From c29256708abe16e483a0e7af26ae9bbf101b19dd Mon Sep 17 00:00:00 2001
From: Jascha Urbach <jascha@jascha.wtf>
Date: Wed, 16 Nov 2022 20:30:06 +0100
Subject: [PATCH 1/4] show otp_secret when setting up 2fa

solves #2389
---
 bookwyrm/templates/preferences/2fa.html       | 79 +++++++++++++++++++
 bookwyrm/views/preferences/two_factor_auth.py |  9 ++-
 2 files changed, 86 insertions(+), 2 deletions(-)

diff --git a/bookwyrm/templates/preferences/2fa.html b/bookwyrm/templates/preferences/2fa.html
index b0703bc4a..397cf7d71 100644
--- a/bookwyrm/templates/preferences/2fa.html
+++ b/bookwyrm/templates/preferences/2fa.html
@@ -46,6 +46,58 @@
         <div class="columns">
             <section class="column is-narrow">
                 <figure class="m-4">{{ qrcode | safe }}</figure>
+                <div class="field">
+                    <label class="label" for="id_otp">{% trans "Enter the code from your app:" %}</label>
+                    {{ form.otp }}
+                    {% include 's{% extends 'preferences/layout.html' %}
+{% load i18n %}
+
+{% block title %}{% trans "Two Factor Authentication" %}{% endblock %}
+
+{% block header %}
+{% trans "Two Factor Authentication" %}
+{% endblock %}
+
+{% block panel %}
+<div class="block">
+    {% if success %}
+    <div class="notification is-success is-light">
+        <span class="icon icon-check" aria-hidden="true"></span>
+        <span>
+            {% trans "Successfully updated 2FA settings" %}
+        </span>
+    </div>
+    {% endif %}
+    {% if backup_codes %}
+    <div class="block">
+        <h3>Backup codes</h3>
+        <div class="block">
+            <p>{% trans "Write down or copy and paste these codes somewhere safe." %}</p>
+            <p>{% trans "You must use them in order, and they will not be displayed again." %}</p>
+        </div>
+        <ul class="content" style="list-style: none;">
+            {% for code in backup_codes %}
+            <li>{{ code }}</li>
+            {% endfor%}
+        </ul>
+    </div>
+    {% elif request.user.two_factor_auth %}
+    <div class="block">
+        <p>{% trans "Two Factor Authentication is active on your account." %}</p>
+        <a class="button is-danger" href="{% url 'disable-2fa' %}">{% trans "Disable 2FA" %}</a>
+    </div>
+    <div class="block">
+        <p>{% trans "You can generate backup codes to use in case you do not have access to your authentication app. If you generate new codes, any backup codes previously generated will no longer work." %}</p>
+        <a class="button" href="{% url 'generate-2fa-backup-codes' %}">{% trans "Generate backup codes" %}</a>
+    </div>
+    {% elif password_confirmed %}
+    <form name="confirm-2fa" action="{% url 'conf-2fa' %}" method="post" enctype="multipart/form-data">
+    {% csrf_token %}
+        <p>{% trans "Scan the QR code with your authentication app and then enter the code from  your app below to confirm your app is set up." %}</p>
+        <div class="columns">
+            <section class="column is-narrow">
+                <figure class="m-4">{{ qrcode | safe }}</figure>
+                <div> {{ code | safe }}
                 <div class="field">
                     <label class="label" for="id_otp">{% trans "Enter the code from your app:" %}</label>
                     {{ form.otp }}
@@ -76,3 +128,30 @@
     {% endif %}
 </div>
 {% endblock %}
+nippets/form_errors.html' with errors_list=form.otp.errors id="desc_otp" %}
+                </div>
+                <button class="button is-primary" type="submit">{% trans "Confirm" %}</button>
+            </section>
+        </div>
+    </form>
+    {% else %}
+    <p>
+        {% trans "You can make your account more secure by using Two Factor Authentication (2FA). This will require you to enter a one-time code using a phone app like <em>Authy</em>, <em>Google Authenticator</em> or <em>Microsoft Authenticator</em> each time you log in." %}
+    </p>
+    <p> {% trans "Confirm your password to begin setting up 2FA." %}</p>
+    <div class="columns">
+        <div class="column is-one-third">
+            <form name="confirm-password" action="{% url 'prefs-2fa' %}" method="post" enctype="multipart/form-data">
+                {% csrf_token %}
+            <div class="field">
+                <label class="label" for="id_password">{% trans "Password:" %}</label>
+                {{ form.password }}
+                {% include 'snippets/form_errors.html' with errors_list=form.password.errors id="desc_password" %}
+            </div>
+            <button class="button is-primary" type="submit">{% trans "Set up 2FA" %}</button>
+        </form>
+        </div>
+    </div>
+    {% endif %}
+</div>
+{% endblock %}
diff --git a/bookwyrm/views/preferences/two_factor_auth.py b/bookwyrm/views/preferences/two_factor_auth.py
index f3b04eb3c..192cdaff7 100644
--- a/bookwyrm/views/preferences/two_factor_auth.py
+++ b/bookwyrm/views/preferences/two_factor_auth.py
@@ -35,10 +35,12 @@ class Edit2FA(View):
         if not form.is_valid():
             data = {"form": form}
             return TemplateResponse(request, "preferences/2fa.html", data)
+        data = self.create_qr_code(request.user)
         qr_form = forms.Confirm2FAForm()
         data = {
             "password_confirmed": True,
-            "qrcode": self.create_qr_code(request.user),
+            "qrcode": data[0],
+            "code": data[1],
             "form": qr_form,
         }
         return TemplateResponse(request, "preferences/2fa.html", data)
@@ -57,7 +59,10 @@ class Edit2FA(View):
         qr_code.add_data(provisioning_url)
         qr_code.make(fit=True)
         img = qr_code.make_image(attrib={"fill": "black"})
-        return str(img.to_string(), "utf-8")  # to_string() returns a byte string
+        return [
+            str(img.to_string(), "utf-8"),
+            otp_secret,
+        ]  # to_string() returns a byte string
 
