two_factor_authentication 1.1.5 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 75e8b63e29715336ec78a4a06db141ec2fdddf68
-  data.tar.gz: c2b09dd1294a966ce75425efc97b6e2089e33689
+  metadata.gz: 780c92dea8df1f3f6d1e761562e1469cc12a96a8
+  data.tar.gz: 82e383a9f79a3628e9950a17da920eeed8464622
 SHA512:
-  metadata.gz: 6d38f91cbb77148bd9c401f129d977f5fa22281ddb20ec12e4a12f02b1e35acabd04048bc88bad4d7e4cc80311e43f8720f45b0eeea116323c96fdee78cfb733
-  data.tar.gz: e7a2a0026e4558a8e0e8efbb3257b0fec162f7d45390a7521f249332e273c53568b309044000fae9ecdfcd55c3cfe13a951d2895f5327bb54b692a4fe2723fcf
+  metadata.gz: 31390c4f5e6e0506fc16e502a0cfa6ea908b371819f2bee9e7e14d42cec3a1ddc28ded3e584af1d650cc6c9c731ea3f4303543605d81f910fcffceec3cfaea15
+  data.tar.gz: a2d5fe899017a753c7d106245d52f248b9f74260864a6a38129649e8e0148d17ea9da56779c45b936466278292305131f7e17e74ec6704fbdda07dfb00a6bff0

data/.codeclimate.yml

@@ -0,0 +1,21 @@
+engines:
+  brakeman:
+    enabled: true
+  duplication:
+    enabled: true
+    config:
+      languages:
+      - ruby
+        # mass_threshold: 30
+    exclude_paths:
+    - 'spec/**/*'
+  fixme:
+    enabled: true
+  rubocop:
+    enabled: true
+
+ratings:
+  paths:
+  - app/**
+  - lib/**
+  - '**.rb'

