diff --git a/tildes/tildes/templates/settings_two_factor.jinja2 b/tildes/tildes/templates/settings_two_factor.jinja2 index 119b135..a1436e8 100644 --- a/tildes/tildes/templates/settings_two_factor.jinja2 +++ b/tildes/tildes/templates/settings_two_factor.jinja2 @@ -33,6 +33,9 @@ +

If you are unable to scan the QR code, you can enter the following key: +

{{ two_factor_secret }}

+

Lastly, enter the 6-digit code displayed in the app.

diff --git a/tildes/tildes/views/settings.py b/tildes/tildes/views/settings.py index 5df6ce8..fcef73d 100644 --- a/tildes/tildes/views/settings.py +++ b/tildes/tildes/views/settings.py @@ -13,6 +13,7 @@ from pyramid.view import view_config import qrcode from webargs.pyramidparser import use_kwargs +from tildes.lib.string import separate_string from tildes.schemas.user import EMAIL_ADDRESS_NOTE_MAX_LENGTH, UserSchema @@ -55,8 +56,13 @@ def get_settings_account_recovery(request: Request) -> dict: @view_config(route_name="settings_two_factor", renderer="settings_two_factor.jinja2") def get_settings_two_factor(request: Request) -> dict: """Generate the two-factor authentication page.""" - # pylint: disable=unused-argument - return {} + # Generate a new secret key if the user doesn't have one. + if request.user.two_factor_secret is None: + request.user.two_factor_secret = pyotp.random_base32() + + return { + "two_factor_secret": separate_string(request.user.two_factor_secret, " ", 4) + } @view_config( @@ -91,10 +97,6 @@ def get_settings_two_factor_qr_code(request: Request) -> Response: if request.user.two_factor_enabled: raise HTTPForbidden("Already enabled") - # Generate a new secret key if the user doesn't have one. - if request.user.two_factor_secret is None: - request.user.two_factor_secret = pyotp.random_base32() - totp = pyotp.totp.TOTP(request.user.two_factor_secret) otp_uri = totp.provisioning_uri(request.user.username, issuer_name="Tildes") byte_io = BytesIO()