devise-otp 1.1.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f329ff1fa9732961646ad4169f89921f3429a6aa86744486eafa21a891fd1628
-  data.tar.gz: 8a4797664986ea6c11e21a50a43d5aeda471000ce5610e91451ec37f3d231121
+  metadata.gz: afd51a7a5178b6da891987b166c3f838833ec6c6c506ceb457c49c743b925244
+  data.tar.gz: 20e043c52ed71c4d6e8c5b9dd309badbf656d6d0d386cdae1269d8440a91d09e
 SHA512:
-  metadata.gz: e42b34ea4259e698e75f6408b6d0a0021b39f934d960e039a305ee2f9dc7d443a8dbdc9f99e1df452b75602430e601bf7ece1214b11766ba558fb3806d07355c
-  data.tar.gz: 8c1bde0740a5f96dfc440e976c568a8ef0b7f0ac91e7af620d14aea1e8208811e6339384dc9d7b6363c6f4ed9de363c1637422a82b5f5f5c6696fa17c9879764
+  metadata.gz: faee3c01bdf932a07843ea991f87cffa40081a1339647960382e7ad6532302aeb02cd0ac39de8a643a5b3a33f87a134a3bf11a30969b3c5a3d64c6bea3cb0a6f
+  data.tar.gz: f08c0a495128b23816751a3386082bf250d3791ce2dc25c0f4e4facd6e911053900aad3664f75938d3ab67c3757811f189f9a22f5b535c8095a679de3f901c60

data/.erb_lint.yml

@@ -0,0 +1,30 @@
+---
+EnableDefaultLinters: true
+glob: "**/*.{html,text,js}{+*,}.erb"
+linters:
+  # ErbSafety:
+  #   enabled: true
+  #   better_html_config: .better-html.yml
+  SelfClosingTag:
+    enabled: false 
+  Rubocop:
+    enabled: true
+    rubocop_config:
+      inherit_from:
+        - .rubocop.yml
+      Layout/InitialIndentation:
+        Enabled: false
+      Layout/LineLength:
+        Enabled: false
+      Layout/TrailingEmptyLines:
+        Enabled: false
+      Layout/TrailingWhitespace:
+        Enabled: false
+      Naming/FileName:
+        Enabled: false
+      Style/FrozenStringLiteralComment:
+        Enabled: false
+      Lint/UselessAssignment:
+        Enabled: false
+      Rails/OutputSafety:
+        Enabled: false

data/.rubocop.yml

@@ -0,0 +1,18 @@
+# Omakase Ruby styling for Rails
+inherit_gem:
+  rubocop-rails-omakase: rubocop.yml
+
+# Excluded directories
+AllCops:
+  Exclude:
+  - "lib/generators/active_record/templates/migration.rb"
+
+# Disabled checks
+Style/StringLiterals:
+  Enabled: false
+
+Layout/SpaceInsideArrayLiteralBrackets:
+  Enabled: false
+
+Layout/SpaceInsideHashLiteralBraces:
+  Enabled: false

data/CHANGELOG.md

@@ -1,6 +1,47 @@
 # Changelog
 
-## Unreleased
+## v2.0.0
+
+Bug fixes:
+- Fixed an issue where Turbo/Hotwire enabled applications return a JS error for failed OTP authentication;
+- Fixed an issue with the "Remember me" functionality for users with OTP enabled;
+
+Improvements:
+- Add support for Lockable strategy to OTP credentials form;
+- Use locales for "Enabled/Disabled" status;
+- Fix spelling, spacing, and grammatical issues in the default locales file;
+
+Code Quality:
+- Use built-in functionality from rotp gem for handling the TOTP drift window;
+- Use standard URL Helpers in database\_authenticatable;
+- Refactor code for otp\_issuer method;
+- Cleanup Ruby syntax in ERB views;
+- Add Timecop for testing time based functionality;
+- Add Rubocop and ERB Lint;
+
+Maintenance
+- Bump rqrcode to 3.0.0
+
+Breaking changes
+- Move browser persistence actions to dedicated controller
+- Standardize browser persistence routes, and use buttons for controls
+
+### Upgrading
+
+If you have customized the otp_tokens controller/views, or the locales file for browser persistence:
+1. Regenerate the "otp_tokens" controller and views
+
+```
+rails g devise_otp:controllers
+rails g devise_otp:views
+```
+
+2. Reapply any desired changes
+- Note that the browser persistence controls now use "button_to", rather than "link_to"
+
+3. Update your locales file
+- Move any \*\_persistence keys from devise.otp.otp_tokens/ to devise.otp.otp_persistence/
+
 
