2FA: Support for adding TOTP-based devices

src/pretix/control/templates/pretixcontrol/base.html

@@ -19,6 +19,7 @@
             <script type="text/javascript" src="{% static "datetimepicker/bootstrap-datetimepicker.js" %}"></script>
             <script type="text/javascript" src="{% static "charts/raphael-min.js" %}"></script>
             <script type="text/javascript" src="{% static "charts/morris.js" %}"></script>
+            <script type="text/javascript" src="{% static "pretixcontrol/js/jquery.qrcode.min.js" %}"></script>
             <script type="text/javascript" src="{% static "pretixcontrol/js/menu.js" %}"></script>
             <script type="text/javascript" src="{% static "pretixcontrol/js/sb-admin-2.js" %}"></script>
 		    <script type="text/javascript" src="{% static "pretixcontrol/js/ui/main.js" %}"></script>

src/pretix/control/templates/pretixcontrol/user/2fa_add.html

@@ -0,0 +1,18 @@
+{% extends "pretixcontrol/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Add a two-factor authentication device" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Add a two-factor authentication device" %}</h1>
+    <form action="" method="post" class="form-horizontal">
+        {% csrf_token %}
+        {% bootstrap_form_errors form %}
+        {% bootstrap_field form.name layout='horizontal' %}
+        {% bootstrap_field form.devicetype layout='horizontal' %}
+        <div class="form-group submit-group">
+            <button type="submit" class="btn btn-primary btn-save">
+                {% trans "Continue" %}
+            </button>
+        </div>
+    </form>
+{% endblock %}

src/pretix/control/templates/pretixcontrol/user/2fa_confirm_totp.html

@@ -0,0 +1,59 @@
+{% extends "pretixcontrol/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Add a two-factor authentication device" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Add a two-factor authentication device" %}</h1>
+    <p>
+        {% trans "To set up this device, please follow the following steps:" %}
+    </p>
+    <ol class="multi-step-tutorial">
+        <li>
+            {% trans "Download the Google Authenticator application to your phone:" %}
+            <ul>
+                <li>
+                    <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&"
+                            target="_blank">
+                        {% trans "Android (Google Play)" %}
+                    </a>
+                </li>
+                <li>
+                    <a href="https://f-droid.org/repository/browse/?fdfilter=authenticator&fdid=com.google.android.apps.authenticator2"
+                            target="_blank">
+                        {% trans "Android (F-Droid)" %}
+                    </a>
+                </li>
+                <li>
+                    <a href="https://itunes.apple.com/en/app/google-authenticator/id388497605?mt=8">
+                        {% trans "iOS (iTunes)" %}
+                    </a>
+                </li>
+                <li>
+                    <a href="https://m.google.com/authenticator">
+                        {% trans "Blackberry (Link via Google)" %}
+                    </a>
+                </li>
+            </ul>
+        </li>
+        <li>
+            {% trans "Add a new account to the app by scanning the following barcode:" %}
+            <div class="qrcode-canvas" data-qrdata="#qrdata"></div>
+        </li>
+        <li>
+            {% trans "Enter the displayed code here:" %}
+            <form class="form form-inline" method="post" action="">
+                {% csrf_token %}
+                <input type="number" name="token" class="form-control" required="required">
+                <button class="btn btn-primary" type="submit">
+                    {% trans "Continue" %}
+                </button>
+            </form>
+        </li>
+    </ol>
+
+    <script type="text/json" id="qrdata">
+        {{ qrdata|safe }}
+
+
+    </script>
+{% endblock %}

src/pretix/control/templates/pretixcontrol/user/2fa_main.html

@@ -0,0 +1,66 @@
+{% extends "pretixcontrol/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Two-factor authentication" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Two-factor authentication" %}</h1>
+    <p>
+        {% blocktrans trimmed %}
+            Two-factor authentication is a way to add additional security to your account. If you enable it, you will
+            not only need your password to log in, but also an additional token that is generated e.g. by an app on your
+            smartphone or a hardware token generator and that changes on a regular basis.
+        {% endblocktrans %}
+    </p>
+    {% if user.require_2fa %}
+        <div class="panel panel-default">
+            <div class="panel-heading">
+                <h3 class="panel-title">{% trans "Two-factor status" %}</h3>
+            </div>
+            <div class="panel-body">
+                <a href="" class="btn btn-primary pull-right">Disable</a>
+                <p>
+                    <strong>{% trans "Two-factor authentication is currently enabled." %}</strong>
+                </p>
+            </div>
+        </div>
+    {% else %}
+        <div class="panel panel-warning">
+            <div class="panel-heading">
+                <h3 class="panel-title">{% trans "Two-factor status" %}</h3>
+            </div>
+            <div class="panel-body">
+                {% if devices|length %}
+                    <a href="" class="btn btn-primary pull-right">Enable</a>
+                {% endif %}
+                <p>
+                    <strong>{% trans "Two-factor authentication is currently disabled." %}</strong>
+                </p>
+                {% if not devices|length %}
+                    <p>{% trans "To enable it, you need to configure at least one device below." %}</p>
+                {% endif %}
+            </div>
+        </div>
+    {% endif %}
+    <div class="panel panel-default">
+        <div class="panel-heading">
+            <h3 class="panel-title">{% trans "Enabled devices" %}</h3>
+        </div>
+        <ul class="list-group">
+            {% for d in devices %}
+                <li class="list-group-item">
+                {% if d.devicetype == "totp" %}
+                        <span class="fa fa-mobile"></span>
+                    {% endif %}
+                    {{ d.name }}
+                </li>
+            {% endfor %}
+
+            <li class="list-group-item">
+                <a href="{% url "control:user.settings.2fa.add" %}" class="btn btn-primary">
+                    <span class="fa fa-plus"></span>
+                    {% trans "Add a new device" %}
+                </a>
+            </li>
+        </ul>
+    </div>
+{% endblock %}

src/pretix/control/templates/pretixcontrol/user/settings.html

@@ -19,6 +19,22 @@
         {% bootstrap_field form.email layout='horizontal' %}
         {% bootstrap_field form.new_pw layout='horizontal' %}
         {% bootstrap_field form.new_pw_repeat layout='horizontal' %}
+        <div class="form-group">
+            <label class="col-md-3 control-label" for="id_new_pw_repeat">{% trans "Two-factor authentication" %}</label>
+            <div class="col-md-9 static-form-row">
+                {% if user.require_2fa %}
+                    <span class="label label-success">{% trans "Enabled" %}</span>
+                    <a href="{% url "control:user.settings.2fa" %}">
+                        {% trans "Change settings" %}
+                    </a>
+                {% else %}
+                    <span class="label label-default">{% trans "Disabled" %}</span>
+                    <a href="{% url "control:user.settings.2fa" %}">
+                        {% trans "Enable" %}
+                    </a>
+                {% endif %}
+            </div>
+        </div>
     </fieldset>
     <div class="form-group submit-group">
         <button type="submit" class="btn btn-primary btn-save">