test/dummy/config/routes.rb

@@ -1,9 +1,11 @@
 Dummy::Application.routes.draw do
   devise_for :admins
   devise_for :users
+  devise_for :non_otp_users
 
   resources :posts
   resources :admin_posts
+  resources :non_otp_posts
 
   root to: "base#home"
 end

data/test/dummy/db/migrate/20250718092451_create_non_otp_users.rb

@@ -0,0 +1,9 @@
+class CreateNonOtpUsers < ActiveRecord::Migration[5.0]
+  def change
+    create_table :non_otp_users do |t|
+      t.string :name
+
+      t.timestamps
+    end
+  end
+end

data/test/dummy/db/migrate/20250718092536_add_devise_to_non_otp_users.rb

@@ -0,0 +1,52 @@
+class AddDeviseToNonOtpUsers < ActiveRecord::Migration[5.0]
+  def self.up
+    change_table(:non_otp_users) do |t|
+      ## Database authenticatable
+      t.string :email, null: false, default: ""
+      t.string :encrypted_password, null: false, default: ""
+
+      ## Recoverable
+      t.string :reset_password_token
+      t.datetime :reset_password_sent_at
+
+      ## Rememberable
+      t.datetime :remember_created_at
+
+      ## Trackable
+      t.integer :sign_in_count, default: 0
+      t.datetime :current_sign_in_at
+      t.datetime :last_sign_in_at
+      t.string :current_sign_in_ip
+      t.string :last_sign_in_ip
+
+      ## Confirmable
+      # t.string   :confirmation_token
+      # t.datetime :confirmed_at
+      # t.datetime :confirmation_sent_at
+      # t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      t.integer :failed_attempts, default: 0 # Only if lock strategy is :failed_attempts
+      t.string :unlock_token # Only if unlock strategy is :email or :both
+      t.datetime :locked_at
+
+      ## Token authenticatable
+      t.string :authentication_token
+
+      # Uncomment below if timestamps were not included in your original model.
+      # t.timestamps
+    end
+
+    add_index :non_otp_users, :email, unique: true
+    add_index :non_otp_users, :reset_password_token, unique: true
+    # add_index :non_otp_users, :confirmation_token,   :unique => true
+    add_index :non_otp_users, :unlock_token, unique: true
+    add_index :non_otp_users, :authentication_token, unique: true
+  end
+
+  def self.down
+    # By default, we don't want to make any assumption about how to roll back a migration when your
+    # model already existed. Please edit below which fields you would like to remove in this migration.
+    raise ActiveRecord::IrreversibleMigration
+  end
+end