 
 @method_decorator(login_required, name="dispatch")

From a98dbb97a5d80507cc85622b202ed98b536ee8c9 Mon Sep 17 00:00:00 2001
From: Jascha Urbach <jascha@jascha.wtf>
Date: Wed, 16 Nov 2022 20:32:40 +0100
Subject: [PATCH 2/4] fix error

fix my copy paste error -.-
---
 bookwyrm/templates/preferences/2fa.html | 78 -------------------------
 1 file changed, 78 deletions(-)

diff --git a/bookwyrm/templates/preferences/2fa.html b/bookwyrm/templates/preferences/2fa.html
index 397cf7d71..9d58d7cc1 100644
--- a/bookwyrm/templates/preferences/2fa.html
+++ b/bookwyrm/templates/preferences/2fa.html
@@ -7,57 +7,6 @@
 {% trans "Two Factor Authentication" %}
 {% endblock %}
 
-{% block panel %}
-<div class="block">
-    {% if success %}
-    <div class="notification is-success is-light">
-        <span class="icon icon-check" aria-hidden="true"></span>
-        <span>
-            {% trans "Successfully updated 2FA settings" %}
-        </span>
-    </div>
-    {% endif %}
-    {% if backup_codes %}
-    <div class="block">
-        <h3>Backup codes</h3>
-        <div class="block">
-            <p>{% trans "Write down or copy and paste these codes somewhere safe." %}</p>
-            <p>{% trans "You must use them in order, and they will not be displayed again." %}</p>
-        </div>
-        <ul class="content" style="list-style: none;">
-            {% for code in backup_codes %}
-            <li>{{ code }}</li>
-            {% endfor%}
-        </ul>
-    </div>
-    {% elif request.user.two_factor_auth %}
-    <div class="block">
-        <p>{% trans "Two Factor Authentication is active on your account." %}</p>
-        <a class="button is-danger" href="{% url 'disable-2fa' %}">{% trans "Disable 2FA" %}</a>
-    </div>
-    <div class="block">
-        <p>{% trans "You can generate backup codes to use in case you do not have access to your authentication app. If you generate new codes, any backup codes previously generated will no longer work." %}</p>
-        <a class="button" href="{% url 'generate-2fa-backup-codes' %}">{% trans "Generate backup codes" %}</a>
-    </div>
-    {% elif password_confirmed %}
-    <form name="confirm-2fa" action="{% url 'conf-2fa' %}" method="post" enctype="multipart/form-data">
-    {% csrf_token %}
-        <p>{% trans "Scan the QR code with your authentication app and then enter the code from  your app below to confirm your app is set up." %}</p>
-        <div class="columns">
-            <section class="column is-narrow">
-                <figure class="m-4">{{ qrcode | safe }}</figure>
-                <div class="field">
-                    <label class="label" for="id_otp">{% trans "Enter the code from your app:" %}</label>
-                    {{ form.otp }}
-                    {% include 's{% extends 'preferences/layout.html' %}
-{% load i18n %}
-
-{% block title %}{% trans "Two Factor Authentication" %}{% endblock %}
-
-{% block header %}
-{% trans "Two Factor Authentication" %}
-{% endblock %}
-
 {% block panel %}
 <div class="block">
     {% if success %}
@@ -128,30 +77,3 @@
     {% endif %}
 </div>
 {% endblock %}
-nippets/form_errors.html' with errors_list=form.otp.errors id="desc_otp" %}
-                </div>
-                <button class="button is-primary" type="submit">{% trans "Confirm" %}</button>
-            </section>
-        </div>
-    </form>
-    {% else %}
-    <p>
-        {% trans "You can make your account more secure by using Two Factor Authentication (2FA). This will require you to enter a one-time code using a phone app like <em>Authy</em>, <em>Google Authenticator</em> or <em>Microsoft Authenticator</em> each time you log in." %}
-    </p>
-    <p> {% trans "Confirm your password to begin setting up 2FA." %}</p>
-    <div class="columns">
-        <div class="column is-one-third">
-            <form name="confirm-password" action="{% url 'prefs-2fa' %}" method="post" enctype="multipart/form-data">
-                {% csrf_token %}
-            <div class="field">
-                <label class="label" for="id_password">{% trans "Password:" %}</label>
-                {{ form.password }}
-                {% include 'snippets/form_errors.html' with errors_list=form.password.errors id="desc_password" %}
-            </div>
-            <button class="button is-primary" type="submit">{% trans "Set up 2FA" %}</button>
-        </form>
-        </div>
-    </div>
-    {% endif %}
-</div>
-{% endblock %}