data/.rubocop.yml

@@ -0,0 +1,295 @@
+AllCops:
+  Include:
+    - '**/Gemfile'
+    - '**/Rakefile'
+  UseCache: true
+
+Lint/AssignmentInCondition:
+  Description: Don't use assignment in conditions.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#safe-assignment-in-condition
+  Enabled: true
+  AllowSafeAssignment: true
+Lint/EachWithObjectArgument:
+  Description: Check for immutable argument given to each_with_object.
+  Enabled: true
+Lint/HandleExceptions:
+  Description: Don't suppress exception.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#dont-hide-exceptions
+  Enabled: true
+Lint/LiteralInCondition:
+  Description: Checks of literals used in conditions.
+  Enabled: true
+Lint/LiteralInInterpolation:
+  Description: Checks for literals used in interpolation.
+  Enabled: true
+Lint/ParenthesesAsGroupedExpression:
+  Description: Checks for method calls with a space before the opening parenthesis.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#parens-no-spaces
+  Enabled: true
+
+Metrics/AbcSize:
+  Description: A calculated magnitude based on number of assignments, branches, and
+    conditions.
+  Enabled: true
+  Max: 15
+  Exclude:
+  - spec/**/*
+Metrics/ClassLength:
+  Description: Avoid classes longer than 100 lines of code.
+  Enabled: true
+  CountComments: false
+  Max: 100
+  Exclude:
+  - spec/**/*
+Metrics/CyclomaticComplexity:
+  Description: A complexity metric that is strongly correlated to the number of test
+    cases needed to validate a method.
+  Enabled: true
+  Max: 6
+Metrics/LineLength:
+  Description: Limit lines to 80 characters.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#80-character-limits
+  Enabled: true
+  Max: 100
+  AllowURI: true
+  URISchemes:
+  - http
+  - https
+Metrics/MethodLength:
+  Description: Avoid methods longer than 10 lines of code.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#short-methods
+  Enabled: true
+  CountComments: false
+  Max: 10
+  Exclude:
+  - spec/**/*
+Metrics/ModuleLength:
+  CountComments: false
+  Max: 100
+  Description: Avoid modules longer than 100 lines of code.
+  Enabled: true
+  Exclude:
+  - spec/**/*
+Metrics/ParameterLists:
+  Description: Avoid parameter lists longer than three or four parameters.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#too-many-params
+  Enabled: true
+  Max: 5
+  CountKeywordArgs: true
+Metrics/PerceivedComplexity:
+  Description: A complexity metric geared towards measuring complexity for a human
+    reader.
+  Enabled: true
+  Max: 7
+
+Rails/ScopeArgs:
+  Description: Checks the arguments of ActiveRecord scopes.
+  Enabled: true
+Rails/TimeZone:
+  # The value `strict` means that `Time` should be used with `zone`.
+  # The value `flexible` allows usage of `in_time_zone` instead of `zone`.
+  Enabled: true
+  EnforcedStyle: flexible
+  SupportedStyles:
+    - strict
+    - flexible
+
+Style/AccessorMethodName:
+  Description: Check the naming of accessor methods for get_/set_.
+  Enabled: false
+Style/AndOr:
+  Description: Use &&/|| instead of and/or.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-and-or-or
+  Enabled: true
+  EnforcedStyle: conditionals
+  SupportedStyles:
+  - always
+  - conditionals
+Style/Alias:
+  Description: Use alias_method instead of alias.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#alias-method
+  Enabled: true
+Style/ClassAndModuleChildren:
+  EnforcedStyle: nested
+  SupportedStyles:
+    - nested
+    - compact
+Style/CollectionMethods:
+  Description: Preferred collection methods.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#map-find-select-reduce-size
+  Enabled: true
+  PreferredMethods:
+    collect: map
+    collect!: map!
+    find: detect
+    find_all: select
+    reduce: inject
+Style/Documentation:
+  Description: Document classes and non-namespace modules.
+  Enabled: false
+Style/DotPosition:
+  Description: Checks the position of the dot in multi-line method calls.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#consistent-multi-line-chains
+  Enabled: true
+  EnforcedStyle: trailing
+  SupportedStyles:
+  - leading
+  - trailing
+Style/DoubleNegation:
+  Description: Checks for uses of double negation (!!).
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-bang-bang
+  Enabled: true
+Style/EachWithObject:
+  Description: Prefer `each_with_object` over `inject` or `reduce`.
+  Enabled: true
+Style/EmptyLiteral:
+  Description: Prefer literals to Array.new/Hash.new/String.new.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#literal-array-hash
+  Enabled: true
+Style/FileName:
+  Description: Use snake_case for source file names.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#snake-case-files
+  Enabled: true
+  Exclude: []
