Refs #787 -- Activate 2FA after adding a device by default

src/pretix/control/templates/pretixcontrol/user/2fa_confirm_totp.html

@@ -77,7 +77,11 @@
                 <input type="number" name="token" class="form-control" required="required">
                 <button class="btn btn-primary" type="submit">
                     {% trans "Continue" %}
-                </button>
+                </button><br>
+                <label>
+                    <input type="checkbox" name="activate" checked="checked" value="on">
+                    {% trans "Require second factor for future logins" %}
+                </label>
             </form>
         </li>
     </ol>

src/pretix/control/templates/pretixcontrol/user/2fa_confirm_u2f.html

@@ -13,6 +13,12 @@
     <form class="form form-inline" method="post" action="" id="u2f-form">
         {% csrf_token %}
         <input type="hidden" id="u2f-response" name="token" class="form-control" required="required">
+        <p>
+            <label>
+                <input type="checkbox" name="activate" checked="checked" value="on">
+                {% trans "Require second factor for future logins" %}
+            </label>
+        </p>
         <button class="btn btn-primary sr-only" type="submit"></button>
     </form>
 
@@ -22,6 +28,7 @@
     <script type="text/json" id="u2f-enroll">
         {{ jsondata|safe }}
 
+
     </script>
     {% compress js %}
         <script type="text/javascript" src="{% static "pretixcontrol/js/ui/u2f-api.js" %}"></script>

src/pretix/control/views/user.py

@@ -243,9 +243,18 @@ class User2FADeviceConfirmU2FView(RecentAuthenticationRequiredMixin, TemplateVie
                 'devicetype': 'u2f',
                 'name': self.device.name,
             })
-            self.request.user.send_security_notice([
+            notices = [
                 _('A new two-factor authentication device has been added to your account.')
-            ])
+            ]
+            activate = request.POST.get('activate', '')
+            if activate == 'on' and not self.request.user.require_2fa:
+                self.request.user.require_2fa = True
+                self.request.user.save()
+                self.request.user.log_action('pretix.user.settings.2fa.enabled', user=self.request.user)
+                notices.append(
+                    _('Two-factor authentication has been enabled.')
+                )
+            self.request.user.send_security_notice(notices)
 
             note = ''
             if not self.request.user.require_2fa:
@@ -284,6 +293,7 @@ class User2FADeviceConfirmTOTPView(RecentAuthenticationRequiredMixin, TemplateVi
 
     def post(self, request, *args, **kwargs):
         token = request.POST.get('token', '')
+        activate = request.POST.get('activate', '')
         if self.device.verify_token(token):
             self.device.confirmed = True
             self.device.save()
@@ -292,9 +302,17 @@ class User2FADeviceConfirmTOTPView(RecentAuthenticationRequiredMixin, TemplateVi
                 'name': self.device.name,
                 'devicetype': 'totp'
             })
-            self.request.user.send_security_notice([
+            notices = [
                 _('A new two-factor authentication device has been added to your account.')
-            ])
+            ]
+            if activate == 'on' and not self.request.user.require_2fa:
+                self.request.user.require_2fa = True
+                self.request.user.save()
+                self.request.user.log_action('pretix.user.settings.2fa.enabled', user=self.request.user)
+                notices.append(
+                    _('Two-factor authentication has been enabled.')
+                )
+            self.request.user.send_security_notice(notices)
 
             note = ''
             if not self.request.user.require_2fa: