Improve 2FA

2 files changed, 37 insertions, 34 deletions

diff --git a/app/Template/twofactor/index.php b/app/Template/twofactor/index.php
index 4c4ca088..b9ee4b49 100644
--- a/app/Template/twofactor/index.php
+++ b/app/Template/twofactor/index.php
@@ -2,42 +2,14 @@
     <h2><?= t('Two factor authentication') ?></h2>
 </div>
 
-<form method="post" action="<?= $this->url->href('twofactor', 'save', array('user_id' => $user['id'])) ?>" autocomplete="off">
-
+<form method="post" action="<?= $this->url->href('twofactor', $user['twofactor_activated'] == 1 ? 'deactivate' : 'show', array('user_id' => $user['id'])) ?>" autocomplete="off">
     <?= $this->form->csrf() ?>
-    <?= $this->form->checkbox('twofactor_activated', t('Enable/disable two factor authentication'), 1, isset($user['twofactor_activated']) && $user['twofactor_activated'] == 1) ?>
-
+    <p><?= t('Two-Factor Provider: ') ?><strong><?= $this->e($provider) ?></strong></p>
     <div class="form-actions">
-        <input type="submit" value="<?= t('Save') ?>" class="btn btn-blue"/>
-    </div>
-</form>
-
-<?php if ($user['twofactor_activated'] == 1): ?>
-<div class="listing">
-    <p><?= t('Secret key: ') ?><strong><?= $this->e($user['twofactor_secret']) ?></strong> (base32)</p>
-
-    <?php if (! empty($qrcode_url)): ?>
-        <p><br/><img src="<?= $qrcode_url ?>"/><br/><br/></p>
-    <?php endif ?>
-
-    <p>
-        <?php if (! empty($key_url)): ?>
-            <?= t('This QR code contains the key URI: ') ?><strong><?= $this->e($key_url) ?></strong>
-            <br/><br/>
+        <?php if ($user['twofactor_activated'] == 1): ?>
+            <input type="submit" value="<?= t('Disable two-factor authentication') ?>" class="btn btn-red"/>
+        <?php else: ?>
+            <input type="submit" value="<?= t('Enable two-factor authentication') ?>" class="btn btn-blue"/>
         <?php endif ?>
-        <?= t('Save the secret key in your TOTP software (by example Google Authenticator or FreeOTP).') ?>
-    </p>
-</div>
-
-<h3><?= t('Test your device') ?></h3>
-<form method="post" action="<?= $this->url->href('twofactor', 'test', array('user_id' => $user['id'])) ?>" autocomplete="off">
-
-    <?= $this->form->csrf() ?>
-    <?= $this->form->label(t('Code'), 'code') ?>
-    <?= $this->form->text('code', array(), array(), array('placeholder="123456"'), 'form-numeric') ?>
-
-    <div class="form-actions">
-        <input type="submit" value="<?= t('Check my code') ?>" class="btn btn-blue"/>
     </div>
 </form>
-<?php endif ?>
diff --git a/app/Template/twofactor/show.php b/app/Template/twofactor/show.php
new file mode 100644
index 00000000..dd72965a
--- /dev/null
+++ b/app/Template/twofactor/show.php
@@ -0,0 +1,31 @@
+<div class="page-header">
+    <h2><?= t('Two factor authentication') ?></h2>
+</div>
+
+<?php if (! empty($secret) || ! empty($qrcode_url) || ! empty($key_url)): ?>
+<div class="listing">
+    <?php if (! empty($secret)): ?>
+        <p><?= t('Secret key: ') ?><strong><?= $this->e($secret) ?></strong></p>
+    <?php endif ?>
+
+    <?php if (! empty($qrcode_url)): ?>
+        <p><br/><img src="<?= $qrcode_url ?>"/><br/><br/></p>
+    <?php endif ?>
+
+    <?php if (! empty($key_url)): ?>
+        <p><?= t('This QR code contains the key URI: ') ?><a href="<?= $this->e($key_url) ?>"><?= $this->e($key_url) ?></a></p>
+    <?php endif ?>
+</div>
+<?php endif ?>
+
+<h3><?= t('Test your device') ?></h3>
+<form method="post" action="<?= $this->url->href('twofactor', 'test', array('user_id' => $user['id'])) ?>" autocomplete="off">
+
+    <?= $this->form->csrf() ?>
+    <?= $this->form->label(t('Code'), 'code') ?>
+    <?= $this->form->text('code', array(), array(), array('placeholder="123456"', 'autofocus'), 'form-numeric') ?>
+
+    <div class="form-actions">
+        <input type="submit" value="<?= t('Check my code') ?>" class="btn btn-blue"/>
+    </div>
+</form>
\ No newline at end of file