{# This template receives different input based on state of tf-setup. In addition to form values the following are available: On GET or unsuccessful POST: choices: Value of SECURITY_TWO_FACTOR_ENABLED_METHODS (with possible addition of 'delete') two_factor_required: Value of SECURITY_TWO_FACTOR_REQUIRED primary_method: the translated name of two-factor method that has already been set up. On successful POST: chosen_method: which 2FA method was chosen (e.g. sms, authenticator) choices: Value of SECURITY_TWO_FACTOR_ENABLED_METHODS changing: boolean - True if user is trying to change/disable 2FA state_token: if changing - this is the new (non-session) way to validate the new 2FA method If chosen_method == 'authenticator': authr_qrcode: the image source for the qrcode authr_key: same key as in qrcode - for possible manual entry authr_username: same username as in qrcode authr_issuer: same issuer as in qrcode #} {% set title = title|default(_fsdomain("Two-Factor Setup")) %} {% extends "security/base.html" %} {% from "security/_macros.html" import render_field_with_errors, render_field, render_field_no_label, render_field_errors, render_form_errors, render_csrf %} {% block content %} {% include "security/_messages.html" %}

{{ _fsdomain("Two-Factor authentication adds an extra layer of security to your account") }}

{{ _fsdomain("In addition to your username and password, you'll need to use a code.") }}

{{ two_factor_setup_form.hidden_tag() }} {{ render_form_errors(two_factor_setup_form) }}
{{ _fsdomain("Currently setup two-factor method: %(method)s", method=primary_method) }}

{% for subfield in two_factor_setup_form.setup %} {% if subfield.data in choices %}{{ render_field_with_errors(subfield) }}{% endif %} {% endfor %}
{% if "sms" in choices %} {{ render_field_with_errors(two_factor_setup_form.phone) }} {% endif %}
{{ render_field_errors(two_factor_setup_form.setup) }} {{ render_field_errors(two_factor_setup_form.csrf_token) }} {{ render_field(two_factor_setup_form.submit) }}
{% if chosen_method=="authenticator" %}
{{ _fsdomain("Open an authenticator app on your device and scan the following QRcode (or enter the code below manually) to start receiving codes:") }}
{{ _fsdomain('Two-Factor authentication code') }} {# TODO: add width and height attrs #}
{{ authr_key }}
{% endif %}
{% if chosen_method %} {# Hide this when first setting up #} {# This is the fill in code part #}
{{ _fsdomain("Enter code to complete setup") }}
{% if changing %} {% set faction = url_for_security('two_factor_setup_validate', token=state_token) %} {% else %} {% set faction = url_for_security('two_factor_token_validation') %} {% endif %}
{# explicitly render csrf_token so we can change the ID so we don't get duplicates #} {{ render_csrf(two_factor_verify_code_form, "code") }} {{ render_field_with_errors(two_factor_verify_code_form.code, placeholder=_fsdomain("enter numeric code")) }}
{{ render_field(two_factor_verify_code_form.submit) }}
{% else %} {% if security.support_mfa and security.multi_factor_recovery_codes %}

{{ _fsdomain("Recovery Codes") }}

{{ _fsdomain("This application supports setting up recovery codes.") }} {{ _fsdomain("You can set them up here.") }}
{% endif %} {% if security.webauthn %}

{{ _fsdomain("WebAuthn") }}

{{ _fsdomain("This application supports WebAuthn security keys.") }} {{ _fsdomain("You can set them up here.") }}
{% endif %} {% endif %} {% include "security/_menu.html" %} {% endblock content %}