From 88f54b16d7c0f1ea81784b1a30ed1f5d66e368d9 Mon Sep 17 00:00:00 2001
From: Urban Rotnik <urban.rotnik@gmail.com>
Date: Wed, 24 Jun 2020 16:23:52 +0200
Subject: [PATCH 01/17] Add 2fa fields to user

---
 Gemfile                                      |  1 +
 Gemfile.lock                                 |  3 ++
 app/models/user.rb                           | 10 ++++++
 db/migrate/20200622140843_add2fa_to_users.rb | 10 ++++++
 db/structure.sql                             |  7 ++--
 spec/models/user_spec.rb                     | 38 ++++++++++++++++++++
 6 files changed, 67 insertions(+), 2 deletions(-)
 create mode 100644 db/migrate/20200622140843_add2fa_to_users.rb

diff --git a/Gemfile b/Gemfile
index 047d64b3b..7cf883a0b 100644
--- a/Gemfile
+++ b/Gemfile
@@ -75,6 +75,7 @@ gem 'nokogiri', '~> 1.10.8' # HTML/XML parser
 gem 'rails_autolink', '~> 1.1', '>= 1.1.6'
 gem 'rgl' # Graph framework for project diagram calculations
 gem 'roo', '~> 2.8.2' # Spreadsheet parser
+gem 'rotp'
 gem 'rubyzip'
 gem 'scenic', '~> 1.4'
 gem 'sdoc', '~> 1.0', group: :doc
diff --git a/Gemfile.lock b/Gemfile.lock
index f6c6c236a..0f2a73a0b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -469,6 +469,8 @@ GEM
     roo (2.8.2)
       nokogiri (~> 1)
       rubyzip (>= 1.2.1, < 2.0.0)
+    rotp (6.0.0)
+      addressable (~> 2.7)
     rspec-core (3.8.2)
       rspec-support (~> 3.8.0)
     rspec-expectations (3.8.4)
@@ -668,6 +670,7 @@ DEPENDENCIES
   recaptcha
   rgl
   roo (~> 2.8.2)
+  rotp
   rspec-rails (>= 4.0.0.beta2)
   rubocop (>= 0.75.0)
   rubocop-performance
diff --git a/app/models/user.rb b/app/models/user.rb
index 45907fcf0..b843ea102 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -286,6 +286,8 @@ class User < ApplicationRecord
                            foreign_key: :resource_owner_id,
                            dependent: :delete_all
 
+  before_save :ensure_2fa_token, if: ->(user) { user.changed.include?('twofa_enabled') }
+  before_create :generate_2fa_token
   before_destroy :destroy_notifications
 
   def name
@@ -658,4 +660,12 @@ class User < ApplicationRecord
   def clear_view_cache
     Rails.cache.delete_matched(%r{^views\/users\/#{id}-})
   end
+
+  def generate_2fa_token
+    self.otp_secret = ROTP::Base32.random
+  end
+
+  def ensure_2fa_token
+    generate_2fa_token unless otp_secret
+  end
 end
diff --git a/db/migrate/20200622140843_add2fa_to_users.rb b/db/migrate/20200622140843_add2fa_to_users.rb
new file mode 100644
index 000000000..98d429169
--- /dev/null
+++ b/db/migrate/20200622140843_add2fa_to_users.rb
@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+class Add2faToUsers < ActiveRecord::Migration[6.0]
+  def change
+    change_table :users, bulk: true do |t|
+      t.boolean :twofa_enabled, default: false, null: false
+      t.string :otp_secret
+    end
+  end
+end
diff --git a/db/structure.sql b/db/structure.sql
index 951f4faa2..0126d461d 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -2647,7 +2647,9 @@ CREATE TABLE public.users (
     current_team_id bigint,
     authentication_token character varying(30),
     settings jsonb DEFAULT '{}'::jsonb NOT NULL,
-    variables jsonb DEFAULT '{}'::jsonb NOT NULL
+    variables jsonb DEFAULT '{}'::jsonb NOT NULL,
+    twofa_enabled boolean DEFAULT false NOT NULL,
+    otp_secret character varying
 );
 
 
@@ -7194,6 +7196,7 @@ INSERT INTO "schema_migrations" (version) VALUES
 ('20200113143828'),
 ('20200204100934'),
 ('20200326114643'),
-('20200331183640');
+('20200331183640'),
+('20200622140843');
 
 
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 8c6ff65ff..a12cf0637 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -331,4 +331,42 @@ describe User, type: :model do
   describe 'Associations' do
     it { is_expected.to have_many(:system_notifications) }
   end
+
+  describe 'Callbacks' do
+    describe 'after_create' do
+      it 'sets token' do
+        user = create :user
+
+        expect(user.otp_secret).to be_kind_of String
+      end
+    end
+
+    describe 'before_save' do
+      let(:user) { create :user }
+
+      context 'when changing twofa_enabled' do
+        context 'when user does not have otp_secret' do
+          it 'sets token before save' do
+            user.update_column(:otp_secret, nil)
+
+            expect { user.update(twofa_enabled: true) }.to(change { user.otp_secret })
+          end
+        end
+
+        context 'when user does have otp_secret' do
+          it 'does not set new token before save' do
+            expect { user.update(twofa_enabled: true) }.not_to(change { user.otp_secret })
+          end
+        end
+      end
+
+      context 'when changing not twofa_enabled and user does have otp_secret' do
+        it 'does not set token before save' do
+          user.update_column(:otp_secret, nil)
+
+          expect { user.update(name: 'SomeNewName') }.not_to(change { user.otp_secret })
+        end
+      end
+    end
+  end
 end

From de8aca9dbd92799f1baa6b79dbe3bee04884612e Mon Sep 17 00:00:00 2001
From: Urban Rotnik <urban.rotnik@gmail.com>
Date: Mon, 29 Jun 2020 10:42:19 +0200
Subject: [PATCH 02/17] Rename column

---
 app/models/user.rb                           | 8 ++++----
 db/migrate/20200622140843_add2fa_to_users.rb | 2 +-
 db/structure.sql                             | 2 +-
 spec/models/user_spec.rb                     | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index b843ea102..c3614802d 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -286,8 +286,8 @@ class User < ApplicationRecord
                            foreign_key: :resource_owner_id,
                            dependent: :delete_all
 
-  before_save :ensure_2fa_token, if: ->(user) { user.changed.include?('twofa_enabled') }
-  before_create :generate_2fa_token
+  before_save :ensure_2fa_token, if: ->(user) { user.changed.include?('two_factor_auth_enabled') }
+  before_create :assign_2fa_token
   before_destroy :destroy_notifications
 
   def name
@@ -661,11 +661,11 @@ class User < ApplicationRecord
     Rails.cache.delete_matched(%r{^views\/users\/#{id}-})
   end
 
-  def generate_2fa_token
+  def assign_2fa_token
     self.otp_secret = ROTP::Base32.random
   end
 
   def ensure_2fa_token
-    generate_2fa_token unless otp_secret
+    assign_2fa_token unless otp_secret
   end
 end
diff --git a/db/migrate/20200622140843_add2fa_to_users.rb b/db/migrate/20200622140843_add2fa_to_users.rb
index 98d429169..88494cc52 100644
--- a/db/migrate/20200622140843_add2fa_to_users.rb
+++ b/db/migrate/20200622140843_add2fa_to_users.rb
@@ -3,7 +3,7 @@
 class Add2faToUsers < ActiveRecord::Migration[6.0]
   def change
     change_table :users, bulk: true do |t|
-      t.boolean :twofa_enabled, default: false, null: false
+      t.boolean :two_factor_auth_enabled, default: false, null: false
       t.string :otp_secret
     end
   end
diff --git a/db/structure.sql b/db/structure.sql
index 0126d461d..3843bfc00 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -2648,7 +2648,7 @@ CREATE TABLE public.users (
     authentication_token character varying(30),
     settings jsonb DEFAULT '{}'::jsonb NOT NULL,
     variables jsonb DEFAULT '{}'::jsonb NOT NULL,
-    twofa_enabled boolean DEFAULT false NOT NULL,
+    two_factor_auth_enabled boolean DEFAULT false NOT NULL,
     otp_secret character varying
 );
 
