From a0055cfe17b6ac9f1af599df1f73a3f2a7818a1a Mon Sep 17 00:00:00 2001
From: Tikhon Botchkarev <TikiTDO@gmail.com>
Date: Wed, 24 Sep 2014 13:49:16 -0400
Subject: [PATCH] Add function to re-geterante the OTP secret

---
 lib/active_model/one_time_password.rb | 6 +++++-
 test/one_time_password_test.rb        | 6 ++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/active_model/one_time_password.rb b/lib/active_model/one_time_password.rb
index d0fa68b..16506ab 100644
--- a/lib/active_model/one_time_password.rb
+++ b/lib/active_model/one_time_password.rb
@@ -10,7 +10,7 @@ def has_one_time_password(options = {})
 
         include InstanceMethodsOnActivation
 
-        before_create { self.otp_column ||= ROTP::Base32.random_base32 }
+        before_create { self.otp_regenerate_secret if !self.otp_column}
 
         if respond_to?(:attributes_protected_by_default)
           def self.attributes_protected_by_default #:nodoc:
@@ -21,6 +21,10 @@ def self.attributes_protected_by_default #:nodoc:
     end
 
     module InstanceMethodsOnActivation
+      def otp_regenerate_secret
+        self.otp_column = ROTP::Base32.random_base32
+      end
+
       def authenticate_otp(code, options = {})
         totp = ROTP::TOTP.new(self.otp_column)
         if drift = options[:drift]
diff --git a/test/one_time_password_test.rb b/test/one_time_password_test.rb
index d7d13dc..d64cf70 100644
--- a/test/one_time_password_test.rb
+++ b/test/one_time_password_test.rb
@@ -46,4 +46,10 @@ def test_provisioning_uri_with_email_field
     assert_match %r{otpauth://totp/roberto@heapsource\.com\?secret=\w{16}}, @user.provisioning_uri
     assert_match %r{otpauth://totp/roberto@heapsource\.com\?secret=\w{16}}, @visitor.provisioning_uri
   end
+
+  def test_regenerate_otp
+    secret = @user.otp_column
+    @user.otp_regenerate_secret
+    assert secret != @user.otp_column
+  end
 end