From e758e9a49cbb7f8c8ccf717bb7897113f93a63b4 Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Mon, 22 Apr 2024 12:25:08 +0200
Subject: [PATCH] Fix OTP secret post-deployment migration

---
 ...40307180905_migrate_devise_two_factor_secrets.rb | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/db/post_migrate/20240307180905_migrate_devise_two_factor_secrets.rb b/db/post_migrate/20240307180905_migrate_devise_two_factor_secrets.rb
index b3ab14b077..360e4806da 100644
--- a/db/post_migrate/20240307180905_migrate_devise_two_factor_secrets.rb
+++ b/db/post_migrate/20240307180905_migrate_devise_two_factor_secrets.rb
@@ -3,7 +3,18 @@
 class MigrateDeviseTwoFactorSecrets < ActiveRecord::Migration[7.1]
   disable_ddl_transaction!
 
+  class MigrationUser < ApplicationRecord
+    self.table_name = :users
+
+    devise :two_factor_authenticatable,
+           otp_secret_encryption_key: Rails.configuration.x.otp_secret
+
+    include LegacyOtpSecret # Must be after the above `devise` line in order to override the legacy method
+  end
+
   def up
+    MigrationUser.reset_column_information
+
     users_with_otp_enabled.find_each do |user|
       # Gets the new value on already-updated users
       # Falls back to legacy value on not-yet-migrated users
@@ -23,6 +34,6 @@ class MigrateDeviseTwoFactorSecrets < ActiveRecord::Migration[7.1]
   private
 
   def users_with_otp_enabled
-    User.where(otp_required_for_login: true)
+    MigrationUser.where(otp_required_for_login: true, otp_secret: nil)
   end
 end