data/test/dummy/db/schema.rb

@@ -0,0 +1,118 @@
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# This file is the source Rails uses to define your schema when running `bin/rails
+# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
+# be faster and is potentially less error prone than running all of your
+# migrations from scratch. Old migrations may fail to apply correctly if those
+# migrations use external dependencies or application code.
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema[8.0].define(version: 2025_07_18_092536) do
+  create_table "admins", force: :cascade do |t|
+    t.string "name"
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
+    t.string "email", default: "", null: false
+    t.string "encrypted_password", default: "", null: false
+    t.string "reset_password_token"
+    t.datetime "reset_password_sent_at", precision: nil
+    t.datetime "remember_created_at", precision: nil
+    t.integer "sign_in_count", default: 0
+    t.datetime "current_sign_in_at", precision: nil
+    t.datetime "last_sign_in_at", precision: nil
+    t.string "current_sign_in_ip"
+    t.string "last_sign_in_ip"
+    t.integer "failed_attempts", default: 0
+    t.string "unlock_token"
+    t.datetime "locked_at", precision: nil
+    t.string "authentication_token"
+    t.string "otp_auth_secret"
+    t.string "otp_recovery_secret"
+    t.boolean "otp_enabled", default: false, null: false
+    t.boolean "otp_mandatory", default: false, null: false
+    t.datetime "otp_enabled_on", precision: nil
+    t.integer "otp_time_drift", default: 0, null: false
+    t.integer "otp_failed_attempts", default: 0, null: false
+    t.integer "otp_recovery_counter", default: 0, null: false
+    t.string "otp_persistence_seed"
+    t.string "otp_session_challenge"
+    t.datetime "otp_challenge_expires", precision: nil
+    t.index ["authentication_token"], name: "index_admins_on_authentication_token", unique: true
+    t.index ["email"], name: "index_admins_on_email", unique: true
+    t.index ["otp_challenge_expires"], name: "index_admins_on_otp_challenge_expires"
+    t.index ["otp_session_challenge"], name: "index_admins_on_otp_session_challenge", unique: true
+    t.index ["reset_password_token"], name: "index_admins_on_reset_password_token", unique: true
+    t.index ["unlock_token"], name: "index_admins_on_unlock_token", unique: true
+  end
+
+  create_table "non_otp_users", force: :cascade do |t|
+    t.string "name"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.string "email", default: "", null: false
+    t.string "encrypted_password", default: "", null: false
+    t.string "reset_password_token"
+    t.datetime "reset_password_sent_at"
+    t.datetime "remember_created_at"
+    t.integer "sign_in_count", default: 0
+    t.datetime "current_sign_in_at"
+    t.datetime "last_sign_in_at"
+    t.string "current_sign_in_ip"
+    t.string "last_sign_in_ip"
+    t.integer "failed_attempts", default: 0
+    t.string "unlock_token"
+    t.datetime "locked_at"
+    t.string "authentication_token"
+    t.index ["authentication_token"], name: "index_non_otp_users_on_authentication_token", unique: true
+    t.index ["email"], name: "index_non_otp_users_on_email", unique: true
+    t.index ["reset_password_token"], name: "index_non_otp_users_on_reset_password_token", unique: true
+    t.index ["unlock_token"], name: "index_non_otp_users_on_unlock_token", unique: true
+  end
+
+  create_table "posts", force: :cascade do |t|
+    t.string "title"
+    t.text "body"
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
+  end
+
+  create_table "users", force: :cascade do |t|
+    t.string "name"
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
+    t.string "email", default: "", null: false
+    t.string "encrypted_password", default: "", null: false
+    t.string "reset_password_token"
+    t.datetime "reset_password_sent_at", precision: nil
+    t.datetime "remember_created_at", precision: nil
+    t.integer "sign_in_count", default: 0
+    t.datetime "current_sign_in_at", precision: nil
+    t.datetime "last_sign_in_at", precision: nil
+    t.string "current_sign_in_ip"
+    t.string "last_sign_in_ip"
+    t.integer "failed_attempts", default: 0
+    t.string "unlock_token"
+    t.datetime "locked_at", precision: nil
+    t.string "authentication_token"
+    t.string "otp_auth_secret"
+    t.string "otp_recovery_secret"
+    t.boolean "otp_enabled", default: false, null: false
+    t.boolean "otp_mandatory", default: false, null: false
+    t.datetime "otp_enabled_on", precision: nil
+    t.integer "otp_time_drift", default: 0, null: false
+    t.integer "otp_failed_attempts", default: 0, null: false
+    t.integer "otp_recovery_counter", default: 0, null: false
+    t.string "otp_persistence_seed"
+    t.string "otp_session_challenge"
+    t.datetime "otp_challenge_expires", precision: nil
+    t.index ["authentication_token"], name: "index_users_on_authentication_token", unique: true
+    t.index ["email"], name: "index_users_on_email", unique: true
+    t.index ["otp_challenge_expires"], name: "index_users_on_otp_challenge_expires"
+    t.index ["otp_session_challenge"], name: "index_users_on_otp_session_challenge", unique: true
+    t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
+    t.index ["unlock_token"], name: "index_users_on_unlock_token", unique: true
+  end
+end

data/test/dummy/db/seeds.rb

@@ -0,0 +1,24 @@
+Admin.create(
+  name: "Test Admin",
+  email: "admin@devise-otp.local",
+  password: "Pass1234"
+)
+
+User.create(
+  name: "Test User",
+  email: "user@devise-otp.local",
+  password: "Pass1234"
+)
+
+NonOtpUser.create(
+  name: "Non OTP User",
+  email: "non-otp-user@devise-otp.local",
+  password: "Pass1234"
+)
+
+5.times do |n|
+  Post.create(
+    title: "Post #{n + 1}",
+    body: "This is post #{n + 1}."
+  )
+end

