Add support for manually entering 2FA details

5 files changed, 40 insertions, 6 deletions

diff --git a/app/assets/stylesheets/pages/profile.scss b/app/assets/stylesheets/pages/profile.scss
index 280e8b57174..5b528b38d36 100644
--- a/app/assets/stylesheets/pages/profile.scss
+++ b/app/assets/stylesheets/pages/profile.scss
@@ -93,3 +93,17 @@
     }
   }
 }
+
+// Profile > Account > Two Factor Authentication
+.two-factor-new {
+  .manual-instructions {
+    h3 {
+      margin-top: 0;
+    }
+
+    // Slightly increase the size of the details so they're easier to read
+    dl {
+      font-size: 1.1em;
+    }
+  }
+}
diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb
index 30ee6891733..17abcea2068 100644
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -1,7 +1,7 @@
 class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
   def new
     unless current_user.otp_secret
-      current_user.otp_secret = User.generate_otp_secret
+      current_user.otp_secret = User.generate_otp_secret(16)
       current_user.save!
     end
 
@@ -18,6 +18,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
     else
       @error = 'Invalid pin code'
       @qr_code = build_qr_code
+
       render 'new'
     end
   end
diff --git a/app/views/profiles/two_factor_auths/new.html.haml b/app/views/profiles/two_factor_auths/new.html.haml
index fe03a259a12..b9f3e2380fe 100644
--- a/app/views/profiles/two_factor_auths/new.html.haml
+++ b/app/views/profiles/two_factor_auths/new.html.haml
@@ -7,14 +7,30 @@
 
 %hr
 
-= form_tag profile_two_factor_auth_path, method: :post, class: 'form-horizontal' do |f|
+= form_tag profile_two_factor_auth_path, method: :post, class: 'form-horizontal two-factor-new' do |f|
   - if @error
     .alert.alert-danger
       = @error
   .form-group
     .col-sm-2
-    .col-sm-10
+    .col-sm-2
       = raw @qr_code
+    .col-sm-8.manual-instructions
+      %h3 Can't scan the code?
+
+      %p
+        To add the entry manually, provide the following details to the
+        application on your phone.
+
+      %dl
+        %dt Account
+        %dd= current_user.email
+      %dl
+        %dt Key
+        %dd= current_user.otp_secret.scan(/.{4}/).join(' ')
+      %dl
+        %dt Time based
+        %dd Yes
   .form-group
     = label_tag :pin_code, nil, class: "control-label"
     .col-sm-10
diff --git a/spec/controllers/profiles/two_factor_auths_controller_spec.rb b/spec/controllers/profiles/two_factor_auths_controller_spec.rb
index f05d1f5fbe1..b7e8583523b 100644
--- a/spec/controllers/profiles/two_factor_auths_controller_spec.rb
+++ b/spec/controllers/profiles/two_factor_auths_controller_spec.rb
@@ -11,8 +11,11 @@ describe Profiles::TwoFactorAuthsController do
   describe 'GET new' do
     let(:user) { create(:user) }
 
-    it 'generates otp_secret' do
-      expect { get :new }.to change { user.otp_secret }
+    it 'generates otp_secret for user' do
+      expect(User).to receive(:generate_otp_secret).with(16).and_return('secret').once
+
+      get :new
+      get :new # Second hit shouldn't re-generate it
     end
 
     it 'assigns qr_code' do
diff --git a/spec/factories.rb b/spec/factories.rb
index 26e8a795fa4..0f353b842ff 100644
--- a/spec/factories.rb
+++ b/spec/factories.rb
@@ -31,7 +31,7 @@ FactoryGirl.define do
     trait :two_factor do
       before(:create) do |user|
         user.otp_required_for_login = true
-        user.otp_secret = User.generate_otp_secret
+        user.otp_secret = User.generate_otp_secret(16)
       end
     end