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index a12cf0637..f9af6ec2a 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -349,13 +349,13 @@ describe User, type: :model do
           it 'sets token before save' do
             user.update_column(:otp_secret, nil)
 
-            expect { user.update(twofa_enabled: true) }.to(change { user.otp_secret })
+            expect { user.update(two_factor_auth_enabled: true) }.to(change { user.otp_secret })
           end
         end
 
         context 'when user does have otp_secret' do
           it 'does not set new token before save' do
-            expect { user.update(twofa_enabled: true) }.not_to(change { user.otp_secret })
+            expect { user.update(two_factor_auth_enabled: true) }.not_to(change { user.otp_secret })
           end
         end
       end

From 6fa97d3639a3340019f8d50af13c0663672389b9 Mon Sep 17 00:00:00 2001
From: aignatov-bio <aignatov@biosistemika.com>
Date: Mon, 29 Jun 2020 10:56:06 +0200
Subject: [PATCH 03/17] Add enable 2fa button to user settings

---
 app/assets/javascripts/users/registrations/edit.js |  4 ++++
 app/views/users/registrations/_2fa_modal.html.erb  | 12 ++++++++++++
 app/views/users/registrations/edit.html.erb        |  3 ++-
 config/locales/en.yml                              |  1 +
 4 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 app/views/users/registrations/_2fa_modal.html.erb

diff --git a/app/assets/javascripts/users/registrations/edit.js b/app/assets/javascripts/users/registrations/edit.js
index cd2a5d551..7d02da59b 100644
--- a/app/assets/javascripts/users/registrations/edit.js
+++ b/app/assets/javascripts/users/registrations/edit.js
@@ -79,4 +79,8 @@
     }
     $fileInput[0].value = '';
   });
+
+  $('#twoFactorAuthentication').click(function() {
+    $('#twoFactorAuthenticationModal').modal('show');
+  });
 }());
diff --git a/app/views/users/registrations/_2fa_modal.html.erb b/app/views/users/registrations/_2fa_modal.html.erb
new file mode 100644
index 000000000..04e217a2b
--- /dev/null
+++ b/app/views/users/registrations/_2fa_modal.html.erb
@@ -0,0 +1,12 @@
+<div class="modal" id="twoFactorAuthenticationModal" tabindex="-1" role="dialog">
+  <div class="modal-dialog" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+        <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">&times;</span></button>
+        <h2 class="modal-title"></h2>
+      </div>
+      <div class="modal-body">
+      </div>
+    </div>
+  </div>
+</div>
diff --git a/app/views/users/registrations/edit.html.erb b/app/views/users/registrations/edit.html.erb
index 3f087e933..aca9cef15 100644
--- a/app/views/users/registrations/edit.html.erb
+++ b/app/views/users/registrations/edit.html.erb
@@ -142,7 +142,7 @@
                 </div>
               </div>
             <% end %>
-
+            <button class="btn btn-primary" id="twoFactorAuthentication"><%= t("users.registrations.edit.2fa_button") %></button>
           </div>
           <div class="col-md-7 col-md-offset-1">
             <div class="row user-statistics">
@@ -176,6 +176,7 @@
   </div>
 </div>
 
+<%= render partial: '2fa_modal' %>
 <%= render partial: 'users/shared/user_avatars_modal' %>
 
 <%= javascript_pack_tag 'custom/croppie' %>
diff --git a/config/locales/en.yml b/config/locales/en.yml
index ef998024b..81a487b8b 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -1593,6 +1593,7 @@ en:
         password_title: "Change password"
         new_password_label: "New password"
         new_password_2_label: "New password confirmation"
+        2fa_button: "Enable two-factor authentication"
       new:
         head_title: "Sign up"
         team_name_label: "Team name"

From fe79fa47889bf43e468e32bc003546837b868e45 Mon Sep 17 00:00:00 2001
From: aignatov-bio <aignatov@biosistemika.com>
Date: Mon, 29 Jun 2020 10:57:41 +0200
Subject: [PATCH 04/17] Fix markup

---
 app/views/users/registrations/_2fa_modal.html.erb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/views/users/registrations/_2fa_modal.html.erb b/app/views/users/registrations/_2fa_modal.html.erb
index 04e217a2b..fea5db397 100644
--- a/app/views/users/registrations/_2fa_modal.html.erb
+++ b/app/views/users/registrations/_2fa_modal.html.erb
@@ -10,3 +10,4 @@
     </div>
   </div>
 </div>
+

From 62a4a5f2030f6943d86cc588277ba46919abb236 Mon Sep 17 00:00:00 2001
From: Urban Rotnik <urban.rotnik@gmail.com>
Date: Tue, 30 Jun 2020 14:16:00 +0200
Subject: [PATCH 05/17] Add 2fa login

---
 app/controllers/users/sessions_controller.rb  |  64 ++++++++---
 app/models/user.rb                            |   7 ++
 app/views/users/sessions/new.html.erb         |   2 +-
 .../users/sessions/two_factor_auth.html.erb   |  19 ++++
 config/locales/en.yml                         |   6 +
 config/routes.rb                              |   4 +-
 .../users/sessions_controller_spec.rb         | 107 ++++++++++++++++++
 spec/models/user_spec.rb                      |  21 ++++
 8 files changed, 212 insertions(+), 18 deletions(-)
 create mode 100644 app/views/users/sessions/two_factor_auth.html.erb
 create mode 100644 spec/controllers/users/sessions_controller_spec.rb

diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb
index a52c97e8e..50d7c7258 100644
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@@ -5,6 +5,7 @@ class Users::SessionsController < Devise::SessionsController
 
   # before_filter :configure_sign_in_params, only: [:create]
   after_action :after_sign_in, only: :create
+  prepend_before_action :redirect_2fa, only: :create
 
   rescue_from ActionController::InvalidAuthenticityToken do
     redirect_to new_user_session_path
@@ -24,21 +25,7 @@ class Users::SessionsController < Devise::SessionsController
   def create
     super
 
-    # Schedule templates creation for user
-    TemplatesService.new.schedule_creation_for_user(current_user)
-
-    # Schedule demo project creation for user
-    current_user.created_teams.each do |team|
-      FirstTimeDataGenerator.delay(
-        queue: :new_demo_project,
-        priority: 10
-      ).seed_demo_data_with_id(current_user.id, team.id)
-    end
-  rescue StandardError => e
-    Rails.logger.fatal(
-      "User ID #{current_user.id}: Error creating inital projects on sign_in: "\
-      "#{e.message}"
-    )
+    generate_demo_project
   end
 
   # DELETE /resource/sign_out
@@ -75,6 +62,27 @@ class Users::SessionsController < Devise::SessionsController
     flash[:system_notification_modal] = true
   end
 
+  def authenticate_with_two_factor
+    user = User.find_by(id: session[:otp_user_id])
+
+    unless user
+      flash[:alert] = t('devise.sessions.2fa.no_user_error')
+      redirect_to root_path && return
+    end
+
+    if user.valid_otp?(params[:otp])
+      session.delete(:otp_user_id)
+
+      sign_in(user)
+      generate_demo_project
+      flash[:notice] = t('devise.sessions.signed_in')
+      redirect_to root_path
+    else
+      flash.now[:alert] = t('devise.sessions.2fa.error_message')
+      render :two_factor_auth
+    end
+  end
+
   protected
 
