diff --git a/hypha/apply/users/templates/two_factor/core/setup.html b/hypha/apply/users/templates/two_factor/core/setup.html
new file mode 100644
index 0000000000000000000000000000000000000000..b88c1716f96212ab8925781590c823cef0e7f43e
--- /dev/null
+++ b/hypha/apply/users/templates/two_factor/core/setup.html
@@ -0,0 +1,56 @@
+{% extends "two_factor/_base_focus.html" %}
+{% load i18n %}
+
+{% block content %}
+ <h1>{% block title %}{% trans "Enable Two-Factor Authentication" %}{% endblock %}</h1>
+ {% if wizard.steps.current == 'welcome' %}
+ <p>{% blocktrans trimmed %}You are about to take your account security to the
+ next level. Follow the steps in this wizard to enable two-factor
+ authentication.{% endblocktrans %}</p>
+ {% elif wizard.steps.current == 'method' %}
+ <p>{% blocktrans trimmed %}Please select which authentication method you would
+ like to use.{% endblocktrans %}</p>
+ {% elif wizard.steps.current == 'generator' %}
+ <p>{% blocktrans trimmed %}To start using a token generator, please use your
+ smartphone to scan the QR code below. For example, use Google
+ Authenticator. Then, enter the token generated by the app.
+ {% endblocktrans %}</p>
+ <p><img src="{{ QR_URL }}" alt="QR Code" /></p>
+ {% elif wizard.steps.current == 'sms' %}
+ <p>{% blocktrans trimmed %}Please enter the phone number you wish to receive the
+ text messages on. This number will be validated in the next step.
+ {% endblocktrans %}</p>
+ {% elif wizard.steps.current == 'call' %}
+ <p>{% blocktrans trimmed %}Please enter the phone number you wish to be called on.
+ This number will be validated in the next step. {% endblocktrans %}</p>
+ {% elif wizard.steps.current == 'validation' %}
+ {% if challenge_succeeded %}
+ {% if device.method == 'call' %}
+ <p>{% blocktrans trimmed %}We are calling your phone right now, please enter the
+ digits you hear.{% endblocktrans %}</p>
+ {% elif device.method == 'sms' %}
+ <p>{% blocktrans trimmed %}We sent you a text message, please enter the tokens we
+ sent.{% endblocktrans %}</p>
+ {% endif %}
+ {% else %}
+ <p class="alert alert-warning" role="alert">{% blocktrans trimmed %}We've
+ encountered an issue with the selected authentication method. Please
+ go back and verify that you entered your information correctly, try
+ again, or use a different authentication method instead. If the issue
+ persists, contact the site administrator.{% endblocktrans %}</p>
+ {% endif %}
+ {% elif wizard.steps.current == 'yubikey' %}
+ <p>{% blocktrans trimmed %}To identify and verify your YubiKey, please insert a
+ token in the field below. Your YubiKey will be linked to your
+ account.{% endblocktrans %}</p>
+ {% endif %}
+
+ <form action="" method="post">{% csrf_token %}
+ {% include "two_factor/_wizard_forms.html" %}
+
+ {# hidden submit button to enable [enter] key #}
+ <input type="submit" value="" class="d-none" />
+
+ {% include "two_factor/_wizard_actions.html" %}
+ </form>
+{% endblock %}
diff --git a/hypha/apply/users/templates/users/account.html b/hypha/apply/users/templates/users/account.html
index d504006947bda4320af9c97f3941460c5fc66e0d..1f6ea97c95e740e9f237edb42e49c08422b2dfe4 100644
--- a/hypha/apply/users/templates/users/account.html
+++ b/hypha/apply/users/templates/users/account.html
@@ -4,7 +4,7 @@
{% block title %}Account{% endblock %}
{% block content %}
-<div class="admin-bar">
+<div class="admin-bar" xmlns="http://www.w3.org/1999/html">
<div class="admin-bar__inner admin-bar__inner--with-button">
<h3 class="admin-bar__heading">{% trans "Welcome" %} {{ user }}</h3>
<a href="{% url 'dashboard:dashboard' %}" class="button button--primary button--arrow-pixels-white">
@@ -24,17 +24,27 @@
{% endfor %}
<button class="button button--primary" type="submit">{% trans "Update Profile" %}</button>
</form>
- </div>
+<!-- </div>-->
- {% if show_change_password and user.has_usable_password and not backends.associated %}
- <div class="profile__column">
+ {% if show_change_password and user.has_usable_password and not backends.associated %}
+ <br>
+ <hr>
+<!-- <div class="profile__column">-->
<h3>{% trans "Change password" %}</h3>
<p><a class="button button--primary" href="{% url 'users:password_change' %}">{% trans "Update password" %}</a></p>
<h3>{% trans "Account security" %}</h3>
- <p><a class="link link--button link--button--narrow" href="{% url 'two_factor:profile' %}">{% trans "Two-factor authentication settings" %}</a></p>
- </div>
- {% endif %}
+ {% if default_device %}
+ <div>
+ <p><a class="link link--button link--button--narrow" href="{% url 'users:backup_tokens_password' %}">{% trans "Show Codes" %}</a></p>
+ <p><a class="link link--button link--button--narrow" href="{% url 'two_factor:disable' %}">{% trans "Disable 2FA" %}</a></p>
+ </div>
+ {% else %}
+ <p><a class="link link--button link--button--narrow" href="{% url 'two_factor:setup' %}">{% trans "Enable 2FA" %}</a></p>
+ {% endif %}
+ {% endif %}
+ </div>
+
<div class="profile__column">
{% if swappable_form %}
diff --git a/hypha/apply/users/views.py b/hypha/apply/users/views.py
index adeb4c98abccb60c7ac3787cb3bb102ea4b57a6d..037502f1271f56f04f752c114f6599f8b2397ee9 100644
--- a/hypha/apply/users/views.py
+++ b/hypha/apply/users/views.py
@@ -24,6 +24,7 @@ from hijack.views import AcquireUserView
from two_factor.forms import AuthenticationTokenForm, BackupTokenForm
from two_factor.views import DisableView as TwoFactorDisableView
from two_factor.views import LoginView as TwoFactorLoginView
+from two_factor.utils import default_device
from wagtail.admin.views.account import password_management_enabled
from wagtail.core.models import Site
from wagtail.users.views.users import change_user_perm
@@ -100,6 +101,7 @@ class AccountView(UpdateView):
return super().get_context_data(
swappable_form=swappable_form,
+ default_device=default_device(self.request.user),
show_change_password=show_change_password,
**kwargs,
)