From 170aa7460aab37d79dc3e11978a44e49a9d3a102 Mon Sep 17 00:00:00 2001
From: Jascha Urbach <jascha@jascha.wtf>
Date: Wed, 16 Nov 2022 20:35:28 +0100
Subject: [PATCH 3/4] Update 2fa.html

Or now, because obviously I can not write HTML^^
---
 bookwyrm/templates/preferences/2fa.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bookwyrm/templates/preferences/2fa.html b/bookwyrm/templates/preferences/2fa.html
index 9d58d7cc1..b6bce604f 100644
--- a/bookwyrm/templates/preferences/2fa.html
+++ b/bookwyrm/templates/preferences/2fa.html
@@ -46,7 +46,7 @@
         <div class="columns">
             <section class="column is-narrow">
                 <figure class="m-4">{{ qrcode | safe }}</figure>
-                <div> {{ code | safe }}
+                <div> {{ code | safe }} </div>
                 <div class="field">
                     <label class="label" for="id_otp">{% trans "Enter the code from your app:" %}</label>
                     {{ form.otp }}

From e11811d461f078ea8170a9dcb569d55747aaba96 Mon Sep 17 00:00:00 2001
From: Mouse Reeve <mousereeve@riseup.net>
Date: Sat, 19 Nov 2022 09:48:44 -0800
Subject: [PATCH 4/4] Fancier UI around OTP codes

---
 bookwyrm/templates/preferences/2fa.html | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/bookwyrm/templates/preferences/2fa.html b/bookwyrm/templates/preferences/2fa.html
index b6bce604f..10de2993f 100644
--- a/bookwyrm/templates/preferences/2fa.html
+++ b/bookwyrm/templates/preferences/2fa.html
@@ -46,7 +46,29 @@
         <div class="columns">
             <section class="column is-narrow">
                 <figure class="m-4">{{ qrcode | safe }}</figure>
-                <div> {{ code | safe }} </div>
+                <details class="details-panel box">
+                    <summary>
+                        <span role="heading" aria-level="3" class="title is-6">
+                            {% trans "Use setup key" %}
+                            <span class="details-close icon icon-x" aria-hidden="true"></span>
+                        </span>
+                    </summary>
+                    <dl class="block">
+                        <dt class="has-text-weight-bold mr-5 is-pulled-left">
+                            {% trans "Account name:" %}
+                        </dt>
+                        <dd>
+                            <code>{{ user.username }}</code>
+                        </dd>
+
+                        <dt class="has-text-weight-bold mr-5 is-pulled-left">
+                            {% trans "Code:" %}
+                        </dt>
+                        <dd>
+                            <code>{{ code | safe }}</code>
+                        </dd>
+                    </dl>
+                </details>
                 <div class="field">
                     <label class="label" for="id_otp">{% trans "Enter the code from your app:" %}</label>
                     {{ form.otp }}