   # If you have extra params to permit, append them to the sanitizer.
@@ -84,6 +92,32 @@ class Users::SessionsController < Devise::SessionsController
 
   private
 
+  def redirect_2fa
+    user = User.find_by(email: params[:user][:email])
+
+    return unless user&.valid_password?(params[:user][:password])
+
+    if user&.two_factor_auth_enabled?
+      session[:otp_user_id] = user.id
+      render :two_factor_auth
+    end
+  end
+
+  def generate_demo_project
+    # Schedule templates creation for user
+    TemplatesService.new.schedule_creation_for_user(current_user)
+
+    # Schedule demo project creation for user
+    current_user.created_teams.each do |team|
+      FirstTimeDataGenerator.delay(
+        queue: :new_demo_project,
+        priority: 10
+      ).seed_demo_data_with_id(current_user.id, team.id)
+    end
+  rescue StandardError => e
+    Rails.logger.fatal("User ID #{current_user.id}: Error creating inital projects on sign_in: #{e.message}")
+  end
+
   def session_layout
     if @simple_sign_in
       'sign_in_halt'
diff --git a/app/models/user.rb b/app/models/user.rb
index c3614802d..5b94c7b7f 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -623,6 +623,13 @@ class User < ApplicationRecord
     avatar.blob&.filename&.sanitized
   end
 
+  def valid_otp?(otp)
+    raise StandardError, 'Missing otp_secret' unless otp_secret
+
+    totp = ROTP::TOTP.new(otp_secret, issuer: 'sciNote')
+    totp.verify(otp, drift_behind: 10)
+  end
+
   protected
 
   def confirmation_required?
diff --git a/app/views/users/sessions/new.html.erb b/app/views/users/sessions/new.html.erb
index 9d162a5a3..a12098fd2 100644
--- a/app/views/users/sessions/new.html.erb
+++ b/app/views/users/sessions/new.html.erb
@@ -43,4 +43,4 @@
       <%= render partial: "users/shared/links", locals: {linkedin_skip: true} unless @simple_sign_in %>
     </div>
   </div>
-</div>
\ No newline at end of file
+</div>
diff --git a/app/views/users/sessions/two_factor_auth.html.erb b/app/views/users/sessions/two_factor_auth.html.erb
new file mode 100644
index 000000000..ec1de0fa4
--- /dev/null
+++ b/app/views/users/sessions/two_factor_auth.html.erb
@@ -0,0 +1,19 @@
+<% provide(:head_title, t("devise.sessions.new.head_title")) %>
+<% content_for(:body_class, 'sign-in-layout') %>
+<div class="sign-in-container">
+  <div class="sign-in-form-wrapper">
+    <div class="center-block center-block-narrow">
+      <h1 class="log-in-title"><%=t "devise.sessions.2fa.title" %></h1>
+      <%= form_with url: users_authenticate_with_two_factor_url, local: true  do %>
+        <div class="input-group sci-input-container">
+          <%= label :otp, t("devise.sessions.2fa.field") %>
+          <%= text_field_tag(:otp, '', { class: "form-control sci-input-field", placeholder: t("devise.sessions.2fa.placeholder") })%>
+        </div>
+
+        <div class="actions" style="margin-top: 10px; margin-bottom: 10px;">
+          <%= button_tag t("devise.sessions.new.submit"), type: :submit, class: "btn btn-primary log-in-button" %>
+        </div>
+    <% end %>
+    </div>
+  </div>
+</div>
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 81a487b8b..8b1cfce2a 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -33,6 +33,12 @@ en:
         password_placeholder: "Enter password"
         remember_me: "Remember me"
         submit: "Log in"
+      2fa:
+        title: "Two factor check"
+        field: "One time password"
+        placeholder: "Enter code"
+        error_message: "One Time Password is not correct."
+        no_user_error: "Cannot find user!"
       create:
         team_name: "%{user}'s projects"
       auth_token_create:
diff --git a/config/routes.rb b/config/routes.rb
index 206b1649d..c5c38009e 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -695,8 +695,8 @@ Rails.application.routes.draw do
       get 'avatar/:id/:style' => 'users/registrations#avatar', as: 'avatar'
       get 'users/auth_token_sign_in' => 'users/sessions#auth_token_create'
       get 'users/sign_up_provider' => 'users/registrations#new_with_provider'
-      post 'users/complete_sign_up_provider' =>
-           'users/registrations#create_with_provider'
+      post 'users/authenticate_with_two_factor' => 'users/sessions#authenticate_with_two_factor'
+      post 'users/complete_sign_up_provider' => 'users/registrations#create_with_provider'
     end
 
     namespace :api, defaults: { format: 'json' } do
diff --git a/spec/controllers/users/sessions_controller_spec.rb b/spec/controllers/users/sessions_controller_spec.rb
new file mode 100644
index 000000000..718939da1
--- /dev/null
+++ b/spec/controllers/users/sessions_controller_spec.rb
@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe Users::SessionsController, type: :controller do
+  describe 'POST #create' do
+    before do
+      @request.env['devise.mapping'] = Devise.mappings[:user]
+    end
+
+    let(:user) { create :user }
+    let(:password) { 'asdf1243' }
+    let(:params) do
+      { user: {
+        email: user.email,
+        password: password
+      } }
+    end
+
+    let(:action) do
+      post :create, params: params
+    end
+
+    context 'when have invalid email or password' do
+      let(:password) { '123' }
+
+      it 'returns error message' do
+        action
+
+        expect(flash[:alert]).to eq('Invalid Email or password.')
+      end
+
+      it 'does not set current user' do
+        expect { action }.not_to(change { subject.current_user })
+      end
+    end
+
+    context 'when have valid email and password' do
+      context 'when user has 2FA disabled' do
+        it 'returns successfully log in' do
+          action
+
+          expect(flash[:notice]).to eq('Logged in successfully.')
+        end
+
+        it 'sets current user' do
+          expect { action }.to(change { subject.current_user }.from(nil).to(User))
+        end
+      end
+
+      context 'when user has 2FA enabled' do
+        it 'renders 2FA page' do
+          user.two_factor_auth_enabled = true
+          user.save!
+
+          expect(action).to render_template('users/sessions/two_factor_auth')
+        end
+      end
+    end
+  end
+
+  describe 'POST #authenticate_with_two_factor' do
+    before do
+      @request.env['devise.mapping'] = Devise.mappings[:user]
+    end
+
+    let(:user) { create :user }
+    let(:params) { { otp: '123123' } }
+    let(:otp_user_id) { user.id }
+    let(:action) do
+      post :authenticate_with_two_factor, params: params, session: { otp_user_id: otp_user_id }
+    end
+
+    context 'when have valid otp' do
+      it 'sets current user' do
+        allow_any_instance_of(User).to receive(:valid_otp?).and_return(true)
+
+        expect { action }.to(change { subject.current_user }.from(nil).to(User))
+      end
+    end
+
+    context 'when have invalid valid otp' do
+      it 'returns error message' do
+        allow_any_instance_of(User).to receive(:valid_otp?).and_return(nil)
+        action
+
+        expect(flash[:alert]).to eq('One Time Password is not correct.')
+      end
+
+      it 'does not set current user' do
+        allow_any_instance_of(User).to receive(:valid_otp?).and_return(nil)
+
+        expect { action }.not_to(change { subject.current_user })
+      end
+    end
+
+    context 'when user is not found' do
+      let(:otp_user_id) { -1 }
+
+      it 'returns error message' do
+        action
+
+        expect(flash[:alert]).to eq('Cannot find user!')
+      end
+    end
+  end
+end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index f9af6ec2a..ae6bbf1c4 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -369,4 +369,25 @@ describe User, type: :model do
       end
     end
   end
+
+  describe 'valid_otp?' do
+    let(:user) { create :user }
+    before do
+      allow_any_instance_of(ROTP::TOTP).to receive(:verify).and_return(nil)
+    end
+
+    context 'when user has set otp_secret' do
+      it 'returns nil' do
+        expect(user.valid_otp?('someString')).to be_nil
+      end
+    end
+
+    context 'when user does not have otp_secret' do
+      it 'raises an error' do
+        user.update_column(:otp_secret, nil)
+
+        expect { user.valid_otp?('someString') }.to raise_error(StandardError, 'Missing otp_secret')
+      end
+    end
+  end
 end

