aaa.rb

module Devise::Strategies
  # Rастомная стратегия аутентификации
  class Aaa < Authenticatable
    def authenticate!
# binding.pry
      resource  = password.present? && mapping.to.find_for_database_otp_authentication(authentication_hash)
      encrypted = false

      if validate(resource){ encrypted = true; resource.valid_password?(password) && valid_otp?(resource) }
        (resource)
        resource.after_database_otp_authentication if resource.respond_to?(:after_database_otp_authentication)
        success!(resource)
      end

      mapping.to.new.password = password if !encrypted && Devise.paranoid
      fail(:not_found_in_database) unless resource
    end

    def valid_otp?(resource)
# binding.pry
      return true unless resource.require_otp_on_login?
      otp_code = params['otp_code']

      return unless otp_code
      resource.valid_otp?(otp_code)
    end
  end
end


# /initializers/devise.rb

  config.warden do |manager|

    manager.strategies.add(:aaa, Devise::Strategies::Aaa)
    manager.default_strategies(:scope => :user).unshift :password

    manager.failure_app = Devise::FailureApps::ApiAuthFailure
  end