From 393a072c6f79a27ad42194b89913a2f6b25e4383 Mon Sep 17 00:00:00 2001
From: David Roetzel <david@roetzel.de>
Date: Fri, 27 Sep 2024 12:05:23 +0200
Subject: [PATCH] Increase length of OTP secret

---
 app/models/user.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index 0c8d481c4c..c5c4cf5314 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -67,7 +67,8 @@ class User < ApplicationRecord
   ACTIVE_DURATION = ENV.fetch('USER_ACTIVE_DAYS', 7).to_i.days.freeze
 
   devise :two_factor_authenticatable,
-         otp_secret_encryption_key: Rails.configuration.x.otp_secret
+         otp_secret_encryption_key: Rails.configuration.x.otp_secret,
+         otp_secret_length: 26
 
   devise :two_factor_backupable,
          otp_number_of_backup_codes: 10