+Style/GuardClause:
+  Description: Check for conditionals that can be replaced with guard clauses
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-nested-conditionals
+  Enabled: true
+  MinBodyLength: 1
+Style/IfUnlessModifier:
+  Description: Favor modifier if/unless usage when you have a single-line body.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#if-as-a-modifier
+  Enabled: false
+  MaxLineLength: 80
+Style/InlineComment:
+  Description: Avoid inline comments.
+  Enabled: false
+Style/ModuleFunction:
+  Description: Checks for usage of `extend self` in modules.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#module-function
+  Enabled: false
+Style/OneLineConditional:
+  Description: Favor the ternary operator(?:) over if/then/else/end constructs.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#ternary-operator
+  Enabled: false
+Style/OptionHash:
+  Description: Don't use option hashes when you can use keyword arguments.
+  Enabled: false
+Style/PercentLiteralDelimiters:
+  Description: Use `%`-literal delimiters consistently
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#percent-literal-braces
+  Enabled: true
+  PreferredDelimiters:
+    "%": "()"
+    "%i": "()"
+    "%q": "()"
+    "%Q": "()"
+    "%r": "{}"
+    "%s": "()"
+    "%w": "()"
+    "%W": "()"
+    "%x": "()"
+Style/PerlBackrefs:
+  Description: Avoid Perl-style regex back references.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-perl-regexp-last-matchers
+  Enabled: false
+Style/PredicateName:
+  Description: Check the names of predicate methods.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#bool-methods-qmark
+  Enabled: true
+  NamePrefix:
+  - is_
+  - has_
+  - have_
+  NamePrefixBlacklist:
+  - is_
+  Exclude:
+  - spec/**/*
+Style/RaiseArgs:
+  Description: Checks the arguments passed to raise/fail.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#exception-class-messages
+  Enabled: true
+  EnforcedStyle: exploded
+  SupportedStyles:
+  - compact
+  - exploded
+Style/Send:
+  Description: Prefer `Object#__send__` or `Object#public_send` to `send`, as `send`
+    may overlap with existing methods.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#prefer-public-send
+  Enabled: false
+Style/SignalException:
+  Description: Checks for proper usage of fail and raise.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#fail-method
+  Enabled: true
+  EnforcedStyle: semantic
+  SupportedStyles:
+  - only_raise
+  - only_fail
+  - semantic
+Style/SingleLineBlockParams:
+  Description: Enforces the names of some block params.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#reduce-blocks
+  Enabled: true
+  Methods:
+  - reduce:
+    - a
+    - e
+  - inject:
+    - a
+    - e
+Style/SingleLineMethods:
+  Description: Avoid single-line methods.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-single-line-methods
+  Enabled: true
+  AllowIfMethodIsEmpty: true
+Style/SpecialGlobalVars:
+  Description: Avoid Perl-style global variables.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-cryptic-perlisms
+  Enabled: false
+Style/StringLiterals:
+  Description: Checks if uses of quotes match the configured preference.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#consistent-string-literals
+  Enabled: true
+  EnforcedStyle: single_quotes
+  SupportedStyles:
+  - single_quotes
+  - double_quotes
+Style/StringLiteralsInInterpolation:
+  Description: Checks if uses of quotes inside expressions in interpolated strings
+    match the configured preference.
+  Enabled: true
+  EnforcedStyle: single_quotes
+  SupportedStyles:
+  - single_quotes
+  - double_quotes
+Style/TrailingCommaInArguments:
+  Description: 'Checks for trailing comma in argument lists.'
+  StyleGuide: 'https://github.com/bbatsov/ruby-style-guide#no-trailing-array-commas'
+  Enabled: true
+  EnforcedStyleForMultiline: no_comma
+  SupportedStyles:
+  - comma
+  - consistent_comma
+  - no_comma
+Style/TrailingCommaInLiteral:
+  Description: 'Checks for trailing comma in array and hash literals.'
+  StyleGuide: 'https://github.com/bbatsov/ruby-style-guide#no-trailing-array-commas'
+  Enabled: true
+  EnforcedStyleForMultiline: no_comma
+  SupportedStyles:
+  - comma
+  - consistent_comma
+  - no_comma
+Style/VariableInterpolation:
+  Description: Don't interpolate global, instance and class variables directly in
+    strings.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#curlies-interpolate
+  Enabled: false
+Style/WhenThen:
+  Description: Use when x then ... for one-line cases.
+  StyleGuide: https://github.com/bbatsov/ruby-style-guide#one-line-cases
+  Enabled: false
+Style/ZeroLengthPredicate:
+  Description: 'Use #empty? when testing for objects of length 0.'
+  Enabled: true

