Optional subdomain aware redirects and scope based cookie names

[dachinat]

Hello,

I was using your gem for a long while and I liked it a lot. However, it did not quite work with me well where I was having two user scopes and different subdomains.

In my scenario AdminUser should have been available on "system.example.com" subdomain and User should have been on "portal.example.com", "blog.example.com", "docs.example.com" and "example.com" itself.

I separated session cookie store so that there were two different cookies created for these separations: _core_session and _admin_session

Problem with this gem #1 was that it was creating single "remember_tfa" cookie that arose problems with other scopes.

Problem #2 was that if I logged-in in system.example.com as AdminUser and I was prompted 2FA, if I would not enter anything in the box and manually head to portal.example.com or docs.example com I would be force-redirected back to system.example.com (try 'remember me' from devise) and this was very disturbing.

Feel free to reject this pull-request, or perhaps introduce a better solution but for me this was handy.

USAGE

1. Cookie name - done automatically (_scope is appended to defined constants)
2. Subdomain scopes - Optional (by default operates as usual)
   Your devise models can now have an optional class method two_factor_subdomains, which should return a regex. For example, if you would like User to operate on all subdomains except "system" you would have

def self.two_factor_subdomains
    /^(?!(system)$).*$/
end

This means that when you'll login at User's portal.example.com login page w/ remember me on, will be prompted 2FA code, don't enter it, go to system.example.com you won't be redirected back to portal.example.com 2FA prompt page.

I would really appreciate if you could introduce your version of this PR.

Note: I've added couple of specs for this, but some of them from master were failing before I've added any code.

Thanks,
Dachi