From 4b9881e31edfa1103b4a52f2ee75b861f6f41a29 Mon Sep 17 00:00:00 2001
From: aignatov-bio <aignatov@biosistemika.com>
Date: Wed, 1 Jul 2020 11:07:33 +0200
Subject: [PATCH 06/17] Add 2fa to user settings page

---
 Gemfile                                       |  1 +
 Gemfile.lock                                  |  6 +++
 .../javascripts/users/registrations/edit.js   | 17 ++++++++-
 .../users/registrations_controller.rb         | 26 +++++++++++++
 app/models/user.rb                            | 12 +++---
 .../users/registrations/_2fa_modal.html.erb   | 30 ++++++++++++++-
 app/views/users/registrations/edit.html.erb   |  6 ++-
 config/locales/en.yml                         |  9 +++++
 config/routes.rb                              |  4 ++
 spec/models/user_spec.rb                      | 38 -------------------
 10 files changed, 102 insertions(+), 47 deletions(-)

diff --git a/Gemfile b/Gemfile
index 7cf883a0b..cacc6aa73 100644
--- a/Gemfile
+++ b/Gemfile
@@ -76,6 +76,7 @@ gem 'rails_autolink', '~> 1.1', '>= 1.1.6'
 gem 'rgl' # Graph framework for project diagram calculations
 gem 'roo', '~> 2.8.2' # Spreadsheet parser
 gem 'rotp'
+gem 'rqrcode' # QR code generator
 gem 'rubyzip'
 gem 'scenic', '~> 1.4'
 gem 'sdoc', '~> 1.0', group: :doc
diff --git a/Gemfile.lock b/Gemfile.lock
index 0f2a73a0b..599242fc6 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -186,6 +186,7 @@ GEM
       activesupport
     childprocess (1.0.1)
       rake (< 13.0)
+    chunky_png (1.3.11)
     coderay (1.1.2)
     coffee-rails (5.0.0)
       coffee-script (>= 2.2.0)
@@ -471,6 +472,10 @@ GEM
       rubyzip (>= 1.2.1, < 2.0.0)
     rotp (6.0.0)
       addressable (~> 2.7)
+    rqrcode (1.1.2)
+      chunky_png (~> 1.0)
+      rqrcode_core (~> 0.1)
+    rqrcode_core (0.1.2)
     rspec-core (3.8.2)
       rspec-support (~> 3.8.0)
     rspec-expectations (3.8.4)
@@ -671,6 +676,7 @@ DEPENDENCIES
   rgl
   roo (~> 2.8.2)
   rotp
+  rqrcode
   rspec-rails (>= 4.0.0.beta2)
   rubocop (>= 0.75.0)
   rubocop-performance
diff --git a/app/assets/javascripts/users/registrations/edit.js b/app/assets/javascripts/users/registrations/edit.js
index 7d02da59b..388db117b 100644
--- a/app/assets/javascripts/users/registrations/edit.js
+++ b/app/assets/javascripts/users/registrations/edit.js
@@ -80,7 +80,22 @@
     $fileInput[0].value = '';
   });
 
-  $('#twoFactorAuthentication').click(function() {
+  $('#twoFactorAuthenticationDisable').click(function() {
     $('#twoFactorAuthenticationModal').modal('show');
   });
+
+  $('#twoFactorAuthenticationEnable').click(function() {
+    $.get(this.dataset.qrCodeUrl, function(result) {
+      $('#twoFactorAuthenticationModal .qr-code').html(result.qr_code);
+      $('#twoFactorAuthenticationModal').modal('show');
+    });
+  });
+
+  $('#twoFactorAuthenticationModal .2fa-enable-form').on('ajax:error', function(e, data) {
+    $(this).find('.submit-code-field').addClass('error').attr('data-error-text', data.responseJSON.error);
+  });
+
+  $('#twoFactorAuthenticationModal .2fa-disable-form').on('ajax:error', function(e, data) {
+    $(this).find('.password-field').addClass('error').attr('data-error-text', data.responseJSON.error);
+  });
 }());
diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb
index ea2fac89e..67801ccaf 100644
--- a/app/controllers/users/registrations_controller.rb
+++ b/app/controllers/users/registrations_controller.rb
@@ -182,6 +182,32 @@ class Users::RegistrationsController < Devise::RegistrationsController
     end
   end
 
+  def two_factor_enable
+    totp = ROTP::TOTP.new(current_user.otp_secret, issuer: 'SciNote')
+    if totp.verify(params[:submit_code], drift_behind: 10)
+      current_user.update!(two_factor_auth_enabled: true)
+      redirect_to edit_user_registration_path
+    else
+      render json: { error: t('users.registrations.edit.2fa_errors.wrong_submit_code') }, status: :unprocessable_entity
+    end
+  end
+
+  def two_factor_disable
+    if current_user.valid_password?(params[:password])
+      current_user.update!(two_factor_auth_enabled: false, otp_secret: nil)
+      redirect_to edit_user_registration_path
+    else
+      render json: { error: t('users.registrations.edit.2fa_errors.wrong_password') }, status: :forbidden
+    end
+  end
+
+  def two_factor_qr_code
+    current_user.ensure_2fa_token
+    qr_code_url = ROTP::TOTP.new(current_user.otp_secret, issuer: 'SciNote').provisioning_uri(current_user.email)
+    qr_code = RQRCode::QRCode.new(qr_code_url)
+    render json: { qr_code: qr_code.as_svg }
+  end
+
   protected
 
   # Called upon creating User (before .save). Permits parameters and extracts
diff --git a/app/models/user.rb b/app/models/user.rb
index 5b94c7b7f..eed3623c0 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -286,8 +286,6 @@ class User < ApplicationRecord
                            foreign_key: :resource_owner_id,
                            dependent: :delete_all
 
-  before_save :ensure_2fa_token, if: ->(user) { user.changed.include?('two_factor_auth_enabled') }
-  before_create :assign_2fa_token
   before_destroy :destroy_notifications
 
   def name
@@ -630,6 +628,13 @@ class User < ApplicationRecord
     totp.verify(otp, drift_behind: 10)
   end
 
+  def ensure_2fa_token
+    return if otp_secret
+
+    assign_2fa_token
+    save!
+  end
+
   protected
 
   def confirmation_required?
@@ -672,7 +677,4 @@ class User < ApplicationRecord
     self.otp_secret = ROTP::Base32.random
   end
 