data/.travis.yml

@@ -1,25 +1,24 @@
 language: ruby
 
 env:
-  - "RAILS_VERSION=3.2"
   - "RAILS_VERSION=4.0"
   - "RAILS_VERSION=4.1"
   - "RAILS_VERSION=4.2"
   - "RAILS_VERSION=master"
 
 rvm:
-  - 2.0
   - 2.1
-  - 2.2.2
+  - 2.2
+  - 2.3.1
 
 matrix:
   allow_failures:
     - env: "RAILS_VERSION=master"
   exclude:
-    - rvm: 2.0
-      env: RAILS_VERSION=master
     - rvm: 2.1
       env: RAILS_VERSION=master
+    - rvm: 2.2
+      env: RAILS_VERSION=master
 
 before_install:
   - gem update bundler

data/CHANGELOG.md

@@ -1,8 +1,16 @@
 # Change Log
 
-## [Unreleased](https://github.com/houdini/two_factor_authentication/tree/HEAD)
+## [Unreleased](https://github.com/Houdini/two_factor_authentication/tree/HEAD)
 
-[Full Changelog](https://github.com/houdini/two_factor_authentication/compare/v1.1.4...HEAD)
+[Full Changelog](https://github.com/Houdini/two_factor_authentication/compare/v1.1.5...HEAD)
+
+**Merged pull requests:**
+
+- Fix class detection in reset\_otp\_state\_for\(user\) [\#69](https://github.com/Houdini/two_factor_authentication/pull/69) ([monfresh](https://github.com/monfresh))
+- Add ability to resend code [\#52](https://github.com/Houdini/two_factor_authentication/pull/52) ([iDiogenes](https://github.com/iDiogenes))
+
+## [v1.1.5](https://github.com/Houdini/two_factor_authentication/tree/v1.1.5) (2016-02-01)
+[Full Changelog](https://github.com/Houdini/two_factor_authentication/compare/v1.1.4...v1.1.5)
 
 **Closed issues:**
 
@@ -10,12 +18,16 @@
 
 **Merged pull requests:**
 
+- added french translation [\#68](https://github.com/Houdini/two_factor_authentication/pull/68) ([qsypoq](https://github.com/qsypoq))
+- Drop support for Ruby 1.9.3 & update .travis.yml [\#67](https://github.com/Houdini/two_factor_authentication/pull/67) ([monfresh](https://github.com/monfresh))
+- Fix reset\_otp\_state specs [\#66](https://github.com/Houdini/two_factor_authentication/pull/66) ([monfresh](https://github.com/monfresh))
+- Add a CHANGELOG.md [\#65](https://github.com/Houdini/two_factor_authentication/pull/65) ([monfresh](https://github.com/monfresh))
 - Update bundler on Travis before installing gems [\#63](https://github.com/Houdini/two_factor_authentication/pull/63) ([monfresh](https://github.com/monfresh))
 - Add support for OTP secret key encryption [\#62](https://github.com/Houdini/two_factor_authentication/pull/62) ([monfresh](https://github.com/monfresh))
 - Allow executing code after sign in and before sign out [\#61](https://github.com/Houdini/two_factor_authentication/pull/61) ([monfresh](https://github.com/monfresh))
 
-## [v1.1.4](https://github.com/houdini/two_factor_authentication/tree/v1.1.4) (2016-01-01)
-[Full Changelog](https://github.com/houdini/two_factor_authentication/compare/v1.1.3...v1.1.4)
+## [v1.1.4](https://github.com/Houdini/two_factor_authentication/tree/v1.1.4) (2016-01-01)
+[Full Changelog](https://github.com/Houdini/two_factor_authentication/compare/v1.1.3...v1.1.4)
 
 **Closed issues:**
 
@@ -31,8 +43,8 @@
 - Test against Ruby 2.2 and Rails 4.2 [\#53](https://github.com/Houdini/two_factor_authentication/pull/53) ([boffbowsh](https://github.com/boffbowsh))
 - Eliminates appended '?' to redirects that have no query string [\#46](https://github.com/Houdini/two_factor_authentication/pull/46) ([daveriess](https://github.com/daveriess))
 
-## [v1.1.3](https://github.com/houdini/two_factor_authentication/tree/v1.1.3) (2014-12-14)
-[Full Changelog](https://github.com/houdini/two_factor_authentication/compare/list...v1.1.3)
+## [v1.1.3](https://github.com/Houdini/two_factor_authentication/tree/v1.1.3) (2014-12-14)
+[Full Changelog](https://github.com/Houdini/two_factor_authentication/compare/v1.1.2...v1.1.3)
 
