diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 0d9dcbaf7..d03f9692b 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -316,6 +316,7 @@ Devise.setup do |config| config.otp_length = 6 # TOTP code length config.direct_otp_valid_for = 5.minutes # Time before direct OTP becomes invalid config.direct_otp_length = 6 # Direct OTP code length + config.direct_otp_valid_for = 15.minutes # Time before direct OTP becomes invalid config.remember_otp_session_for_seconds = 1.day # Time before browser has to perform 2fA again. Default is 0. config.otp_secret_encryption_key = ENV["OTP_SECRET_ENCRYPTION_KEY"] config.second_factor_resource_id = "id" # Field or method name used to set value for 2fA remember cookie diff --git a/spec/features/admin_panel_spec.rb b/spec/features/admin_panel_spec.rb index 45998ac0c..d5732ca6f 100644 --- a/spec/features/admin_panel_spec.rb +++ b/spec/features/admin_panel_spec.rb @@ -30,10 +30,10 @@ RSpec.describe "Admin Panel" do expect(page).to have_content("Two factor authentication successful.") end - context "but it is more than 5 minutes old" do + context "but it is more than 15 minutes old" do it "does not authenticate successfully" do click_button("Login") - admin.update!(direct_otp_sent_at: 10.minutes.ago) + admin.update!(direct_otp_sent_at: 16.minutes.ago) fill_in("code", with: otp) click_button("Submit") expect(page).to have_content("Check your phone")