provisioning_uri called with no otp_secret_key set

[cchandler81]

I used this post as a guide for implementing this gem into an existing app that uses Devise and I'm getting the error from the title when I update a user to enable two factor auth, specifically on the user.provisioning_uri line of the following helper:

def google_authenticator_qrcode(user)
    data = user.provisioning_uri
    data = Rack::Utils.escape(data)
    url = "https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl=#{data}"
    return image_tag(url, :alt => 'Google Authenticator QRCode')
  end

Which is called from /users/registrations/confirm_two_factor_authentication.html.erb:
<%= google_authenticator_qrcode(resource) %>

Which the user is redirected to via my overridden after_update_path_for(resource).

Do I need to do anything specific to set the encrypted_otp_secret_x columns for the existing users?

TIA

[cchandler81]

So I added a before_save call to the following method in my User class:

def update_two_factor
    if two_factor_enabled_changed? && two_factor_enabled?
      self.otp_secret_key = self.generate_totp_secret
    elsif two_factor_enabled_changed? && !two_factor_enabled?
      self.unconfirmed_two_factor = true
      self.encrypted_otp_secret_key = nil
      self.encrypted_otp_secret_key_iv = nil
      self.encrypted_otp_secret_key_salt = nil
    end

This seems to work, with the added bonus of disabling everything if the user disables their 2FA setting, but I'm all ears if this isn't a good way to do it.

[dan-klasson]

I got an error on that too, had to put self.otp_secret_key = self.generate_totp_secret before user.provisioning_uri and make sure the otp_secret_encryption_key was a valid secret key (used rake secret to generate one).

If you want to disable 2fa for a user you can just make the encrypted_otp_secret_key field nil.