 **Closed issues:**
 
@@ -45,11 +57,8 @@
 - Preserve query parameters in \_return\_to for redirect. [\#42](https://github.com/Houdini/two_factor_authentication/pull/42) ([omb-awong](https://github.com/omb-awong))
 - Add file extension to ActiveRecord generator [\#41](https://github.com/Houdini/two_factor_authentication/pull/41) ([jackturnbull](https://github.com/jackturnbull))
 
-## [list](https://github.com/houdini/two_factor_authentication/tree/list) (2014-07-14)
-[Full Changelog](https://github.com/houdini/two_factor_authentication/compare/v1.1.2...list)
-
-## [v1.1.2](https://github.com/houdini/two_factor_authentication/tree/v1.1.2) (2014-07-14)
-[Full Changelog](https://github.com/houdini/two_factor_authentication/compare/v1.1.1...v1.1.2)
+## [v1.1.2](https://github.com/Houdini/two_factor_authentication/tree/v1.1.2) (2014-07-14)
+[Full Changelog](https://github.com/Houdini/two_factor_authentication/compare/v1.1.1...v1.1.2)
 
 **Closed issues:**
 
@@ -60,8 +69,8 @@
 - Updated readme with rake task to update existing users with OTP secret k... [\#39](https://github.com/Houdini/two_factor_authentication/pull/39) ([Znow](https://github.com/Znow))
 - Updated readme with view overriding [\#38](https://github.com/Houdini/two_factor_authentication/pull/38) ([Znow](https://github.com/Znow))
 
-## [v1.1.1](https://github.com/houdini/two_factor_authentication/tree/v1.1.1) (2014-05-31)
-[Full Changelog](https://github.com/houdini/two_factor_authentication/compare/v1.1...v1.1.1)
+## [v1.1.1](https://github.com/Houdini/two_factor_authentication/tree/v1.1.1) (2014-05-31)
+[Full Changelog](https://github.com/Houdini/two_factor_authentication/compare/v1.1...v1.1.1)
 
 **Closed issues:**
 
@@ -74,7 +83,7 @@
 - Chore/extract reused hash key [\#34](https://github.com/Houdini/two_factor_authentication/pull/34) ([rud](https://github.com/rud))
 - Pad OTP codes with less than 6 digits [\#31](https://github.com/Houdini/two_factor_authentication/pull/31) ([brissmyr](https://github.com/brissmyr))
 
-## [v1.1](https://github.com/houdini/two_factor_authentication/tree/v1.1) (2014-04-16)
+## [v1.1](https://github.com/Houdini/two_factor_authentication/tree/v1.1) (2014-04-16)
 **Closed issues:**
 
 - Update [\#15](https://github.com/Houdini/two_factor_authentication/issues/15)
@@ -106,4 +115,5 @@
 - Add generators to make it easier to install and fix deprecation warnings [\#2](https://github.com/Houdini/two_factor_authentication/pull/2) ([carvil](https://github.com/carvil))
 
 
+
 \* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

data/README.md

@@ -1,16 +1,20 @@
 # Two factor authentication for Devise
 
+[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/Houdini/two_factor_authentication?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+
 [![Build Status](https://travis-ci.org/Houdini/two_factor_authentication.svg?branch=master)](https://travis-ci.org/Houdini/two_factor_authentication)
-[![Code Climate](https://codeclimate.com/github/Houdini/two_factor_authentication.png)](https://codeclimate.com/github/Houdini/two_factor_authentication)
+[![Code Climate](https://codeclimate.com/github/Houdini/two_factor_authentication.svg)](https://codeclimate.com/github/Houdini/two_factor_authentication)
 
 ## Features
 
-* configurable OTP code digit length
-* configurable max login attempts
-* customizable logic to determine if a user needs two factor authentication
-* customizable logic for sending the OTP code to the user
-* configurable period where users won't be asked for 2FA again
-* option to encrypt the OTP secret key in the database, with iv and salt
+* Support for 2 types of OTP codes
+ 1. Codes delivered directly to the user
+ 2. TOTP (Google Authenticator) codes based on a shared secret (HMAC)
+* Configurable OTP code digit length
+* Configurable max login attempts
+* Customizable logic to determine if a user needs two factor authentication
+* Configurable period where users won't be asked for 2FA again
+* Option to encrypt the TOTP secret in the database, with iv and salt
 
 ## Configuration
 
@@ -24,11 +28,12 @@ Once that's done, run:
 
     bundle install
 
-Note that Ruby 2.0 or greater is required.
+Note that Ruby 2.1 or greater is required.
 