-  def ensure_2fa_token
-    assign_2fa_token unless otp_secret
-  end
 end
diff --git a/app/views/users/registrations/_2fa_modal.html.erb b/app/views/users/registrations/_2fa_modal.html.erb
index fea5db397..9b07d15bc 100644
--- a/app/views/users/registrations/_2fa_modal.html.erb
+++ b/app/views/users/registrations/_2fa_modal.html.erb
@@ -3,9 +3,35 @@
     <div class="modal-content">
       <div class="modal-header">
         <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">&times;</span></button>
-        <h2 class="modal-title"></h2>
+        <h2 class="modal-title"><%= t("users.registrations.edit.2fa_modal.title") %></h2>
       </div>
-      <div class="modal-body">
+      <% if current_user.two_factor_auth_enabled? %>
+        <%= form_with(url: users_2fa_disable_path, method: "post", class: "2fa-disable-form") do %>
+          <div class="modal-body">
+            <div class="sci-input-container password-field">
+              <%= label_tag :password, t("users.registrations.edit.2fa_modal.password_label") %>
+              <%= password_field_tag :password, '', class: "sci-input-field" %>
+            </div>
+          </div>
+          <div class="modal-footer">
+            <%= button_tag t("users.registrations.edit.2fa_modal.submit_button"), type: 'submit', class: "btn btn-danger" %>
+          </div>
+        <% end %>
+      <% else %>
+        <%= form_with(url: users_2fa_enable_path, method: "post", class: "2fa-enable-form") do %>
+          <div class="modal-body">
+            <div class="qr-code"></div>
+            <div class="sci-input-container submit-code-field">
+              <%= label_tag :submit_code, t("users.registrations.edit.2fa_modal.submit_code_label") %>
+              <%= text_field_tag :submit_code, '', class: "sci-input-field" %>
+            </div>
+          </div>
+          <div class="modal-footer">
+            <%= button_tag t("users.registrations.edit.2fa_modal.submit_button"), type: 'submit', class: "btn btn-primary" %>
+          </div>
+        <% end %>
+      <% end %>
+
       </div>
     </div>
   </div>
diff --git a/app/views/users/registrations/edit.html.erb b/app/views/users/registrations/edit.html.erb
index aca9cef15..2fe957e58 100644
--- a/app/views/users/registrations/edit.html.erb
+++ b/app/views/users/registrations/edit.html.erb
@@ -142,7 +142,11 @@
                 </div>
               </div>
             <% end %>
-            <button class="btn btn-primary" id="twoFactorAuthentication"><%= t("users.registrations.edit.2fa_button") %></button>
+            <% if current_user.two_factor_auth_enabled? %>
+              <button class="btn btn-danger" id="twoFactorAuthenticationDisable"><%= t("users.registrations.edit.2fa_button_disable") %></button>
+            <% else %>
+              <button class="btn btn-primary" id="twoFactorAuthenticationEnable" data-qr-code-url="<%= users_2fa_qr_code_path %>"><%= t("users.registrations.edit.2fa_button") %></button>
+            <% end %>
           </div>
           <div class="col-md-7 col-md-offset-1">
             <div class="row user-statistics">
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 8b1cfce2a..f235c0db7 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -1600,6 +1600,15 @@ en:
         new_password_label: "New password"
         new_password_2_label: "New password confirmation"
         2fa_button: "Enable two-factor authentication"
+        2fa_button_disable: "Disable two-factor authentication"
+        2fa_modal:
+          title: 'Two-factor authentication'
+          password_label: 'Password'
+          submit_code_label: 'Submit code'
+          submit_button: 'Submit'
+        2fa_errors:
+          wrong_submit_code: 'Not correct code'
+          wrong_password: 'Not correct password'
       new:
         head_title: "Sign up"
         team_name_label: "Team name"
diff --git a/config/routes.rb b/config/routes.rb
index c5c38009e..24f9fb9d5 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -697,6 +697,10 @@ Rails.application.routes.draw do
       get 'users/sign_up_provider' => 'users/registrations#new_with_provider'
       post 'users/authenticate_with_two_factor' => 'users/sessions#authenticate_with_two_factor'
       post 'users/complete_sign_up_provider' => 'users/registrations#create_with_provider'
+
+      post 'users/2fa_enable' => 'users/registrations#two_factor_enable'
+      post 'users/2fa_disable' => 'users/registrations#two_factor_disable'
+      get 'users/2fa_qr_code' => 'users/registrations#two_factor_qr_code'
     end
 
     namespace :api, defaults: { format: 'json' } do
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index ae6bbf1c4..ff51c9e7b 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -332,44 +332,6 @@ describe User, type: :model do
     it { is_expected.to have_many(:system_notifications) }
   end
 
-  describe 'Callbacks' do
-    describe 'after_create' do
-      it 'sets token' do
-        user = create :user
-
-        expect(user.otp_secret).to be_kind_of String
-      end
-    end
-
-    describe 'before_save' do
-      let(:user) { create :user }
-
-      context 'when changing twofa_enabled' do
-        context 'when user does not have otp_secret' do
-          it 'sets token before save' do
-            user.update_column(:otp_secret, nil)
-
-            expect { user.update(two_factor_auth_enabled: true) }.to(change { user.otp_secret })
-          end
-        end
-
-        context 'when user does have otp_secret' do
-          it 'does not set new token before save' do
-            expect { user.update(two_factor_auth_enabled: true) }.not_to(change { user.otp_secret })
-          end
-        end
-      end
-
-      context 'when changing not twofa_enabled and user does have otp_secret' do
-        it 'does not set token before save' do
-          user.update_column(:otp_secret, nil)
-
-          expect { user.update(name: 'SomeNewName') }.not_to(change { user.otp_secret })
-        end
-      end
-    end
-  end
-
   describe 'valid_otp?' do
     let(:user) { create :user }
     before do

From 742fb0d27b1a24a67b51cf7d4cc85ca9d5328bfb Mon Sep 17 00:00:00 2001
From: aignatov-bio <aignatov@biosistemika.com>
Date: Wed, 1 Jul 2020 14:41:55 +0200
Subject: [PATCH 07/17] Small 2fa improvments

---
 app/controllers/users/registrations_controller.rb | 7 +++----
 app/controllers/users/sessions_controller.rb      | 2 +-
 app/models/user.rb                                | 8 ++++++++
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb
index 67801ccaf..1de739f67 100644
--- a/app/controllers/users/registrations_controller.rb
+++ b/app/controllers/users/registrations_controller.rb
@@ -183,9 +183,8 @@ class Users::RegistrationsController < Devise::RegistrationsController
   end
 
   def two_factor_enable
-    totp = ROTP::TOTP.new(current_user.otp_secret, issuer: 'SciNote')
-    if totp.verify(params[:submit_code], drift_behind: 10)
-      current_user.update!(two_factor_auth_enabled: true)
+    if current_user.valid_otp?(params[:submit_code])
+      current_user.enable_2fa
       redirect_to edit_user_registration_path
     else
       render json: { error: t('users.registrations.edit.2fa_errors.wrong_submit_code') }, status: :unprocessable_entity
@@ -194,7 +193,7 @@ class Users::RegistrationsController < Devise::RegistrationsController
 
   def two_factor_disable
     if current_user.valid_password?(params[:password])
-      current_user.update!(two_factor_auth_enabled: false, otp_secret: nil)
+      current_user.disable_2fa
       redirect_to edit_user_registration_path
     else
       render json: { error: t('users.registrations.edit.2fa_errors.wrong_password') }, status: :forbidden
diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb
index 50d7c7258..aef23a8c1 100644
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@@ -4,7 +4,7 @@ class Users::SessionsController < Devise::SessionsController
   layout :session_layout
 
   # before_filter :configure_sign_in_params, only: [:create]
-  after_action :after_sign_in, only: :create
+  after_action :after_sign_in, only: %i(create authenticate_with_two_factor)
   prepend_before_action :redirect_2fa, only: :create
 
   rescue_from ActionController::InvalidAuthenticityToken do
diff --git a/app/models/user.rb b/app/models/user.rb
index eed3623c0..c8e400c23 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -635,6 +635,14 @@ class User < ApplicationRecord
     save!
   end
 
+  def enable_2fa
+    update!(two_factor_auth_enabled: true)
+  end
+
+  def disable_2fa
+    update!(two_factor_auth_enabled: false, otp_secret: nil)
+  end
+
   protected
 
   def confirmation_required?