 ## 1.1.0
 

data/Gemfile

@@ -13,4 +13,10 @@ gem "rdoc"
 gem "shoulda"
 gem "sprockets-rails"
 gem "sqlite3", "~> 2.1"
-gem "standardrb"
+
+# Formatting gems
+gem "standardrb", require: false
+gem "rubocop-rails-omakase", require: false
+gem "erb_lint", require: false
+
+gem "debug"

data/README.md

@@ -88,7 +88,7 @@ The install generator adds some options to the end of your Devise config file (`
 
 * `config.otp_mandatory`: OTP is mandatory, users are going to be asked to enroll the next time they sign in, before they can successfully complete the session establishment.
 * `config.otp_authentication_timeout`: How long the user has to authenticate with their token. (defaults to `3.minutes`)
-* `config.otp_drift_window`: A window which provides allowance for drift between a user's token device clock (and therefore their OTP tokens) and the authentication server's clock. Expressed in minutes centered at the current time. (default: `3`)
+* `config.otp_drift_window`: A window which provides allowance for drift between a user's token device clock (and therefore their OTP tokens) and the authentication server's clock. Expressed in "steps" of 30 second increments. (default: `3`)
 * `config.otp_credentials_refresh`: Users that have logged in longer than this time ago, are going to be asked their password (and an OTP challenge, if enabled) before they can see or change their otp informations. (defaults to `15.minutes`)
 * `config.otp_recovery_tokens`: Whether the users are given a list of one-time recovery tokens, for emergency access (default: `10`, set to `false` to disable)
 * `config.otp_trust_persistence`: The user is allowed to set his browser as "trusted", no more OTP challenges will be asked for that browser, for a limited time. (default: `1.month`, set to false to disable setting the browser as trusted)
@@ -115,6 +115,10 @@ To run the tests for devise-otp against your current Ruby/Rails configuration:
 - Return to the root directory of devise-otp
 - Run "rake test"
 
+To check Ruby syntax and formatting:
+- Rubocop: "./bin/rubocop"
+- ERB Lint (for views): "./bin/erb\_lint -a --lint-all"
+
 ## Authors
 
 The project was originally started by Lele Forzani by forking [devise_google_authenticator](https://github.com/AsteriskLabs/devise_google_authenticator) and still contains some devise_google_authenticator code. It's now maintained by [Josef Strzibny](https://github.com/strzibny/) and [Laney Stroup](https://github.com/strouptl).

data/app/controllers/devise_otp/devise/otp_credentials_controller.rb

@@ -1,11 +1,13 @@
 module DeviseOtp
   module Devise
     class OtpCredentialsController < DeviseController
+      include ::Devise::Controllers::Rememberable
       helper_method :new_session_path
 
       prepend_before_action :authenticate_scope!, only: [:get_refresh, :set_refresh]
       prepend_before_action :require_no_authentication, only: [:show, :update]
       before_action :set_challenge, only: [:show, :update]
+      before_action :set_remember_me, only: [:show, :update]
       before_action :set_recovery, only: [:show, :update]
       before_action :set_resource, only: [:show, :update]
       before_action :set_token, only: [:update]
@@ -26,16 +28,31 @@ module DeviseOtp
       # signs the resource in, if the OTP token is valid and the user has a valid challenge
       #
       def update
-        if resource.otp_challenge_valid? && resource.validate_otp_token(@token, @recovery)
+        # The valid_for_authentication? method must be executed with the validation result as
+        # a block (as the DatabaseAuthenticatable strategy does via the validate method of the
+        # Authenticatable strategy). If true, and the account is not locked, then
+        # authentication will proceed as normal. If false, then the valid_for_authentication?
+        # method will increment the failed attempts and/or lock the account as specified.
+
+        if resource.valid_for_authentication? { resource.validate_otp_token(@token, @recovery) }
           sign_in(resource_name, resource)
 