 ### Installation
 
 #### Automatic initial setup
+
 To set up the model and database migration file automatically, run the
 following command:
 
@@ -42,8 +47,12 @@ migration in `db/migrate/`, which will add the following columns to your table:
 - `:encrypted_otp_secret_key`
 - `:encrypted_otp_secret_key_iv`
 - `:encrypted_otp_secret_key_salt`
+- `:direct_otp`
+- `:direct_otp_sent_at`
+- `:totp_timestamp`
 
 #### Manual initial setup
+
 If you prefer to set up the model and migration manually, add the
 `:two_factor_authentication` option to your existing devise options, such as:
 
@@ -55,7 +64,7 @@ devise :database_authenticatable, :registerable, :recoverable, :rememberable,
 Then create your migration file using the Rails generator, such as:
 
 ```
-rails g migration AddTwoFactorFieldsToUsers second_factor_attempts_count:integer encrypted_otp_secret_key:string:index encrypted_otp_secret_key_iv:string encrypted_otp_secret_key_salt:string
+rails g migration AddTwoFactorFieldsToUsers second_factor_attempts_count:integer encrypted_otp_secret_key:string:index encrypted_otp_secret_key_iv:string encrypted_otp_secret_key_salt:string direct_otp:string direct_otp_sent_at:datetime totp_timestamp:timestamp
 ```
 
 Open your migration file (it will be in the `db/migrate` directory and will be
@@ -68,6 +77,7 @@ add_index :users, :encrypted_otp_secret_key, unique: true
 Save the file.
 
 #### Complete the setup
+
 Run the migration with:
 
     bundle exec rake db:migrate
@@ -80,21 +90,25 @@ Set config values in `config/initializers/devise.rb`:
 
 ```ruby
 config.max_login_attempts = 3  # Maximum second factor attempts count.
-config.allowed_otp_drift_seconds = 30  # Allowed time drift between client and server.
-config.otp_length = 6  # OTP code length
-config.remember_otp_session_for_seconds = 30.days  # Time before browser has to enter OTP code again. Default is 0.
+config.allowed_otp_drift_seconds = 30  # Allowed TOTP time drift between client and server.
+config.otp_length = 6  # TOTP code length
+config.direct_otp_valid_for = 5.minutes  # Time before direct OTP becomes invalid
+config.direct_otp_length = 6  # Direct OTP code length
+config.remember_otp_session_for_seconds = 30.days  # Time before browser has to perform 2fA again. Default is 0.
 config.otp_secret_encryption_key = ENV['OTP_SECRET_ENCRYPTION_KEY']
+config.second_factor_resource_id = 'id' # Field or method name used to set value for 2fA remember cookie
 ```
 The `otp_secret_encryption_key` must be a random key that is not stored in the
 DB, and is not checked in to your repo. It is recommended to store it in an
 environment variable, and you can generate it with `bundle exec rake secret`.
 
-Override the method to send one-time passwords in your model. This is
-automatically called when a user logs in:
+Override the method in your model in order to send direct OTP codes. This is
+automatically called when a user logs in unless they have TOTP enabled (see
+below):
 
 ```ruby
-def send_two_factor_authentication_code
-  # use Model#otp_code and send via SMS, etc.
+def send_two_factor_authentication_code(code)
+  # Send code via SMS, etc.
 end
 ```
 
@@ -113,7 +127,14 @@ In the example above, two factor authentication will not be required for local
 users.
 