From 46256c89c9fdcf342f04c36ff725d4424842583f Mon Sep 17 00:00:00 2001
From: aignatov-bio <aignatov@biosistemika.com>
Date: Wed, 1 Jul 2020 15:44:52 +0200
Subject: [PATCH 08/17] Fix tests

---
 app/controllers/users/registrations_controller.rb |  6 +++---
 app/models/user.rb                                | 13 ++++---------
 spec/models/user_spec.rb                          |  1 +
 3 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb
index 1de739f67..c8b44c20a 100644
--- a/app/controllers/users/registrations_controller.rb
+++ b/app/controllers/users/registrations_controller.rb
@@ -184,7 +184,7 @@ class Users::RegistrationsController < Devise::RegistrationsController
 
   def two_factor_enable
     if current_user.valid_otp?(params[:submit_code])
-      current_user.enable_2fa
+      current_user.enable_2fa!
       redirect_to edit_user_registration_path
     else
       render json: { error: t('users.registrations.edit.2fa_errors.wrong_submit_code') }, status: :unprocessable_entity
@@ -193,7 +193,7 @@ class Users::RegistrationsController < Devise::RegistrationsController
 
   def two_factor_disable
     if current_user.valid_password?(params[:password])
-      current_user.disable_2fa
+      current_user.disable_2fa!
       redirect_to edit_user_registration_path
     else
       render json: { error: t('users.registrations.edit.2fa_errors.wrong_password') }, status: :forbidden
@@ -201,7 +201,7 @@ class Users::RegistrationsController < Devise::RegistrationsController
   end
 
   def two_factor_qr_code
-    current_user.ensure_2fa_token
+    current_user.ensure_2fa_token!
     qr_code_url = ROTP::TOTP.new(current_user.otp_secret, issuer: 'SciNote').provisioning_uri(current_user.email)
     qr_code = RQRCode::QRCode.new(qr_code_url)
     render json: { qr_code: qr_code.as_svg }
diff --git a/app/models/user.rb b/app/models/user.rb
index c8e400c23..b281dd57b 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -628,18 +628,18 @@ class User < ApplicationRecord
     totp.verify(otp, drift_behind: 10)
   end
 
-  def ensure_2fa_token
+  def ensure_2fa_token!
     return if otp_secret
 
-    assign_2fa_token
+    self.otp_secret = ROTP::Base32.random
     save!
   end
 
-  def enable_2fa
+  def enable_2fa!
     update!(two_factor_auth_enabled: true)
   end
 
-  def disable_2fa
+  def disable_2fa!
     update!(two_factor_auth_enabled: false, otp_secret: nil)
   end
 
@@ -680,9 +680,4 @@ class User < ApplicationRecord
   def clear_view_cache
     Rails.cache.delete_matched(%r{^views\/users\/#{id}-})
   end
-
-  def assign_2fa_token
-    self.otp_secret = ROTP::Base32.random
-  end
-
 end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index ff51c9e7b..2cd07954b 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -335,6 +335,7 @@ describe User, type: :model do
   describe 'valid_otp?' do
     let(:user) { create :user }
     before do
+      user.ensure_2fa_token!
       allow_any_instance_of(ROTP::TOTP).to receive(:verify).and_return(nil)
     end
 

From 9b33cbc1040d8a7711fc52902c35f00de5900bb2 Mon Sep 17 00:00:00 2001
From: aignatov-bio <aignatov@biosistemika.com>
Date: Thu, 2 Jul 2020 11:24:33 +0200
Subject: [PATCH 09/17] Rename ensure 2fa method

---
 app/controllers/users/registrations_controller.rb | 2 +-
 app/models/user.rb                                | 4 +---
 spec/models/user_spec.rb                          | 2 +-
 3 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb
index c8b44c20a..7c196ed69 100644
--- a/app/controllers/users/registrations_controller.rb
+++ b/app/controllers/users/registrations_controller.rb
@@ -201,7 +201,7 @@ class Users::RegistrationsController < Devise::RegistrationsController
   end
 
   def two_factor_qr_code
-    current_user.ensure_2fa_token!
+    current_user.assign_2fa_token!
     qr_code_url = ROTP::TOTP.new(current_user.otp_secret, issuer: 'SciNote').provisioning_uri(current_user.email)
     qr_code = RQRCode::QRCode.new(qr_code_url)
     render json: { qr_code: qr_code.as_svg }
diff --git a/app/models/user.rb b/app/models/user.rb
index b281dd57b..89609fadc 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -628,9 +628,7 @@ class User < ApplicationRecord
     totp.verify(otp, drift_behind: 10)
   end
 
-  def ensure_2fa_token!
-    return if otp_secret
-
+  def assign_2fa_token!
     self.otp_secret = ROTP::Base32.random
     save!
   end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 2cd07954b..376050d13 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -335,7 +335,7 @@ describe User, type: :model do
   describe 'valid_otp?' do
     let(:user) { create :user }
     before do
-      user.ensure_2fa_token!
+      user.assign_2fa_token!
       allow_any_instance_of(ROTP::TOTP).to receive(:verify).and_return(nil)
     end
 

From be3a1994f836a4fc7d5edbd8c7ef3e1cf88fca99 Mon Sep 17 00:00:00 2001
From: aignatov-bio <aignatov@biosistemika.com>
Date: Tue, 7 Jul 2020 12:59:48 +0200
Subject: [PATCH 10/17] Add basic UX to 2FA

---
 .../javascripts/users/registrations/edit.js   |   5 +
 app/assets/stylesheets/settings/users.scss    |  49 ++++
 .../users/registrations_controller.rb         |   2 +-
 app/javascript/packs/fontawesome.scss         |   1 +
 .../users/registrations/_2fa_modal.html.erb   |  35 ++-
 app/views/users/registrations/edit.html.erb   | 218 +++++-------------
 6 files changed, 126 insertions(+), 184 deletions(-)

diff --git a/app/assets/javascripts/users/registrations/edit.js b/app/assets/javascripts/users/registrations/edit.js
index 388db117b..38969d9a3 100644
--- a/app/assets/javascripts/users/registrations/edit.js
+++ b/app/assets/javascripts/users/registrations/edit.js
@@ -87,6 +87,7 @@
   $('#twoFactorAuthenticationEnable').click(function() {
     $.get(this.dataset.qrCodeUrl, function(result) {
       $('#twoFactorAuthenticationModal .qr-code').html(result.qr_code);
+      $('#twoFactorAuthenticationModal').find('[href="#2fa-step-1"]').tab('show');
       $('#twoFactorAuthenticationModal').modal('show');
     });
   });
@@ -98,4 +99,8 @@
   $('#twoFactorAuthenticationModal .2fa-disable-form').on('ajax:error', function(e, data) {
     $(this).find('.password-field').addClass('error').attr('data-error-text', data.responseJSON.error);
   });
+
+  $('#twoFactorAuthenticationModal').on('click', '.btn-next-step', function() {
+    $('#twoFactorAuthenticationModal').find(`[href="${$(this).data('step')}"]`).tab('show');
+  })
 }());
diff --git a/app/assets/stylesheets/settings/users.scss b/app/assets/stylesheets/settings/users.scss
index 90840a469..204355d72 100644
--- a/app/assets/stylesheets/settings/users.scss
+++ b/app/assets/stylesheets/settings/users.scss
@@ -5,3 +5,52 @@
   display: block;
   margin-bottom: 20px;
 }
+
+.two-factor-modal {
+  .two-factor-apps {
+    align-items: center;
+    display: flex;
+    margin: 2em 0;
+
+    .app {
+      align-items: center;
+      display: flex;
+      margin: 2em 0;
+
+      .app-information {
+        margin-left: 1.5em;
+
+        .app-name {
+          @include font-h3;
+        }
+      }
+
+      .store {
+        margin-right: 1em;
+      }
+    }
+
+    .apps-list {
+      flex-shrink: 0;
+      z-index: 2;
+    }
+
+    .install-mobile {
+      margin-left: -150px;
+    }
+  }
+
+  .modal-footer {
+    text-align: center;
+  }
+
+  .tab-footer {
+    text-align: center;
+  }
+
+  .qr-code {
+    display: flex;
+    justify-content: center;
+    padding: 4em;
+  }
+}
diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb
index 7c196ed69..4e2b65929 100644
--- a/app/controllers/users/registrations_controller.rb
+++ b/app/controllers/users/registrations_controller.rb
@@ -204,7 +204,7 @@ class Users::RegistrationsController < Devise::RegistrationsController
     current_user.assign_2fa_token!
     qr_code_url = ROTP::TOTP.new(current_user.otp_secret, issuer: 'SciNote').provisioning_uri(current_user.email)
     qr_code = RQRCode::QRCode.new(qr_code_url)
-    render json: { qr_code: qr_code.as_svg }
+    render json: { qr_code: qr_code.as_svg(module_size: 4) }
   end
 