-          otp_set_trusted_device_for(resource) if params[:enable_persistence] == "true"
+          remember_me(resource) if resource.devise_modules.include?(:rememberable) and @remember_me
           otp_refresh_credentials_for(resource)
           respond_with resource, location: after_sign_in_path_for(resource)
+        elsif resource.devise_modules.include?(:lockable) and resource.access_locked?
+          otp_set_flash_message :alert, resource.unauthenticated_message, scope: "devise.failure"
+          redirect_to new_session_path(resource_name)
         else
-          kind = (@token.blank? ? :token_blank : :token_invalid)
-          otp_set_flash_message :alert, kind, :now => true
-          render :show
+          if resource.devise_modules.include?(:lockable) and resource.unauthenticated_message == :last_attempt
+            otp_set_flash_message :alert, :last_attempt, scope: "devise.failure", now: true
+          elsif @token.blank?
+            otp_set_flash_message :alert, :token_blank, now: true
+          else
+            otp_set_flash_message :alert, :token_invalid, now: true
+          end
+
+          render :show, status: :unprocessable_entity
         end
       end
 
@@ -70,6 +87,10 @@ module DeviseOtp
         end
       end
 
+      def set_remember_me
+        @remember_me = (params[:remember_me] == "true")
+      end
+
       def set_recovery
         @recovery = (recovery_enabled? && params[:recovery] == "true")
       end
@@ -90,6 +111,8 @@ module DeviseOtp
       def skip_challenge_if_trusted_browser
         if is_otp_trusted_browser_for?(resource)
           sign_in(resource_name, resource)
+
+          remember_me(resource) if resource.devise_modules.include?(:rememberable) and @remember_me
           otp_refresh_credentials_for(resource)
           redirect_to after_sign_in_path_for(resource)
         end
@@ -101,8 +124,8 @@ module DeviseOtp
       end
 
       def failed_refresh
-        otp_set_flash_message :alert, :invalid_refresh, :now => true
-        render :refresh
+        otp_set_flash_message :alert, :invalid_refresh, now: true
+        render :refresh, status: :unprocessable_entity
       end
 
       def self.controller_path

data/app/controllers/devise_otp/devise/otp_persistence_controller.rb

@@ -0,0 +1,53 @@
+module DeviseOtp
+  module Devise
+    class OtpPersistenceController < DeviseController
+      include ::Devise::Controllers::Helpers
+
+      prepend_before_action :ensure_credentials_refresh
+      prepend_before_action :authenticate_scope!
+
+      #
+      # makes the current browser persistent
+      #
+      def create
+        if otp_set_trusted_device_for(resource)
+          otp_set_flash_message :success, :successfully_set_persistence
+        end
+
+        redirect_to otp_token_path_for(resource)
+      end
+
+      #
+      # clears persistence for the current browser
+      #
+      def destroy
+        if otp_clear_trusted_device_for(resource)
+          otp_set_flash_message :success, :successfully_cleared_persistence
+        end
+
+        redirect_to otp_token_path_for(resource)
+      end
+
+      #
+      # rehash the persistence secret, thus, making all the persistence cookies invalid
+      #
+      def reset
+        if otp_reset_persistence_for(resource)
+          otp_set_flash_message :notice, :successfully_reset_persistence
+        end
+
+        redirect_to otp_token_path_for(resource)
+      end
+
+      private
+
+      def ensure_credentials_refresh
+        ensure_resource!
+
+        if needs_credentials_refresh?(resource)
+          redirect_to refresh_otp_credential_path_for(resource)
+        end
+      end
+    end
+  end
+end

data/app/controllers/devise_otp/devise/otp_tokens_controller.rb

@@ -6,8 +6,6 @@ module DeviseOtp
       prepend_before_action :ensure_credentials_refresh
       prepend_before_action :authenticate_scope!
 
