From 1e13d30f8614b1c70e1e1b13c60b0eb2792efa45 Mon Sep 17 00:00:00 2001
From: sandeepsajan0 <sandeepsajan0@gmail.com>
Date: Fri, 27 May 2022 17:00:57 +0530
Subject: [PATCH] Separate backup codes and enable 2fa process but links with
 setup complete page

---
 .../templates/two_factor/_wizard_actions.html |  2 +-
 .../two_factor/core/backup_tokens.html        | 30 +++++++++++--------
 .../core/backup_tokens_password.html          | 12 ++++----
 .../two_factor/core/setup_complete.html       | 26 ++++++++++++++++
 .../templates/two_factor/profile/disable.html |  2 +-
 .../apply/users/templates/users/account.html  |  2 +-
 hypha/apply/users/templatetags/users_tags.py  |  8 +++++
 hypha/apply/users/urls.py                     |  2 --
 hypha/apply/users/views.py                    |  5 ----
 .../sass/apply/components/_two-factor.scss    |  5 ++++
 10 files changed, 65 insertions(+), 29 deletions(-)
 create mode 100644 hypha/apply/users/templates/two_factor/core/setup_complete.html

diff --git a/hypha/apply/users/templates/two_factor/_wizard_actions.html b/hypha/apply/users/templates/two_factor/_wizard_actions.html
index 6c9b1111e..63764bcaf 100644
--- a/hypha/apply/users/templates/two_factor/_wizard_actions.html
+++ b/hypha/apply/users/templates/two_factor/_wizard_actions.html
@@ -1,6 +1,6 @@
 {% load i18n %}
 
-<button type="submit" class="button button--primary">{% trans "Next" %}</button>
+<button type="submit" class="button button--primary">{% trans "Enable Two-Factor Authentication" %}</button>
 
 {% if cancel_url %}
   <a href="{% url 'users:account' %}"
diff --git a/hypha/apply/users/templates/two_factor/core/backup_tokens.html b/hypha/apply/users/templates/two_factor/core/backup_tokens.html
index 444074d39..670c87ed8 100644
--- a/hypha/apply/users/templates/two_factor/core/backup_tokens.html
+++ b/hypha/apply/users/templates/two_factor/core/backup_tokens.html
@@ -1,15 +1,13 @@
 {% extends "two_factor/_base_focus.html" %}
-{% load i18n %}
+{% load i18n users_tags %}
 
 {% block content %}
-  <p><a href="{% url 'two_factor:profile'%}"
-       class="btn btn-link">{% trans "Back" %}</a></p>
-  <h1>{% block title %}{% trans "Backup Tokens" %}{% endblock %}</h1>
-  <p>{% blocktrans trimmed %}Backup tokens can be used when your primary and backup
-      phone numbers aren't available. The backup tokens below can be used
-      for login verification. If you've used up all your backup tokens, you
-      can generate a new set of backup tokens. Only the backup tokens shown
-      below will be valid.{% endblocktrans %}</p>
+  <p><a href="{% url 'users:account'%}"
+       class="btn btn-link">{% trans "Back to account" %}</a></p>
+  <h1>{% block title %}{% trans "Backup Codes" %}{% endblock %}</h1>
+  <p>{% blocktrans trimmed %}These codes should be kept in a safe,
+      private place for when you need them. When they are used up,
+      you can generate a new set of backup codes{% endblocktrans %}</p>
 
   {% if device.token_set.count %}
     <ul>
@@ -17,12 +15,18 @@
         <li>{{ token.token }}</li>
       {% endfor %}
     </ul>
-    <p>{% blocktrans %}Print these tokens and keep them somewhere safe.{% endblocktrans %}</p>
+    <p>{% blocktrans %}You should now download, or print these codes,
+        and keep them somewhere safe.{% endblocktrans %}</p>
+    <p><a class="btn btn-link" href="data:text/plain;charset=UTF-8,{% tokens_text device.token_set.all %}" download="backup_codes.txt">
+        {% trans "Save Codes" %}</a></p>
+    <form method="post">{% csrf_token %}{{ form }}
+        <button class="btn btn-primary" type="submit">{% trans "Regenerate Codes" %}</button>
+    </form>
   {% else %}
     <p>{% trans "You don't have any backup codes yet." %}</p>
+      <form method="post">{% csrf_token %}{{ form }}
+        <button class="btn btn-primary" type="submit">{% trans "Generate Codes" %}</button>
+      </form>
   {% endif %}
 
