Merge pull request #56 from kpheasey/master

Abstract logic for two factor success and fail into separate methods.…

app/controllers/devise/two_factor_authentication_controller.rb

@@ -9,32 +9,49 @@ class Devise::TwoFactorAuthenticationController < DeviseController
     render :show and return if params[:code].nil?
 
     if resource.authenticate_otp(params[:code])
+      after_two_factor_success_for(resource)
+    else
+      after_two_factor_fail_for(resource)
+    end
+  end
+
+  private
+
+  def after_two_factor_success_for(resource)
     expires_seconds = resource.class.remember_otp_session_for_seconds
+
     if expires_seconds && expires_seconds > 0
       cookies.signed[TwoFactorAuthentication::REMEMBER_TFA_COOKIE_NAME] = {
           value: true,
           expires: expires_seconds.from_now
       }
     end
+
     warden.session(resource_name)[TwoFactorAuthentication::NEED_AUTHENTICATION] = false
     sign_in resource_name, resource, :bypass => true
     set_flash_message :notice, :success
-      redirect_to stored_location_for(resource_name) || :root
     resource.update_attribute(:second_factor_attempts_count, 0)
-    else
+
+    redirect_to after_two_factor_success_path_for(resource)
+  end
+
+  def after_two_factor_success_path_for(resource)
+    stored_location_for(resource_name) || :root
+  end
+
+  def after_two_factor_fail_for(resource)
     resource.second_factor_attempts_count += 1
     resource.save
     flash.now[:error] = find_message(:attempt_failed)
+
     if resource.max_login_attempts?
       sign_out(resource)
       render :max_login_attempts_reached
+
     else
       render :show
     end
   end
-  end
-
-  private
 
   def authenticate_scope!
     self.resource = send("current_#{resource_name}")