-      protect_from_forgery except: [:clear_persistence, :delete_persistence]
-
       #
       # Displays the status of OTP authentication
       #
@@ -35,8 +33,8 @@ module DeviseOtp
           otp_set_flash_message :success, :successfully_updated
           redirect_to otp_token_path_for(resource)
         else
-          otp_set_flash_message :danger, :could_not_confirm, :now => true
-          render :edit
+          otp_set_flash_message :danger, :could_not_confirm, now: true
+          render :edit, status: :unprocessable_entity
         end
       end
 
@@ -51,39 +49,6 @@ module DeviseOtp
         redirect_to otp_token_path_for(resource)
       end
 
-      #
-      # makes the current browser persistent
-      #
-      def get_persistence
-        if otp_set_trusted_device_for(resource)
-          otp_set_flash_message :success, :successfully_set_persistence
-        end
-
-        redirect_to otp_token_path_for(resource)
-      end
-
-      #
-      # clears persistence for the current browser
-      #
-      def clear_persistence
-        if otp_clear_trusted_device_for(resource)
-          otp_set_flash_message :success, :successfully_cleared_persistence
-        end
-
-        redirect_to otp_token_path_for(resource)
-      end
-
-      #
-      # rehash the persistence secret, thus, making all the persistence cookies invalid
-      #
-      def delete_persistence
-        if otp_reset_persistence_for(resource)
-          otp_set_flash_message :notice, :successfully_reset_persistence
-        end
-
-        redirect_to otp_token_path_for(resource)
-      end
-
       def recovery
         respond_to do |format|
           format.html

data/app/views/devise/otp_credentials/refresh.html.erb

@@ -1,19 +1,19 @@
-<h2><%= I18n.t('title', :scope => 'devise.otp.credentials_refresh') %></h2>
-<p><%= I18n.t('explain', :scope => 'devise.otp.credentials_refresh') %></p>
+<h2><%= t('title', scope: 'devise.otp.credentials_refresh') %></h2>
+<p><%= t('explain', scope: 'devise.otp.credentials_refresh') %></p>
 
-<%= form_for(resource, :as => resource_name, :url => [:refresh, resource_name, :otp_credential], :html => { :method => :put, "data-turbo" => false }) do |f| %>
+<%= form_for(resource, as: resource_name, url: [:refresh, resource_name, :otp_credential], html: { method: :put }) do |f| %>
 
   <%= render "devise/shared/error_messages", resource: resource %>
 
   <div>
     <%= f.label :email %><br />
-    <%= f.text_field :email, :disabled => :true%>
+    <%= f.text_field :email, disabled: true %>
   </div>
 
   <div>
     <%= f.label :password %><br />
-    <%= f.password_field :refresh_password, :autocomplete => :off, :autofocus => true %>
+    <%= f.password_field :refresh_password, autocomplete: :off, autofocus: true %>
   </div>
 
-  <div><%= f.submit I18n.t(:go_on, :scope => 'devise.otp.credentials_refresh') %></div>
+  <div><%= f.submit t(:go_on, scope: 'devise.otp.credentials_refresh') %></div>
 <% end %>

data/app/views/devise/otp_credentials/show.html.erb

@@ -1,31 +1,28 @@
-<h2><%= I18n.t('title', :scope => 'devise.otp.submit_token') %></h2>
-<p><%= I18n.t('explain', :scope => 'devise.otp.submit_token') %></p>
+<h2><%= t('title', scope: 'devise.otp.submit_token') %></h2>
+<p><%= t('explain', scope: 'devise.otp.submit_token') %></p>
 
-<%= form_for(resource, :as => resource_name, :url => [resource_name, :otp_credential], :html => { :method => :put, "data-turbo" => false }) do |f| %>
+<%= form_for(resource, as: resource_name, url: [resource_name, :otp_credential], html: { method: :put }) do |f| %>
 
   <%= hidden_field_tag :challenge, @challenge %>
   <%= hidden_field_tag :recovery, @recovery %>
+  <%= hidden_field_tag :remember_me, @remember_me %>
 
