rename "otp_token" input to "confirmation_code"; make edit_otp_token …

…scope singular; fix spelling issue in "Enable Two Factor Authentication" link; expand "Changes to Locales" description in CHANGELOG;

CHANGELOG.md

@@ -4,25 +4,40 @@
 
 Summary:
 - Require confirmation token before enabling Two Factor Authentication (2FA) to ensure that user has added OTP token properly to their device
-- Update system to populate OTP secrets only as needed
+- Update system to populate OTP secrets as needed
 
-Changes:
+Details:
 - Add "edit" action with Confirmation Token for enabling 2FA to otp_tokens controller
 - Make enabling of 2FA in update action conditional on valid Confirmation Token
 - Repurpose "show" view for display of OTP status and info (no form)
 
 - Update otp_tokens#edit to populate OTP secrets (rather than assuming they are populated via callbacks in OTPDeviseAuthenticatable module)
 - Repurpose otp_tokens#destroy to disable 2FA and clear OTP secrets (rather than resetting them)
 
-- Remove callbacks for setting OTP credentials on create action (no longer needed)
-- Replace "reset_otp_credentials" methods with "clear_otp_fields!" method;
+- Remove OtpAuthenticatable callbacks for setting OTP credentials on create action (no longer needed)
+- Replace OtpAuthenticatable "reset_otp_credentials" methods with "clear_otp_fields!" method;
 
 Changes to Locales:
-- Move OTP explanation and form related values to devise.otp.edit_otp_tokens scope
-- Rename devise.otp.token_secret.reset_\* values to ...disable_\*
-- Rename "successfully_reset_creds" value to "successfully_disabled_otp"
-- Add "enable_link" and "could_not_confirm" to otp_tokens scope
-- Add "lead_in", "step1", "step2", and "otp_token" to edit_otp_tokens scope
+- Remove:
+  - otp_tokens.enable_request
+  - otp_tokens.status
+  - otp_tokens.submit
+- Add to otp_tokens scope:
+  - enable_link
+-  Move/rename devise.otp.token_secret.reset_\* values to devise.otp.otp_tokens.disable_\* (to match new "enable_link")
+  - disable_link
+  - disable_explain
+  - disable_explain_warn
+- Add to new edit_otp_token scope:
+  - title
+  - lead_in
+  - step1
+  - step2
+  - confirmation_code
+  - submit
+- Move "explain" to new edit_otp_token scope
+- Add devise.otp.otp_tokens.could_not_confirm
+- Rename "successfully_reset_creds" to "successfully_disabled_otp"
 
 ## 0.4.0
 

app/controllers/devise_otp/devise/otp_tokens_controller.rb

@@ -30,7 +30,7 @@ def edit
       # Updates the status of OTP authentication
       #
       def update
-        if resource.valid_otp_token?(params[:otp_token])
+        if resource.valid_otp_token?(params[:confirmation_code])
           resource.enable_otp!
           otp_set_flash_message :success, :successfully_updated
           redirect_to action: :show

app/views/devise/otp_tokens/_token_secret.html.erb

@@ -7,11 +7,11 @@
   <code><%= resource.otp_auth_secret %></code>
 </p>
 
-<p><%= button_to I18n.t('disable_otp', :scope => 'devise.otp.token_secret'), @resource, :method => :delete, :data => { "turbo-method": "DELETE" } %></p>
+<p><%= button_to I18n.t('disable_link', :scope => 'devise.otp.otp_tokens'), @resource, :method => :delete, :data => { "turbo-method": "DELETE" } %></p>
 
 <p>
-  <%= I18n.t('disable_explain', :scope => 'devise.otp.token_secret') %>
-  <strong><%= I18n.t('disable_explain_warn', :scope => 'devise.otp.token_secret') %></strong>
+  <%= I18n.t('disable_explain', :scope => 'devise.otp.otp_tokens') %>
+  <strong><%= I18n.t('disable_explain_warn', :scope => 'devise.otp.otp_tokens') %></strong>
 </p>
 
 <%- if recovery_enabled? %>

app/views/devise/otp_tokens/edit.html.erb

@@ -1,9 +1,9 @@
-<h2><%= I18n.t('title', :scope => 'devise.otp.edit_otp_tokens') %></h2>
-<p><%= I18n.t('explain', :scope => 'devise.otp.edit_otp_tokens') %></p>
+<h2><%= I18n.t('title', :scope => 'devise.otp.edit_otp_token') %></h2>
+<p><%= I18n.t('explain', :scope => 'devise.otp.edit_otp_token') %></p>
 
-<h2><%= I18n.t('lead_in', :scope => 'devise.otp.edit_otp_tokens') %></h2>
+<h2><%= I18n.t('lead_in', :scope => 'devise.otp.edit_otp_token') %></h2>
 
-<p><%= I18n.t('step_1', :scope => 'devise.otp.edit_otp_tokens') %></p>
+<p><%= I18n.t('step_1', :scope => 'devise.otp.edit_otp_token') %></p>
 