data/test/integration/non_otp_user_models_test.rb

@@ -0,0 +1,21 @@
+require "test_helper"
+require "integration_tests_helper"
+
+class NonOtpUserModelsTest < ActionDispatch::IntegrationTest
+
+  def teardown
+    Capybara.reset_sessions!
+  end
+
+  test "a non-OTP user should be able to sign in without error" do
+    create_non_otp_user
+
+    visit non_otp_posts_path
+    fill_in "non_otp_user_email", with: "non-otp-user@email.invalid"
+    fill_in "non_otp_user_password", with: "12345678"
+    page.has_content?("Log in") ? click_button("Log in") : click_button("Sign in")
+
+    assert_equal non_otp_posts_path, current_path
+  end
+
+end

data/test/integration_tests_helper.rb

@@ -27,6 +27,17 @@ class ActionDispatch::IntegrationTest
     end
   end
 
+  def create_non_otp_user
+    @non_otp_user ||= begin
+      non_otp_user = NonOtpUser.create!(
+        email: "non-otp-user@email.invalid",
+        password: "12345678",
+        password_confirmation: "12345678"
+      )
+      non_otp_user
+    end
+  end
+
   def enable_otp_and_sign_in_with_otp
     enable_otp_and_sign_in.tap do |user|
       fill_in "token", with: ROTP::TOTP.new(user.otp_auth_secret).at(Time.now)

data/test/test_helper.rb

@@ -1,17 +1,12 @@
 ENV["RAILS_ENV"] = "test"
-DEVISE_ORM = (ENV["DEVISE_ORM"] || :active_record).to_sym
 
-puts "\n==> Devise.orm = #{DEVISE_ORM.inspect}"
 require "dummy/config/environment"
-require "orm/#{DEVISE_ORM}"
 require "rails/test_help"
 require "capybara/rails"
 require "minitest/reporters"
 
 Minitest::Reporters.use!
 
-# I18n.load_path << File.expand_path("../support/locale/en.yml", __FILE__) if DEVISE_ORM == :mongoid
-
 # ActiveSupport::Deprecation.silenced = true
 
 class ActionDispatch::IntegrationTest

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise-otp
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Lele Forzani
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-11-21 00:00:00.000000000 Z
+date: 2025-07-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -18,14 +18,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '7.0'
+        version: '7.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '7.0'
+        version: '7.1'
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
@@ -104,7 +104,6 @@ files:
 - app/views/devise/otp_tokens/show.html.erb
 - config/locales/en.yml
 - devise-otp.gemspec
-- gemfiles/rails_7.0.gemfile
 - gemfiles/rails_7.1.gemfile
 - gemfiles/rails_7.2.gemfile
 - gemfiles/rails_8.0.gemfile
@@ -131,20 +130,19 @@ files:
 - test/dummy/app/controllers/admin_posts_controller.rb
 - test/dummy/app/controllers/application_controller.rb
 - test/dummy/app/controllers/base_controller.rb
+- test/dummy/app/controllers/non_otp_posts_controller.rb
 - test/dummy/app/controllers/posts_controller.rb
 - test/dummy/app/helpers/application_helper.rb
 - test/dummy/app/helpers/posts_helper.rb
 - test/dummy/app/mailers/.gitkeep
 - test/dummy/app/models/admin.rb
+- test/dummy/app/models/non_otp_user.rb
 - test/dummy/app/models/post.rb
 - test/dummy/app/models/user.rb
-- test/dummy/app/views/admin_posts/_form.html.erb
-- test/dummy/app/views/admin_posts/edit.html.erb
 - test/dummy/app/views/admin_posts/index.html.erb
-- test/dummy/app/views/admin_posts/new.html.erb
-- test/dummy/app/views/admin_posts/show.html.erb
 - test/dummy/app/views/base/home.html.erb
 - test/dummy/app/views/layouts/application.html.erb
+- test/dummy/app/views/non_otp_posts/index.html.erb
 - test/dummy/app/views/posts/_form.html.erb
 - test/dummy/app/views/posts/edit.html.erb
 - test/dummy/app/views/posts/index.html.erb
@@ -174,6 +172,10 @@ files:
 - test/dummy/db/migrate/20240604000001_create_admins.rb
 - test/dummy/db/migrate/20240604000002_add_devise_to_admins.rb
 - test/dummy/db/migrate/20240604000003_devise_otp_add_to_admins.rb
+- test/dummy/db/migrate/20250718092451_create_non_otp_users.rb
+- test/dummy/db/migrate/20250718092536_add_devise_to_non_otp_users.rb
+- test/dummy/db/schema.rb
+- test/dummy/db/seeds.rb
 - test/dummy/lib/assets/.gitkeep
 - test/dummy/public/404.html
 - test/dummy/public/422.html
@@ -182,6 +184,7 @@ files:
 - test/dummy/script/rails
 - test/integration/disable_token_test.rb
 - test/integration/enable_otp_form_test.rb
+- test/integration/non_otp_user_models_test.rb
 - test/integration/persistence_test.rb
 - test/integration/refresh_test.rb
 - test/integration/reset_token_test.rb
@@ -190,10 +193,10 @@ files:
 - test/integration_tests_helper.rb
 - test/model_tests_helper.rb
 - test/models/otp_authenticatable_test.rb
-- test/orm/active_record.rb
 - test/test_helper.rb
 homepage: https://github.com/wmlele/devise-otp
-licenses: []
+licenses:
+- MIT
 metadata: {}
 post_install_message:
 rdoc_options: []
@@ -203,14 +206,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 3.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.16
+rubygems_version: 3.5.22
 signing_key:
 specification_version: 4
 summary: Time Based OTP/rfc6238 compatible authentication for Devise