   <% if @recovery %>
     <p>
-      <%= label_tag :token, I18n.t('recovery_prompt', :scope => 'devise.otp.submit_token') %><br />
-      <%= text_field_tag :otp_recovery_counter, resource.otp_recovery_counter, :autocomplete => :off, :disabled => true, :size => 4 %>
+      <%= label_tag :token, t('recovery_prompt', scope: 'devise.otp.submit_token') %><br />
+      <%= text_field_tag :otp_recovery_counter, resource.otp_recovery_counter, autocomplete: :off, disabled: true, size: 4 %>
     </p>
   <% else %>
     <p>
-      <%= label_tag :token, I18n.t('prompt', :scope => 'devise.otp.submit_token') %><br />
+      <%= label_tag :token, t('prompt', scope: 'devise.otp.submit_token') %><br />
     </p>
   <% end %>
 
-  <%= text_field_tag :token, nil, :autocomplete => :off, :autofocus => true, :size => 6 %><br>
+  <%= text_field_tag :token, nil, autocomplete: :off, autofocus: true, size: 6 %><br>
 
-  <%= label_tag :enable_persistence do %>
-    <%= check_box_tag :enable_persistence, true, false %> <%= I18n.t('remember', :scope => 'devise.otp.general') %>
-  <% end %>
-
-  <p><%= f.submit I18n.t('submit', :scope => 'devise.otp.submit_token') %></p>
+  <p><%= f.submit t('submit', scope: 'devise.otp.submit_token') %></p>
 
   <% if !@recovery && recovery_enabled? %>
-    <p><%= link_to I18n.t('recovery_link', :scope => 'devise.otp.submit_token'), otp_credential_path_for(resource_name, :challenge => @challenge, :recovery => true) %></p>
+    <p><%= link_to t('recovery_link', scope: 'devise.otp.submit_token'), otp_credential_path_for(resource_name, challenge: @challenge, recovery: true) %></p>
   <% end %>
 <% end %>

data/app/views/devise/otp_tokens/_token_secret.html.erb

@@ -1,22 +1,22 @@
-<h3><%= I18n.t('title', :scope => 'devise.otp.token_secret') %></h3>
+<h3><%= t('title', scope: 'devise.otp.token_secret') %></h3>
 
 <%= otp_authenticator_token_image(resource) %>
 
 <p>
-  <strong><%= I18n.t('manual_provisioning', :scope => 'devise.otp.token_secret') %>:</strong>
+  <strong><%= t('manual_provisioning', scope: 'devise.otp.token_secret') %>:</strong>
   <code><%= resource.otp_auth_secret %></code>
 </p>
 
-<p><%= button_to I18n.t('reset_link', :scope => 'devise.otp.otp_tokens'), reset_otp_token_path_for(resource), :method => :post , :data => { "turbo-method": "POST" } %></p>
+<p><%= button_to t('reset_link', scope: 'devise.otp.otp_tokens'), reset_otp_token_path_for(resource), method: :post, data: { turbo_method: :post } %></p>
 
 <p>
-  <%= I18n.t('reset_explain', :scope => 'devise.otp.otp_tokens') %>
-  <strong><%= I18n.t('reset_explain_warn', :scope => 'devise.otp.otp_tokens') %></strong>
+  <%= t('reset_explain', scope: 'devise.otp.otp_tokens') %>
+  <strong><%= t('reset_explain_warn', scope: 'devise.otp.otp_tokens') %></strong>
 </p>
 
 <%- if recovery_enabled? %>
-  <h3><%= I18n.t('title', :scope => 'devise.otp.otp_tokens.recovery') %></h3>
-  <p><%= I18n.t('explain', :scope => 'devise.otp.otp_tokens.recovery') %></p>
-  <p><%= link_to I18n.t('codes_list', :scope => 'devise.otp.otp_tokens.recovery'), recovery_otp_token_for(resource_name) %></p>
-  <p><%= link_to I18n.t('download_codes', :scope => 'devise.otp.otp_tokens.recovery'), recovery_otp_token_for(resource_name, format: :text) %></p>
+  <h3><%= t('title', scope: 'devise.otp.otp_tokens.recovery') %></h3>
+  <p><%= t('explain', scope: 'devise.otp.otp_tokens.recovery') %></p>
+  <p><%= link_to t('codes_list', scope: 'devise.otp.otp_tokens.recovery'), recovery_otp_token_for(resource_name) %></p>
+  <p><%= link_to t('download_codes', scope: 'devise.otp.otp_tokens.recovery'), recovery_otp_token_for(resource_name, format: :text) %></p>
 <% end %>