   protected
diff --git a/app/javascript/packs/fontawesome.scss b/app/javascript/packs/fontawesome.scss
index fb98b131a..3d61ff3cc 100644
--- a/app/javascript/packs/fontawesome.scss
+++ b/app/javascript/packs/fontawesome.scss
@@ -3,3 +3,4 @@ $fa-font-path: "~@fortawesome/fontawesome-free/webfonts/";
 @import "~@fortawesome/fontawesome-free/scss/fontawesome";
 @import "~@fortawesome/fontawesome-free/scss/solid";
 @import "~@fortawesome/fontawesome-free/scss/regular";
+@import "~@fortawesome/fontawesome-free/scss/brands";
diff --git a/app/views/users/registrations/_2fa_modal.html.erb b/app/views/users/registrations/_2fa_modal.html.erb
index 9b07d15bc..ecbf62bba 100644
--- a/app/views/users/registrations/_2fa_modal.html.erb
+++ b/app/views/users/registrations/_2fa_modal.html.erb
@@ -1,38 +1,35 @@
-<div class="modal" id="twoFactorAuthenticationModal" tabindex="-1" role="dialog">
+<div class="modal two-factor-modal" id="twoFactorAuthenticationModal" tabindex="-1" role="dialog">
   <div class="modal-dialog" role="document">
     <div class="modal-content">
-      <div class="modal-header">
-        <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">&times;</span></button>
-        <h2 class="modal-title"><%= t("users.registrations.edit.2fa_modal.title") %></h2>
-      </div>
       <% if current_user.two_factor_auth_enabled? %>
+        <div class="modal-header">
+          <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">&times;</span></button>
+          <h2 class="modal-title">Disable two-factor authentication</h2>
+        </div>
         <%= form_with(url: users_2fa_disable_path, method: "post", class: "2fa-disable-form") do %>
           <div class="modal-body">
+            <p>Enter your password bellow to confirm disableing 2FA. This will remove authentication, from your account and make you more vulnerable to potential attacks.</p>
             <div class="sci-input-container password-field">
               <%= label_tag :password, t("users.registrations.edit.2fa_modal.password_label") %>
               <%= password_field_tag :password, '', class: "sci-input-field" %>
             </div>
           </div>
           <div class="modal-footer">
-            <%= button_tag t("users.registrations.edit.2fa_modal.submit_button"), type: 'submit', class: "btn btn-danger" %>
+            <%= button_tag 'Disable 2FA', type: 'submit', class: "btn btn-danger" %>
           </div>
         <% end %>
       <% else %>
-        <%= form_with(url: users_2fa_enable_path, method: "post", class: "2fa-enable-form") do %>
-          <div class="modal-body">
-            <div class="qr-code"></div>
-            <div class="sci-input-container submit-code-field">
-              <%= label_tag :submit_code, t("users.registrations.edit.2fa_modal.submit_code_label") %>
-              <%= text_field_tag :submit_code, '', class: "sci-input-field" %>
-            </div>
+          <ul class="nav nav-tabs hidden">
+            <li role="presentation"><a href="#2fa-step-1" data-toggle="tab" data-no-turbolink="true"></a></li>
+            <li role="presentation"><a href="#2fa-step-2" data-toggle="tab" data-no-turbolink="true"></a></li>
+            <li role="presentation"><a href="#2fa-step-3" data-toggle="tab" data-no-turbolink="true"></a></li>
+          </ul>
+          <div class="tab-content">
+            <%= render partial: '2fa_modal_apps_tab' %>
+            <%= render partial: '2fa_modal_qr_code_tab' %>
+            <%= render partial: '2fa_modal_verify_code_tab' %>
           </div>
-          <div class="modal-footer">
-            <%= button_tag t("users.registrations.edit.2fa_modal.submit_button"), type: 'submit', class: "btn btn-primary" %>
-          </div>
-        <% end %>
       <% end %>
-
-      </div>
     </div>
   </div>
 </div>
diff --git a/app/views/users/registrations/edit.html.erb b/app/views/users/registrations/edit.html.erb
index 2fe957e58..1357e68cc 100644
--- a/app/views/users/registrations/edit.html.erb
+++ b/app/views/users/registrations/edit.html.erb
@@ -4,177 +4,67 @@
 <%= render partial: "users/settings/sidebar" %>
 <div class="tab-content">
   <div class="tab-pane content-pane active" role="tabpanel">
-
     <div class="row">
-      <div class="col-xs-12 col-sm-12">
-        <div class="row">
-          <div class="col-md-4">
-            <h2 style="margin-top: 10px;"><%=t "users.registrations.edit.title" %></h2>
+      <div class="col-md-12">
+        <h1><%=t "users.registrations.edit.title" %></h1>
 
