From 5094238c74c8c998017d69f4a76fb429938dfdda Mon Sep 17 00:00:00 2001
From: Matt Mueller <muellermr@gmail.com>
Date: Thu, 20 Feb 2014 08:47:46 -0600
Subject: [PATCH] Allowing both config and override of allowed otp drift.

---
 lib/two_factor_authentication.rb                       |  3 +++
 .../models/two_factor_authenticatable.rb               | 10 ++++------
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/lib/two_factor_authentication.rb b/lib/two_factor_authentication.rb
index d39ab37..3e6e67e 100644
--- a/lib/two_factor_authentication.rb
+++ b/lib/two_factor_authentication.rb
@@ -10,6 +10,9 @@ require "rotp"
 module Devise
   mattr_accessor :max_login_attempts
   @@max_login_attempts = 3
+
+  mattr_accessor :allowed_otp_drift_seconds
+  @@allowed_otp_drift_seconds = 30
 end
 
 module TwoFactorAuthentication
diff --git a/lib/two_factor_authentication/models/two_factor_authenticatable.rb b/lib/two_factor_authentication/models/two_factor_authenticatable.rb
index 6ec57b4..01009a6 100644
--- a/lib/two_factor_authentication/models/two_factor_authenticatable.rb
+++ b/lib/two_factor_authentication/models/two_factor_authenticatable.rb
@@ -20,17 +20,15 @@ module Devise
             end
           end
         end
-        ::Devise::Models.config(self, :max_login_attempts)
+        ::Devise::Models.config(self, :max_login_attempts, :allowed_otp_drift_seconds)
       end
 
       module InstanceMethodsOnActivation
         def authenticate_otp(code, options = {})
           totp = ROTP::TOTP.new(self.otp_column)
-          if drift = options[:drift]
-            totp.verify_with_drift(code, drift)
-          else
-            totp.verify(code)
-          end
+          drift = options[:drift] || self.class.allowed_otp_drift_seconds
+
+          totp.verify_with_drift(code, drift)
         end
 
         def otp_code(time = Time.now)