data/app/views/devise/otp_tokens/_trusted_devices.html.erb

@@ -1,12 +1,12 @@
-<h3><%= I18n.t('title', :scope => 'devise.otp.trusted_browsers') %></h3>
-<p><%= I18n.t('explain', :scope => 'devise.otp.trusted_browsers') %></p>
+<h3><%= t('title', scope: 'devise.otp.trusted_browsers') %></h3>
+<p><%= t('explain', scope: 'devise.otp.trusted_browsers') %></p>
 
 <%- if is_otp_trusted_browser_for? resource %>
-  <p><em><%= I18n.t('browser_trusted', :scope => 'devise.otp.trusted_browsers') %></em></p>
-  <p><%= link_to I18n.t('trust_remove', :scope => 'devise.otp.trusted_browsers'), persistence_otp_token_path_for(resource_name), :method => :post, :data => { "turbo-method": "POST" } %></p>
+  <p><em><%= t('browser_trusted', scope: 'devise.otp.trusted_browsers') %></em></p>
+  <p><%= button_to t('trust_remove', scope: 'devise.otp.trusted_browsers'), otp_persistence_path_for(resource_name), method: :delete %></p>
 <% else %>
-  <p><%= I18n.t('browser_not_trusted', :scope => 'devise.otp.trusted_browsers') %></p>
-  <p><%= link_to I18n.t('trust_add', :scope => 'devise.otp.trusted_browsers'), persistence_otp_token_path_for(resource_name) %></p>
+  <p><%= t('browser_not_trusted', scope: 'devise.otp.trusted_browsers') %></p>
+  <p><%= button_to t('trust_add', scope: 'devise.otp.trusted_browsers'), otp_persistence_path_for(resource_name) %></p>
 <% end %>
 
-<p><%= button_to I18n.t('trust_clear', :scope => 'devise.otp.trusted_browsers'), persistence_otp_token_path_for(resource_name), :method => :delete, :data => { "turbo-method": "DELETE" } %></p>
+<p><%= button_to t('trust_clear', scope: 'devise.otp.trusted_browsers'), reset_otp_persistence_path_for(resource_name), method: :delete %></p>

data/app/views/devise/otp_tokens/edit.html.erb

@@ -1,26 +1,26 @@
-<h2><%= I18n.t('title', :scope => 'devise.otp.edit_otp_token') %></h2>
-<p><%= I18n.t('explain', :scope => 'devise.otp.edit_otp_token') %></p>
+<h2><%= t('title', scope: 'devise.otp.edit_otp_token') %></h2>
+<p><%= t('explain', scope: 'devise.otp.edit_otp_token') %></p>
 
-<h2><%= I18n.t('lead_in', :scope => 'devise.otp.edit_otp_token') %></h2>
+<h2><%= t('lead_in', scope: 'devise.otp.edit_otp_token') %></h2>
 
-<p><%= I18n.t('step_1', :scope => 'devise.otp.edit_otp_token') %></p>
+<p><%= t('step_1', scope: 'devise.otp.edit_otp_token') %></p>
 
 <%= otp_authenticator_token_image(resource) %>
 
 <p>
-  <strong><%= I18n.t('manual_provisioning', :scope => 'devise.otp.token_secret') %>:</strong>
+  <strong><%= t('manual_provisioning', scope: 'devise.otp.token_secret') %>:</strong>
   <code><%= resource.otp_auth_secret %></code>
 </p>
 
-<p><%= I18n.t('step_2', :scope => 'devise.otp.edit_otp_token') %></p>
+<p><%= t('step_2', scope: 'devise.otp.edit_otp_token') %></p>
 
