From d486aed7ed9191089766415b28c9ac3a5da67c50 Mon Sep 17 00:00:00 2001
From: Santiago Gomez <33270615+sgomez17@users.noreply.github.com>
Date: Wed, 23 Aug 2023 03:35:32 +1000
Subject: [PATCH] Handle gracefully missing :scope in params (#193)

When params do not include the required scope key (e.g. user)
then TwoFactorAuthenticatable throws exception "undefined method :[] for nil:NilClass".
This change is to handle such scenario gracefully
---
 lib/devise_two_factor/strategies/two_factor_authenticatable.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/devise_two_factor/strategies/two_factor_authenticatable.rb b/lib/devise_two_factor/strategies/two_factor_authenticatable.rb
index fe89230..dbed5d2 100644
--- a/lib/devise_two_factor/strategies/two_factor_authenticatable.rb
+++ b/lib/devise_two_factor/strategies/two_factor_authenticatable.rb
@@ -21,7 +21,7 @@ def authenticate!
 
       def validate_otp(resource)
         return true unless resource.otp_required_for_login
-        return if params[scope]['otp_attempt'].nil?
+        return if params[scope].nil? || params[scope]['otp_attempt'].nil?
         resource.validate_and_consume_otp!(params[scope]['otp_attempt'])
       end
     end