 <%= otp_authenticator_token_image(resource) %>
 
@@ -12,15 +12,15 @@
   <code><%= resource.otp_auth_secret %></code>
 </p>
 
-<p><%= I18n.t('step_2', :scope => 'devise.otp.edit_otp_tokens') %></p>
+<p><%= I18n.t('step_2', :scope => 'devise.otp.edit_otp_token') %></p>
 
 <%= form_with(:url => [resource_name, :otp_token], :method => :put) do |f| %>
 
   <p>
-    <%= f.label :otp_token, I18n.t('otp_token', :scope => 'devise.otp.edit_otp_tokens') %>
-    <%= f.text_field :otp_token %>
+    <%= f.label :confirmation_code, I18n.t('confirmation_code', :scope => 'devise.otp.edit_otp_token') %>
+    <%= f.text_field :confirmation_code %>
   </p>
 
-  <p><%= f.submit I18n.t('submit', :scope => 'devise.otp.edit_otp_tokens') %></p>
+  <p><%= f.submit I18n.t('submit', :scope => 'devise.otp.edit_otp_token') %></p>
 
 <% end %>

config/locales/en.yml

@@ -26,12 +26,12 @@ en:
         title: 'Your token secret'
         explain: 'Take a photo of this QR code with your mobile'
         manual_provisioning: 'Manual provisioning code'
-        disable_otp: 'Disable Two-Factor Authentication'
-        disable_explain: 'This will disable Two-Factor authentication and clear the OTP secret.'
-        disable_explain_warn: 'To re-enable Two-Factor authentication, you will need to enroll your mobile device again.'
       otp_tokens:
         title: 'Two-factors Authentication:'
-        enable_link: 'Enable Two-Factors Authentication'
+        enable_link: 'Enable Two-Factor Authentication'
+        disable_link: 'Disable Two-Factor Authentication'
+        disable_explain: 'This will disable Two-Factor authentication and clear the OTP secret.'
+        disable_explain_warn: 'To re-enable Two-Factor authentication, you will need to enroll your mobile device again.'
         successfully_updated: 'Your two-factors authentication settings have been updated.'
         could_not_confirm: 'The Confirmation Code you entered did not match the QR code shown below.'
         successfully_disabled_otp: 'Two-Factor authentication has been disabled.'
@@ -46,13 +46,13 @@ en:
           code: 'Recovery Code'
           codes_list: 'Here is the list of your recovery codes'
           download_codes: 'Download recovery codes'
-      edit_otp_tokens:
+      edit_otp_token:
         title: 'Enable Two-factors Authentication'
         explain: 'Two factors authentication adds an additional layer of security to your account. When logging in you will be asked for a code that you can generate on a physical device, like your phone.'
         lead_in: 'To Enable Two-Factor Authentication:'
         step_1: '1. Open your authenticator app and scan the QR code shown below:'
         step_2: '2. Enter the 6-digit code shown in your authenticator app below:'
-        otp_token: "Confirmation Code"
+        confirmation_code: "Confirmation Code"
         submit: 'Continue...'
       trusted_browsers:
         title: 'Trusted Browsers'

test/integration/enable_otp_form_test.rb

@@ -13,7 +13,7 @@ def teardown
 
     user.reload
 
-    fill_in "otp_token", with: ROTP::TOTP.new(user.otp_auth_secret).at(Time.now)
+    fill_in "confirmation_code", with: ROTP::TOTP.new(user.otp_auth_secret).at(Time.now)
 
     click_button "Continue..."
 
@@ -29,7 +29,7 @@ def teardown
 
     visit edit_user_otp_token_path
 
-    fill_in "otp_token", with: "123456"
+    fill_in "confirmation_code", with: "123456"
 
     click_button "Continue..."
 
@@ -44,7 +44,7 @@ def teardown
 
     visit edit_user_otp_token_path
 
-    fill_in "otp_token", with: ""
+    fill_in "confirmation_code", with: ""
 
     click_button "Continue..."
 

test/integration/sign_in_test.rb

@@ -23,7 +23,7 @@ def teardown
     visit user_otp_token_path
     assert page.has_content?("Disabled")
 
-    click_link "Enable Two-Factors Authentication"
+    click_link "Enable Two-Factor Authentication"
 
     assert page.has_content?("Enable Two-factors Authentication")
     assert_equal edit_user_otp_token_path, current_path

test/integration_tests_helper.rb

@@ -29,7 +29,7 @@ def enable_otp_and_sign_in
 
     sign_user_in(user)
     visit edit_user_otp_token_path
-    fill_in "otp_token", with: ROTP::TOTP.new(user.otp_auth_secret).at(Time.now)
+    fill_in "confirmation_code", with: ROTP::TOTP.new(user.otp_auth_secret).at(Time.now)
     click_button "Continue..."
 
     Capybara.reset_sessions!