-<%= form_with(:url => [resource_name, :otp_token], :method => :put) do |f| %>
+<%= form_with(url: [resource_name, :otp_token], method: :put) do |f| %>
 
   <p>
-    <%= f.label :confirmation_code, I18n.t('confirmation_code', :scope => 'devise.otp.edit_otp_token') %>
+    <%= f.label :confirmation_code, t('confirmation_code', scope: 'devise.otp.edit_otp_token') %>
     <%= f.text_field :confirmation_code %>
   </p>
 
-  <p><%= f.submit I18n.t('submit', :scope => 'devise.otp.edit_otp_token') %></p>
+  <p><%= f.submit t('submit', scope: 'devise.otp.edit_otp_token') %></p>
 
 <% end %>

data/app/views/devise/otp_tokens/recovery.html.erb

@@ -1,13 +1,13 @@
-<h2><%= I18n.t('title', :scope => 'devise.otp.otp_tokens.recovery') %></h2>
-<p><%= I18n.t('explain', :scope => 'devise.otp.otp_tokens.recovery') %></p>
+<h2><%= t('title', scope: 'devise.otp.otp_tokens.recovery') %></h2>
+<p><%= t('explain', scope: 'devise.otp.otp_tokens.recovery') %></p>
 
 <table>
   <caption>
     <thead>
-        <tr>
-          <th><%= I18n.t('sequence', :scope => 'devise.otp.otp_tokens.recovery') %></th>
-          <th><%= I18n.t('code', :scope => 'devise.otp.otp_tokens.recovery') %></th>
-        </tr>
+      <tr>
+        <th><%= t('sequence', scope: 'devise.otp.otp_tokens.recovery') %></th>
+        <th><%= t('code', scope: 'devise.otp.otp_tokens.recovery') %></th>
+      </tr>
     </thead>
     <tbody>
       <%- resource.next_otp_recovery_tokens.each do |seq, code| %>

data/app/views/devise/otp_tokens/show.html.erb

@@ -1,14 +1,14 @@
-<h2><%= I18n.t('title', :scope => 'devise.otp.otp_tokens') %></h2>
+<h2><%= t('title', scope: 'devise.otp.otp_tokens') %></h2>
 
-<p><strong>Status:</strong> <%= resource.otp_enabled? ? "Enabled" : "Disabled" %></p>
+<p><strong>Status:</strong> <%= t(resource.otp_enabled? ? :enabled : :disabled, scope: 'devise.otp.general') %></p>
 
 <%- if resource.otp_enabled? %>
-  <%= render :partial => 'token_secret' if resource.otp_enabled? %>
-  <%= render :partial => 'trusted_devices' if trusted_devices_enabled? %>
+  <%= render partial: 'token_secret' if resource.otp_enabled? %>
+  <%= render partial: 'trusted_devices' if trusted_devices_enabled? %>
 
   <% unless otp_mandatory_on?(resource) %>
-    <%= button_to I18n.t('disable_link', :scope => 'devise.otp.otp_tokens'), otp_token_path_for(resource), :method => :delete, :data => { "turbo-method": "DELETE" } %>
+    <%= button_to t('disable_link', scope: 'devise.otp.otp_tokens'), otp_token_path_for(resource), method: :delete, data: { turbo_method: :delete } %>
   <% end %>
 <% else %>
-  <%= link_to I18n.t('enable_link', :scope => 'devise.otp.otp_tokens'), edit_otp_token_path_for(resource) %>
+  <%= link_to t('enable_link', scope: 'devise.otp.otp_tokens'), edit_otp_token_path_for(resource) %>
 <% end %>

data/bin/erb_lint

@@ -0,0 +1,27 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'erb_lint' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+bundle_binstub = File.expand_path("bundle", __dir__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300).include?("This file was generated by Bundler")
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("erb_lint", "erb_lint")

data/bin/rubocop

@@ -0,0 +1,27 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'rubocop' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+bundle_binstub = File.expand_path("bundle", __dir__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300).include?("This file was generated by Bundler")
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("rubocop", "rubocop")