Fix issue with scoped redirects for non-default resources (#88)

* utilize url_helpers in otp_tokens_controller to ensure that user is redirected to properly scoped path (rather than the default scope);

* use url_helper for "Disable OTP" link to ensure properly scoped path (rather than just the default scope);

* reverse order of admin and user routes to eliminate false positives from default (user) routes going forward;

app/controllers/devise_otp/devise/otp_tokens_controller.rb

@@ -33,7 +33,7 @@ def update
         if resource.valid_otp_token?(params[:confirmation_code])
           resource.enable_otp!
           otp_set_flash_message :success, :successfully_updated
-          redirect_to action: :show
+          redirect_to otp_token_path_for(resource)
         else
           otp_set_flash_message :danger, :could_not_confirm
           render :edit
@@ -48,7 +48,7 @@ def destroy
           otp_set_flash_message :success, :successfully_disabled_otp
         end
 
-        redirect_to action: :show
+        redirect_to otp_token_path_for(resource)
       end
 
       #
@@ -59,7 +59,7 @@ def get_persistence
           otp_set_flash_message :success, :successfully_set_persistence
         end
 
-        redirect_to action: :show
+        redirect_to otp_token_path_for(resource)
       end
 
       #
@@ -70,7 +70,7 @@ def clear_persistence
           otp_set_flash_message :success, :successfully_cleared_persistence
         end
 
-        redirect_to action: :show
+        redirect_to otp_token_path_for(resource)
       end
 
       #
@@ -81,7 +81,7 @@ def delete_persistence
           otp_set_flash_message :notice, :successfully_reset_persistence
         end
 
-        redirect_to action: :show
+        redirect_to otp_token_path_for(resource)
       end
 
       def recovery
@@ -100,7 +100,7 @@ def reset
           otp_set_flash_message :success, :successfully_reset_otp
         end
 
-        redirect_to action: :edit
+        redirect_to edit_otp_token_path_for(resource)
       end
 
       private

app/views/devise/otp_tokens/show.html.erb

@@ -7,7 +7,7 @@
   <%= render :partial => 'trusted_devices' if trusted_devices_enabled? %>
 
   <% unless otp_mandatory_on?(resource) %>
-    <%= button_to I18n.t('disable_link', :scope => 'devise.otp.otp_tokens'), @resource, :method => :delete, :data => { "turbo-method": "DELETE" } %>
+    <%= button_to I18n.t('disable_link', :scope => 'devise.otp.otp_tokens'), otp_token_path_for(resource), :method => :delete, :data => { "turbo-method": "DELETE" } %>
   <% end %>
 <% else %>
   <%= link_to I18n.t('enable_link', :scope => 'devise.otp.otp_tokens'), edit_otp_token_path_for(resource) %>

test/dummy/config/routes.rb

@@ -1,6 +1,6 @@
 Dummy::Application.routes.draw do
-  devise_for :users
   devise_for :admins
+  devise_for :users
 
   resources :posts
   resources :admin_posts