Wrong and confusing flash message when enabling

DannyBen commented 4 years ago

It seems like this flash message:

    devise_authy:
      user:
        enabled: Two factor authentication was enabled

Is used in two places, which are different.

One place, is after entering the country and phone number - and as it seems, 2FA is in fact NOT enabled at this point.
Another place, is after they enter the token to verify.

I believe there should be no flash message after registering the user, since we already are redirected to the next page to proceed with the validation process.

In any case, I do not understand how nobody complained about it so far - unless I missed something, this is sending users the wrong information, without the developer's ability to update (i.e. cannot edit the locale text, since it is used in two contexts - one correct, one not).

I believe the offending code is here: https://github.com/twilio/authy-devise/blob/cc38aa4bb2018e5f0f193604b14bae96009c9eb7/app/controllers/devise/devise_authy_controller.rb#L59-L66

philnash commented 4 years ago

Thanks for opening the issue. I will take a look at this as soon as I can. You definitely seem right that this should not be used twice and not until the user has fully enabled 2FA.

DannyBen commented 4 years ago

Thank you. I think the success flash can just be removed from the first (save user) operation. In this case, the simplest solution seems to also be the best.

DannyBen commented 4 years ago

Thank you!

twilio / authy-devise

Wrong and confusing flash message when enabling #131