Fix Mandatory OTP Issue

[strouptl]

@strzibny, here is the completed mandatory_otp solution. It resolves the main issue where mandatory otp can be skipped in Issue #71. Please let me know your thoughts!

(Excerpted from CHANGELOG)
Summary: Move mandatory OTP functionality to the helper layer to ensure that it is enforced throughout application (rather than one time at log in).

Details:

• Add PublicHelpers class, and add to Devise @@helpers variable to generate per-scope ensure_mandatory_{scope}_otp! methods;
• Update order of module definitions and "require" statements in devise-otp.rb (required for adding DeviseOtpAuthenticable PublicHelpers to Devise @@helpers variable);

Breaking Changes:

• Requires adding "ensure_mandatory_{scope}_otp! to controllers;

[strzibny]

I too was thinking of moving it outside the session controller, looks good as an approach.

[strouptl]

OK, good. The meta programming was the tricky part for me: the Mappings have to be defined before calling the "define_helpers" method in order to generate the per-mapping routes.

Here are the approaches I considered (for reference):

1. Add the new DeviseOtpAuthenticable PublicHelpers class to the @@helpers variable (current_approach)
2. Overwrite Devise's "regnerate_routes!" method (as this gets called after defining the routes)
3. Update the Devise::Controller::Helper's own define_routes method (inserting the ensure_mandatory_{scope}_otp! definition inline with the authenticate_{scope}! method)

I don't know if you know of a better way, but the first seemed the least intrusive to me.