data/gemfiles/rails_7.0.gemfile

@@ -1,25 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "appraisal", git: "https://github.com/thoughtbot/appraisal.git"
-gem "capybara"
-gem "minitest-reporters", ">= 0.5.0"
-gem "puma"
-gem "rake"
-gem "rdoc"
-gem "shoulda"
-gem "sprockets-rails"
-gem "sqlite3", "~> 1.5.0"
-gem "standardrb"
-gem "rails", "~> 7.0.0"
-
-install_if -> { Gem::Version.new(RUBY_VERSION) >= Gem::Version.new("3.3.0") } do
-  gem "base64"
-  gem "bigdecimal"
-  gem "mutex_m"
-  gem "drb"
-  gem "logger"
-end
-
-gemspec path: "../"

data/test/dummy/app/views/admin_posts/_form.html.erb

@@ -1,25 +0,0 @@
-<%= form_for([:admin, @post]) do |f| %>
-  <% if @post.errors.any? %>
-    <div id="error_explanation">
-      <h2><%= pluralize(@post.errors.count, "error") %> prohibited this post from being saved:</h2>
-
-      <ul>
-      <% @post.errors.full_messages.each do |msg| %>
-        <li><%= msg %></li>
-      <% end %>
-      </ul>
-    </div>
-  <% end %>
-
-  <div class="field">
-    <%= f.label :title %><br />
-    <%= f.text_field :title %>
-  </div>
-  <div class="field">
-    <%= f.label :body %><br />
-    <%= f.text_area :body %>
-  </div>
-  <div class="actions">
-    <%= f.submit %>
-  </div>
-<% end %>

data/test/dummy/app/views/admin_posts/edit.html.erb

@@ -1,6 +0,0 @@
-<h1>Editing post</h1>
-
-<%= render 'form' %>
-
-<%= link_to 'Show', @post %> |
-<%= link_to 'Back', admin_posts_path %>

data/test/dummy/app/views/admin_posts/new.html.erb

@@ -1,5 +0,0 @@
-<h1>New post</h1>
-
-<%= render 'form' %>
-
-<%= link_to 'Back', admin_posts_path %>

data/test/dummy/app/views/admin_posts/show.html.erb

@@ -1,15 +0,0 @@
-<p id="notice"><%= notice %></p>
-
-<p>
-  <b>Title:</b>
-  <%= @post.title %>
-</p>
-
-<p>
-  <b>Body:</b>
-  <%= @post.body %>
-</p>
-
-
-<%= link_to 'Edit', edit_admin_post_path(@post) %> |
-<%= link_to 'Back', admin_posts_path %>

data/test/orm/active_record.rb

@@ -1,11 +0,0 @@
-ActiveRecord::Migration.verbose = false
-ActiveRecord::Base.logger = Logger.new(nil)
-
-migrations_path = File.expand_path("../../dummy/db/migrate/", __FILE__)
-
-if Rails.version.to_f >= 7.2
-  ActiveRecord::MigrationContext.new(migrations_path).migrate
-else
-  # To support order versions of Rails (pre v7.2)
-  ActiveRecord::MigrationContext.new(migrations_path, ActiveRecord::SchemaMigration).migrate
-end