 This gem is compatible with [Google Authenticator](https://support.google.com/accounts/answer/1066447?hl=en).
-You can generate provisioning uris by invoking the following method on your model:
+To enable this a shared secret must be generated by invoking the following
+method on your model:
+
+```ruby
+user.generate_totp_secret
+```
+
+This must then be shared via a provisioning uri:
 
 ```ruby
 user.provisioning_uri # This assumes a user model with an email attribute
@@ -121,9 +142,7 @@ user.provisioning_uri # This assumes a user model with an email attribute
 
 This provisioning uri can then be turned in to a QR code if desired so that
 users may add the app to Google Authenticator easily.  Once this is done, they
-may retrieve a one-time password directly from the Google Authenticator app as
-well as through whatever method you define in
-`send_two_factor_authentication_code`.
+may retrieve a one-time password directly from the Google Authenticator app.
 
 #### Overriding the view
 
@@ -142,27 +161,33 @@ Below is an example using ERB:
 <% end %>
 
 <%= link_to "Sign out", destroy_user_session_path, :method => :delete %>
-
 ```
 
-#### Updating existing users with OTP secret key
+#### Upgrading from version 1.X to 2.X
+
+The following database fields are new in version 2.
+
+- `direct_otp`
+- `direct_otp_sent_at`
+- `totp_timestamp`
 
-If you have existing users that need to be provided with a OTP secret key, so
-they can use two factor authentication, create a rake task. It could look like this one below:
+To add them, generate a migration such as:
+
+    $ rails g migration AddTwoFactorFieldsToUsers direct_otp:string direct_otp_sent_at:datetime totp_timestamp:timestamp
+
+The `otp_secret_key` is not only required for users who use Google Authentictor,
+so unless it has been shared with the user it should be set to `nil`.  The
+following pseudo-code is an example of how this might be done:
 
 ```ruby
-desc 'rake task to update users with otp secret key'
-task :update_users_with_otp_secret_key  => :environment do
-  User.find_each do |user|
-    user.otp_secret_key = ROTP::Base32.random_base32
-    user.save!
-    puts "Rake[:update_users_with_otp_secret_key] => OTP secret key set to '#{key}' for User '#{user.email}'"
+User.find_each do |user| do
+  if !uses_authentictor_app(user)
+    user.otp_secret_key = nil
   end
 end
 ```
-Then run the task with `bundle exec rake update_users_with_otp_secret_key`
 
-#### Adding the OTP encryption option to an existing app
+#### Adding the TOTP encryption option to an existing app
 
 If you've already been using this gem, and want to start encrypting the OTP
 secret key in the database (recommended), you'll need to perform the following
@@ -236,39 +261,6 @@ after them):
    bundle exec rake db:rollback STEP=3
    ```
 
-#### Executing some code after the user signs in and before they sign out
-
-In some cases, you might want to perform some action right after the user signs
-in, but before the OTP is sent, and also right before the user signs out. One
-scenario where you would need this is if you are requiring users to confirm
-their phone number first before they can receive an OTP. If they enter a wrong
-number, then sign out or close the browser before they confirm, they won't be
-able to confirm their real number. To solve this problem, we need to be able to
-reset their unconfirmed number before they sign out or sign in, and before the
-OTP code is sent.
-
-To define this action, create a `#{user.class}OtpSender` class that takes the
-current user as its parameter, and defines a `#reset_otp_state` instance method.
-For example, if your user's class is `User`, you would create a `UserOtpSender`
-class, like this:
-```ruby
-class UserOtpSender
-  def initialize(user)
-    @user = user
-  end
-
-  def reset_otp_state
-    if @user.unconfirmed_mobile.present?
-      @user.update(unconfirmed_mobile: nil)
-    end
-  end
-end
-```
-If you have different types of users in your app (for example, User and Admin),
-and you need different logic for each type of user, create a second class for
-your admin user, such as `AdminOtpSender`, with its own logic for
-`#reset_otp_state`.
-
 ### Example App
 
 [TwoFactorAuthenticationExample](https://github.com/Houdini/TwoFactorAuthenticationExample)