-  <form method="post">{% csrf_token %}{{ form }}
-    <button class="btn btn-primary" type="submit">{% trans "Generate Tokens" %}</button>
-  </form>
 {% endblock %}
diff --git a/hypha/apply/users/templates/two_factor/core/backup_tokens_password.html b/hypha/apply/users/templates/two_factor/core/backup_tokens_password.html
index 1092b3f7d..e2d83e142 100644
--- a/hypha/apply/users/templates/two_factor/core/backup_tokens_password.html
+++ b/hypha/apply/users/templates/two_factor/core/backup_tokens_password.html
@@ -2,15 +2,15 @@
 {% load i18n %}
 
 {% block content %}
-<p><a href="{% url 'two_factor:profile'%}"
+<p><a href="{% url 'users:account'%}"
        class="btn btn-link">{% trans "Back to account" %}</a></p>
-  <h1>{% block title %}{% trans "Backup Tokens" %}{% endblock %}</h1>
-  <p>{% blocktrans trimmed %}Backup tokens can be used when your primary and backup
-      phone numbers aren't available. The backup tokens below can be used
+  <h1>{% block title %}{% trans "Backup Codes" %}{% endblock %}</h1>
+  <p>{% blocktrans trimmed %}Backup codes can be used when your primary and backup
+      phone numbers aren't available. The backup codes below can be used
       for login verification.
       </br>
-      If you've used up all your backup tokens, you
-      can generate a new set of backup tokens. Only the backup tokens shown
+      If you've used up all your backup codes, you
+      can generate a new set of backup codes. Only the backup codes shown
       below will be valid.{% endblocktrans %}</p>
 <div class="wrapper wrapper--small wrapper--inner-space-medium">
     <form class="form" action="" method="POST" novalidate>
diff --git a/hypha/apply/users/templates/two_factor/core/setup_complete.html b/hypha/apply/users/templates/two_factor/core/setup_complete.html
new file mode 100644
index 000000000..f7f3d8ffb
--- /dev/null
+++ b/hypha/apply/users/templates/two_factor/core/setup_complete.html
@@ -0,0 +1,26 @@
+{% extends "two_factor/_base_focus.html" %}
+{% load i18n %}
+
+{% block content %}
+    <p><a href="{% url 'users:account' %}"
+        class="btn btn-link">{% trans "Back to Account" %}</a></p>
+  <h1>{% block title %}{% trans "Enable Two-Factor Authentication" %}{% endblock %}</h1>
+
+  <p>{% blocktrans trimmed %}Congratulations, you've successfully enabled two-factor
+      authentication.{% endblocktrans %}</p>
+    <p>{% blocktrans trimmed %}We strongly recommend you to save the backup codes.
+        To get the backup codes you can continue to Show Codes.{% endblocktrans %}</p>
+
+  {% if not phone_methods %}
+    <p><a href="{% url 'users:backup_tokens_password' %}" class="btn btn-link">Show Codes</a></p>
+  {% else %}
+    <p>{% blocktrans trimmed %}However, it might happen that you don't have access to
+      your primary token device. To enable account recovery, add a phone
+      number.{% endblocktrans %}</p>
+
+    <p><a href="{% url 'users:backup_tokens_password' %}" class="btn btn-block">Show Codes</a></p>
+    <p><a href="{% url 'two_factor:phone_create' %}"
+        class="btn btn-success">{% trans "Add Phone Number" %}</a></p>
+  {% endif %}
+
+{% endblock %}
diff --git a/hypha/apply/users/templates/two_factor/profile/disable.html b/hypha/apply/users/templates/two_factor/profile/disable.html
index 811098ae1..44ca21a1e 100644
--- a/hypha/apply/users/templates/two_factor/profile/disable.html
+++ b/hypha/apply/users/templates/two_factor/profile/disable.html
@@ -2,7 +2,7 @@
 {% load i18n %}
 
