2024-08-29 11:44:06 +02:00 · 2024-08-27 13:24:36 +02:00
2 changed files with 11 additions and 11 deletions
--- a/bid_main/templates/bid_main/mfa/setup.html
+++ b/bid_main/templates/bid_main/mfa/setup.html
@ -12,6 +12,13 @@ Multi-factor Authentication Setup
    You have configured MFA for your account.
    You can disable MFA at any time, but you have to pass the verification using your authentication device or a recovery code.
  </p>
+  {% if devices_per_category.totp and not devices_per_category.recovery %}
+  <p class="text-danger">
+    Please make sure that you do not lock yourself out:
+    generate and store <a href="#recovery-codes">recovery codes</a> as a backup verification method.
+    If you lose your authenticator device you can use a recovery code to login and reconfigure your MFA methods.
+  </p>
+  {% endif %}
  <p>
    Every time you sign-in on a new device you will be asked to pass the MFA verification.
    If you use the "remember this device" option, you won't be prompted for MFA verification for that device in the next {{ agent_trust_days }} days.
@ -39,13 +46,6 @@ Multi-factor Authentication Setup
  <p>
    If you don't have an authenticator application, you can choose one from a list of <a href="https://en.wikipedia.org/wiki/Comparison_of_OTP_applications">TOTP applications</a>.
  </p>
-  {% if devices_per_category.totp and not devices_per_category.recovery %}
-  <p class="text-danger">
-    Please make sure that you do not lock yourself out:
-    generate and store <a href="#recovery-codes">recovery codes</a> as a backup verification method.
-    If you lose your authenticator device you can use a recovery code to login and reconfigure your MFA methods.
-  </p>
-  {% endif %}
  <ul>
    {% for d in devices_per_category.totp %}
    <li>
@ -70,7 +70,7 @@ Multi-factor Authentication Setup
  <div class="mb-3">
    {% with code_count=recovery_codes|length %}
    {{ code_count }} recovery code{{ code_count|pluralize }} remaining
-    {% if recovery_codes %}
+    {% if display_recovery_codes %}
    <a href="?display_recovery_codes=" class="btn">Hide</a>
    {% else %}
    <a href="?display_recovery_codes=1#recovery-codes" class="btn">Display</a>
@ -78,8 +78,7 @@ Multi-factor Authentication Setup
    <form action="{% url 'bid_main:mfa_invalidate_recovery' %}" method="post" class="d-inline-flex">{% csrf_token %}
      <button class="btn-danger" type="submit">Invalidate</button>
    </form>
-    {# populated on display_recovery_codes=1 #}
-    {% if recovery_codes %}
+    {% if display_recovery_codes %}
    <ul>
      {% for code in recovery_codes %}
      <li><code>{{ code }}</code></li>
--- a/bid_main/views/mfa.py
+++ b/bid_main/views/mfa.py
@ -33,7 +33,7 @@ class MfaView(mixins.MfaRequiredIfConfiguredMixin, TemplateView):
        recovery_codes = []
        user_can_setup_recovery = False
        devices_per_category = user.mfa_devices_per_category()
-        if self.request.GET.get('display_recovery_codes') and 'recovery' in devices_per_category:
+        if 'recovery' in devices_per_category:
            recovery_device = devices_per_category['recovery'][0]
            recovery_codes = [t.encrypted_token for t in recovery_device.encryptedtoken_set.all()]
        if devices_per_category.keys() - {'recovery'}:
@ -42,6 +42,7 @@ class MfaView(mixins.MfaRequiredIfConfiguredMixin, TemplateView):
            'agent_inactivity_days': settings.AGENT_INACTIVITY_DAYS,
            'agent_trust_days': settings.AGENT_TRUST_DAYS,
            'devices_per_category': devices_per_category,
+            'display_recovery_codes': self.request.GET.get('display_recovery_codes'),
            'recovery_codes': recovery_codes,
            'user_can_setup_recovery': user_can_setup_recovery,
            'user_has_mfa_configured': bool(devices_per_category),