2FA: Enable and disable

src/pretix/control/templates/pretixcontrol/user/2fa_disable.html

@@ -0,0 +1,24 @@
+{% extends "pretixcontrol/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Disable two-factor authentication" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Disable two-factor authentication" %}</h1>
+    <form action="" method="post" class="form-horizontal">
+        {% csrf_token %}
+        <p>
+            {% trans "Do you really want to disable two-factor authentication?" %}
+        </p>
+        <p>
+            {% trans "You will no longer require a second device to log in to your account." %}
+        </p>
+        <div class="form-group submit-group">
+            <a href="{% url "control:user.settings.2fa" %}" class="btn btn-default btn-cancel">
+                {% trans "Cancel" %}
+            </a>
+            <button type="submit" class="btn btn-danger btn-save">
+                {% trans "Disable" %}
+            </button>
+        </div>
+    </form>
+{% endblock %}

src/pretix/control/templates/pretixcontrol/user/2fa_enable.html

@@ -0,0 +1,25 @@
+{% extends "pretixcontrol/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Enable two-factor authentication" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Enable two-factor authentication" %}</h1>
+    <form action="" method="post" class="form-horizontal">
+        {% csrf_token %}
+        <p>
+            {% trans "Do you really want to enable two-factor authentication?" %}
+        </p>
+        <p>
+            {% trans "You will no longer be able to log in to pretix without one of your configured devices." %}
+            {% trans "Please make sure to print out or copy the emergency keys and store them in a safe place." %}
+        </p>
+        <div class="form-group submit-group">
+            <a href="{% url "control:user.settings.2fa" %}" class="btn btn-default btn-cancel">
+                {% trans "Cancel" %}
+            </a>
+            <button type="submit" class="btn btn-danger btn-save">
+                {% trans "Enable" %}
+            </button>
+        </div>
+    </form>
+{% endblock %}

src/pretix/control/templates/pretixcontrol/user/2fa_main.html

@@ -12,12 +12,14 @@
         {% endblocktrans %}
     </p>
     {% if user.require_2fa %}
-        <div class="panel panel-default">
+        <div class="panel panel-success">
             <div class="panel-heading">
                 <h3 class="panel-title">{% trans "Two-factor status" %}</h3>
             </div>
             <div class="panel-body">
-                <a href="" class="btn btn-primary pull-right">Disable</a>
+                <a href="{% url "control:user.settings.2fa.disable" %}" class="btn btn-primary pull-right">
+                    {% trans "Disable" %}
+                </a>
                 <p>
                     <strong>{% trans "Two-factor authentication is currently enabled." %}</strong>
                 </p>
@@ -30,7 +32,9 @@
             </div>
             <div class="panel-body">
                 {% if devices|length %}
-                    <a href="" class="btn btn-primary pull-right">Enable</a>
+                    <a href="{% url "control:user.settings.2fa.enable" %}" class="btn btn-primary pull-right">
+                        {% trans "Enable" %}
+                    </a>
                 {% endif %}
                 <p>
                     <strong>{% trans "Two-factor authentication is currently disabled." %}</strong>

src/pretix/control/urls.py

@@ -15,6 +15,8 @@ urlpatterns = [
     url(r'^settings$', user.UserSettings.as_view(), name='user.settings'),
     url(r'^settings/2fa/$', user.User2FAMainView.as_view(), name='user.settings.2fa'),
     url(r'^settings/2fa/add$', user.User2FADeviceAddView.as_view(), name='user.settings.2fa.add'),
+    url(r'^settings/2fa/enable', user.User2FAEnableView.as_view(), name='user.settings.2fa.enable'),
+    url(r'^settings/2fa/disable', user.User2FADisableView.as_view(), name='user.settings.2fa.disable'),
     url(r'^settings/2fa/totp/(?P<device>[0-9]+)/confirm', user.User2FADeviceConfirmTOTPView.as_view(),
         name='user.settings.2fa.confirm.totp'),
     url(r'^settings/2fa/(?P<devicetype>[^/]+)/(?P<device>[0-9]+)/delete', user.User2FADeviceDeleteView.as_view(),

src/pretix/control/views/user.py

@@ -131,3 +131,30 @@ class User2FADeviceConfirmTOTPView(TemplateView):
             return redirect(reverse('control:user.settings.2fa.confirm.totp', kwargs={
                 'device': self.device.pk
             }))
+
+
+class User2FAEnableView(TemplateView):
+    template_name = 'pretixcontrol/user/2fa_enable.html'
+
+    def dispatch(self, request, *args, **kwargs):
+        if not any(dt.objects.filter(user=self.request.user, confirmed=True) for dt in REAL_DEVICE_TYPES):
+            messages.error(request, _('Please configure at least one device before enabling two-factor '
+                                      'authentication.'))
+            return redirect(reverse('control:user.settings.2fa'))
+        return super().dispatch(request, *args, **kwargs)
+
+    def post(self, request, *args, **kwargs):
+        self.request.user.require_2fa = True
+        self.request.user.save()
+        messages.success(request, _('Two-factor authentication is now enabled for your account.'))
+        return redirect(reverse('control:user.settings.2fa'))
+
+
+class User2FADisableView(TemplateView):
+    template_name = 'pretixcontrol/user/2fa_disable.html'
+
+    def post(self, request, *args, **kwargs):
+        self.request.user.require_2fa = False
+        self.request.user.save()
+        messages.success(request, _('Two-factor authentication is now disabled for your account.'))
+        return redirect(reverse('control:user.settings.2fa'))