 {% block content %}
-  <p><a href="{% url 'two_factor:profile'%}"
+  <p><a href="{% url 'users:account'%}"
        class="btn btn-link">{% trans "Back to account" %}</a></p>
   <h1>{% block title %}{% trans "Disable Two-factor Authentication" %}{% endblock %}</h1>
   <p>{% blocktrans trimmed %}Disabling Two-factor authentication weakens your account security.
diff --git a/hypha/apply/users/templates/users/account.html b/hypha/apply/users/templates/users/account.html
index 22b3422ac..1f6ea97c9 100644
--- a/hypha/apply/users/templates/users/account.html
+++ b/hypha/apply/users/templates/users/account.html
@@ -40,7 +40,7 @@
                     <p><a class="link link--button link--button--narrow" href="{% url 'two_factor:disable' %}">{% trans "Disable 2FA" %}</a></p>
                 </div>
             {% else %}
-                <p><a class="link link--button link--button--narrow" href="{% url 'users:two_factor_setup' %}">{% trans "Enable 2FA" %}</a></p>
+                <p><a class="link link--button link--button--narrow" href="{% url 'two_factor:setup' %}">{% trans "Enable 2FA" %}</a></p>
             {% endif %}
         {% endif %}
     </div>
diff --git a/hypha/apply/users/templatetags/users_tags.py b/hypha/apply/users/templatetags/users_tags.py
index 3cdc2d9a4..94a8584b0 100644
--- a/hypha/apply/users/templatetags/users_tags.py
+++ b/hypha/apply/users/templatetags/users_tags.py
@@ -34,3 +34,11 @@ def user_2fa_enabled(user):
     if len(list(devices_for_user(user))):
         return True
     return False
+
+
+@register.simple_tag
+def tokens_text(token_set):
+    tokens_string = ""
+    for token in token_set:
+        tokens_string += str(token.token) + " \n"
+    return tokens_string
diff --git a/hypha/apply/users/urls.py b/hypha/apply/users/urls.py
index d5a68b52b..2fd5ff936 100644
--- a/hypha/apply/users/urls.py
+++ b/hypha/apply/users/urls.py
@@ -13,7 +13,6 @@ from .views import (
     TWOFABackupTokensPasswordView,
     TWOFADisableView,
     TWOFARequiredMessageView,
-    TWOFASetupView,
     become,
     create_password,
     oauth,
@@ -88,7 +87,6 @@ urlpatterns = [
         ),
         # Two factor redirect
         path('two_factor/required/', TWOFARequiredMessageView.as_view(), name='two_factor_required'),
-        path('two_factor/setup/', TWOFASetupView.as_view(), name="two_factor_setup"),
         path('two_factor/backup_tokens/password/', TWOFABackupTokensPasswordView.as_view(), name='backup_tokens_password'),
         path('two_factor/disable/', TWOFADisableView.as_view(), name='disable'),
         path('two_factor/admin/disable/<str:user_id>/', TWOFAAdminDisableView.as_view(), name='admin_disable'),
diff --git a/hypha/apply/users/views.py b/hypha/apply/users/views.py
index f67c9776a..b6c276e3c 100644
--- a/hypha/apply/users/views.py
+++ b/hypha/apply/users/views.py
@@ -24,7 +24,6 @@ from hijack.views import AcquireUserView
 from two_factor.forms import AuthenticationTokenForm, BackupTokenForm
 from two_factor.views import DisableView as TwoFactorDisableView
 from two_factor.views import LoginView as TwoFactorLoginView
-from two_factor.views import SetupView as TwoFactorSetupView
 from two_factor.views import BackupTokensView as TwoFactorBackupTokensView
 from two_factor.utils import default_device
 from wagtail.admin.views.account import password_management_enabled
@@ -351,9 +350,5 @@ class TWOFAAdminDisableView(FormView):
         return ctx
 
 
-class TWOFASetupView(TwoFactorSetupView):
-    success_url = "users:backup_tokens_password"
-
-
 class TWOFARequiredMessageView(TemplateView):
     template_name = 'two_factor/core/two_factor_required.html'
diff --git a/hypha/static_src/src/sass/apply/components/_two-factor.scss b/hypha/static_src/src/sass/apply/components/_two-factor.scss
index d601abbf2..b5d43d28c 100644
--- a/hypha/static_src/src/sass/apply/components/_two-factor.scss
+++ b/hypha/static_src/src/sass/apply/components/_two-factor.scss
@@ -13,6 +13,11 @@
     }
 }
 
+// 2FA token label font size
+label[for="id_generator-token"] {
+    font-size: 20px;
+}
+
 .d-none {
     display: none;
 }
-- 
GitLab