Fix unnecessary requirement for deprecated OTP_SECRET environment variable (#34810)

config/environments/production.rb

@@ -150,13 +150,6 @@ Rails.application.configure do
     'Referrer-Policy' => 'same-origin',
   }
 
-  # TODO: Remove once devise-two-factor data migration complete
-  config.x.otp_secret = if ENV['SECRET_KEY_BASE_DUMMY']
-                          SecureRandom.hex(64)
-                        else
-                          ENV.fetch('OTP_SECRET')
-                        end
-
   # Enable DNS rebinding protection and other `Host` header attacks.
   # config.hosts = [
   #   "example.com",     # Allow requests from example.com

config/environments/test.rb

@@ -48,9 +48,6 @@ Rails.application.configure do
   # Print deprecation notices to the stderr.
   config.active_support.deprecation = :stderr
 
-  # TODO: Remove once devise-two-factor data migration complete
-  config.x.otp_secret = '100c7faeef00caa29242f6b04156742bf76065771fd4117990c4282b8748ff3d99f8fdae97c982ab5bd2e6756a159121377cce4421f4a8ecd2d67bd7749a3fb4'
-
   # Generate random VAPID keys
   vapid_key = Webpush.generate_key
   config.x.vapid_private_key = vapid_key.private_key

db/post_migrate/20240307180905_migrate_devise_two_factor_secrets.rb

@@ -79,8 +79,18 @@ class MigrateDeviseTwoFactorSecrets < ActiveRecord::Migration[7.1]
   class MigrationUser < ApplicationRecord
     self.table_name = :users
 
+    LEGACY_OTP_SECRET = begin
+      if Rails.env.test?
+        '100c7faeef00caa29242f6b04156742bf76065771fd4117990c4282b8748ff3d99f8fdae97c982ab5bd2e6756a159121377cce4421f4a8ecd2d67bd7749a3fb4'
+      elsif ENV['SECRET_KEY_BASE_DUMMY']
+        SecureRandom.hex(64)
+      else
+        ENV.fetch('OTP_SECRET')
+      end
+    end
+
     devise :two_factor_authenticatable,
-           otp_secret_encryption_key: Rails.configuration.x.otp_secret
+           otp_secret_encryption_key: LEGACY_OTP_SECRET
 
     include LegacyOtpSecret
   end