Direct OTP codes are ones that are delivered directly to
the user (e.g. SMS) via send_two_factor_authentication_code.
These are randomly generated, short lived, and stored
directly in the database.
TOTP (and the rotp gem) is now only enabled for those user
that have a shared secret (user.create_otp_secret).
**Why**: To be able to support Rails 5 without deprecation warnings,
we need to replace `before_filter` with `before_action`.
`before_action` is not supported in Rails 3.2, so we need to bump the
major version number since this will be a breaking change for people
who can't upgrade Rails.
This makes the gem store a signed cookie for a configurable amount of
time that allows the user to bypass 2FA. Our use-case for this is that
we expire user’s Devise sessions after 12 hours, but don’t want to
force them to authenticate using 2FA every day.
Signed cookies are available since Rails 3. This requires the signing
functionality to be properly configured, but is disabled by setting the
config variable to `0`, the default.
Ladislav Gallay
Jonathan Kirst
Philipp Staender
Gaurish Sharma
Konrad Jurkowski
amoose
Tigran Apoyan
Aubin LORIEUX
Sam Clegg
Moncef Belyamani
Eugene Surzhko
Marc Lennox
Dmitrii Golub
Kevin Pheasey
Paul Bowsher
JD Trout
Laust Rud Jacobsen
Karol Sarnacki
Ross Kaffenberger
Matt Mueller
Edger
John Bradley