-            <% if not resource.errors.empty? %>
-              <div class="alert alert-danger">
-                <%= devise_error_messages! %>
-              </div>
-            <% end %>
-              <div data-part="view">
-                <div class="form-group user-settings-edit-avatar">
-                  <%= t("users.registrations.edit.avatar_label") %><br>
-                  <% @user_avatar_url ||= avatar_path(current_user, :thumb) %>
-                  <div class="avatar-container">
-                    <div class="avatar-image">
-                        <%= image_tag @user_avatar_url %>
-                    </div>
-                    <div class="avatar-edit"></div>
-                    <div class="avatar-edit-text">
-                      <span class="fas fa-pencil-alt"></span>
-                      <span><%=t "users.registrations.edit.avatar_btn" %></span>
-                    </div>
-                  </div>
-                </div>
-              </div>
-
-            <span class="settings-page-full-name user-settings-block">
-              <label><%= t("users.registrations.edit.name_label") %></label>
-              <%= render partial: "shared/inline_editing",
-                         locals: {
-                           initial_value: @user.full_name,
-                           config: {
-                             params_group: 'user',
-                             field_to_udpate: 'full_name',
-                             path_to_update: registration_path(resource_name, format: :json)
-                           }
-                         } %>
-            </span>
-
-            <span class="settings-page-initials user-settings-block">
-              <label><%= t("users.registrations.edit.initials_label") %></label>
-              <%= render partial: "shared/inline_editing",
-                         locals: {
-                           initial_value: @user.initials,
-                           config: {
-                             params_group: 'user',
-                             field_to_udpate: 'initials',
-                             path_to_update: registration_path(resource_name, format: :json)
-                           }
-                         } %>
-            </span>
-
-            <%= form_for(resource,
-                         as: resource_name,
-                         url: registration_path(resource_name, format: :json),
-                         remote: true,
-                         html: { method: :put, "data-for" => "email", class: 'settings-page-email', id: 'user-email-field' }) do |f| %>
-              <div data-part="view">
-                <div class="form-group">
-                  <%= f.label t("users.registrations.edit.email_label") %>
-                  <div class="input-group">
-                    <input data-role="src" class="form-control" disabled="disabled" type="text" value="<%= @user.email %>" name="fake_user[email]" id="fake_user_email">
-                    <span class="input-group-btn">
-                      <a href="#" class="btn btn-default" data-action="edit"><%=t "general.edit" %></a>
-                    </span>
-                  </div>
-                  <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
-                    <div class="alert alert-info" style="margin-top: 15px;" role="alert">
-                      <span class="fas fa-info-circle" aria-hidden="true"></span>
-                      <%=t "users.registrations.edit.waiting_for_confirm", email: resource.unconfirmed_email %>
-                    </div>
-                  <% end %>
-                </div>
-              </div>
-              <div data-part="edit" style="display: none;">
-                <div class="well">
-                  <h4><%=t "users.registrations.edit.email_title" %></h4>
-                  <div class="form-group">
-                    <%= f.label :email, t("users.registrations.edit.new_email_label") %>
-                    <%= f.email_field :email, class: "form-control", "data-role" => "edit" %>
-                  </div>
-                  <div class="form-group">
-                    <%= f.label :current_password, t("users.registrations.edit.current_password_label") %> <i><%=t "users.registrations.edit.password_explanation" %></i>
-                    <%= f.password_field :current_password, autocomplete: "off", class: "form-control", "data-role" => "clear", id: 'edit-email-current-password' %>
-                  </div>
-                  <div class="align-right">
-                    <a href="#" class="btn btn-default" data-action="cancel"><%=t "general.cancel" %></a>
-                    <%= f.submit t("general.save"), class: "btn btn-success" %>
-                  </div>
-                </div>
-              </div>
-            <% end %>
-
-            <%= form_for(resource,
-                         as: resource_name,
-                         url: registration_path(resource_name, format: :json),
-                         remote: true,
-                         html: { method: :put, "data-for" => "password", class: 'settings-page-change-password', id: 'user-password-field' }) do |f| %>
-              <%= hidden_field_tag "user[change_password]", "true" %>
-              <div data-part="view">
-                <div class="form-group">
-                  <%= f.label t("users.registrations.edit.password_label") %>
-                  <div class="input-group">
-                    <input class="form-control" disabled="disabled" autocomplete="off" type="password" value="aaaaaaaaaa" name="fake_user[current_password]" id="fake_user_current_password">
-                    <span class="input-group-btn">
-                      <a href="#" class="btn btn-default" data-action="edit"><%=t "general.edit" %></a>
-                    </span>
-                  </div>
-                </div>
-              </div>
-              <div data-part="edit" style="display: none;">
-                <div class="well">
-                  <h4><%=t "users.registrations.edit.password_title" %></h4>
-                  <div class="form-group">
-                    <%= f.label :current_password, t("users.registrations.edit.current_password_label") %> <i><%=t "users.registrations.edit.password_explanation" %></i>
-                    <%= f.password_field :current_password, autocomplete: "off", class: "form-control", "data-role" => "clear", id: 'edit-password-current-password' %>
-                  </div>
-
-                  <div class="form-group">
-                      <%= f.label :password, t("users.registrations.edit.new_password_label") %>
-                      <%= f.password_field :password, autocomplete: "off", class: "form-control", "data-role" => "clear" %>
-                  </div>
-
-                  <div class="form-group">
-                    <%= f.label :password_confirmation, t("users.registrations.edit.new_password_2_label") %>
-                    <%= f.password_field :password_confirmation, autocomplete: "off", class: "form-control", "data-role" => "clear" %>
-                  </div>
-
-                  <div class="align-right">
-                    <a href="#" class="btn btn-default" data-action="cancel"><%=t "general.cancel" %></a>
-                    <%= f.submit t("general.save"), class: "btn btn-success" %>
-                  </div>
-                </div>
-              </div>
-            <% end %>
-            <% if current_user.two_factor_auth_enabled? %>
-              <button class="btn btn-danger" id="twoFactorAuthenticationDisable"><%= t("users.registrations.edit.2fa_button_disable") %></button>
-            <% else %>
-              <button class="btn btn-primary" id="twoFactorAuthenticationEnable" data-qr-code-url="<%= users_2fa_qr_code_path %>"><%= t("users.registrations.edit.2fa_button") %></button>
-            <% end %>
+        <% if not resource.errors.empty? %>
+          <div class="alert alert-danger">
+            <%= devise_error_messages! %>
           </div>
-          <div class="col-md-7 col-md-offset-1">
-            <div class="row user-statistics">
-              <div class="col-md-12">
-                <h2 style="margin-top: 10px;"><%=t "users.statistics.title" %></h2>
-                <ul class="list-inline">
-                  <li class="label label-primary">
-                    <h2><%= @user.statistics[:number_of_teams]%></h2>
-                    <%= t("users.statistics.team").pluralize(@user.statistics[:number_of_teams]) %>
-                  </li>
-                  <li class="label label-primary">
-                    <h2><%= @user.statistics[:number_of_projects] %></h2>
-                    <%= t("users.statistics.project").pluralize(@user.statistics[:number_of_projects]) %>
-                  </li>
-                  <li class="label label-primary">
-                    <h2><%= @user.statistics[:number_of_experiments] %></h2>
-                    <%= t("users.statistics.experiment").pluralize(@user.statistics[:number_of_experiments]) %>
-                  </li>
-                  <li class="label label-primary">
-                    <h2><%= @user.statistics[:number_of_protocols] %></h2>
-                    <%= t("users.statistics.protocol").pluralize(@user.statistics[:number_of_protocols]) %>
-                  </li>
-                </ul>
+        <% end %>
+        <div class="row">
+          <div class="col-md-4 col-lg-2">
+          <%= render partial: 'users/registrations/edit_partials/avatar' %>
+          </div>
+          <div class="col-md-8 col-lg-10">
+            <div class="row">
+              <div class="col-md-6">
+                <%= render partial: 'users/registrations/edit_partials/full_name' %>
+                <%= render partial: 'users/registrations/edit_partials/initials' %>
+              </div>
+              <div class="col-md-6">
+                <%= render partial: 'users/registrations/edit_partials/email' %>
+                <%= render partial: 'users/registrations/edit_partials/password' %>
               </div>
             </div>
-            <span style="display: none;" data-hook="profile-statistics"></span>
           </div>
         </div>
+        <% if current_user.two_factor_auth_enabled? %>
+          <button class="btn btn-danger" id="twoFactorAuthenticationDisable"><%= t("users.registrations.edit.2fa_button_disable") %></button>
+        <% else %>
+          <button class="btn btn-primary" id="twoFactorAuthenticationEnable" data-qr-code-url="<%= users_2fa_qr_code_path %>"><%= t("users.registrations.edit.2fa_button") %></button>
+        <% end %>
+     </div>
+    </div>
+
+    <!-- User statistics -->
+    <div class="row">
+      <div class="col-md-12">
+        <div class="row user-statistics">
+          <div class="col-md-12">
+            <h2 style="margin-top: 10px;"><%=t "users.statistics.title" %></h2>
+            <ul class="list-inline">
+              <li class="label label-primary">
+                <h2><%= @user.statistics[:number_of_teams]%></h2>
+                <%= t("users.statistics.team").pluralize(@user.statistics[:number_of_teams]) %>
+              </li>
+              <li class="label label-primary">
+                <h2><%= @user.statistics[:number_of_projects] %></h2>
+                <%= t("users.statistics.project").pluralize(@user.statistics[:number_of_projects]) %>
+              </li>
+              <li class="label label-primary">
+                <h2><%= @user.statistics[:number_of_experiments] %></h2>
+                <%= t("users.statistics.experiment").pluralize(@user.statistics[:number_of_experiments]) %>
+              </li>
+              <li class="label label-primary">
+                <h2><%= @user.statistics[:number_of_protocols] %></h2>
+                <%= t("users.statistics.protocol").pluralize(@user.statistics[:number_of_protocols]) %>
+              </li>
+            </ul>
+          </div>
+        </div>
+        <span style="display: none;" data-hook="profile-statistics"></span>
       </div>
     </div>
   </div>

From 7a9a25e6a90b5f453955570f7ae445c0e84b08d0 Mon Sep 17 00:00:00 2001
From: aignatov-bio <aignatov@biosistemika.com>
Date: Tue, 7 Jul 2020 13:17:17 +0200
Subject: [PATCH 11/17] Add 2fa wizzard tabs

---
 app/assets/images/2fa/2fa_authenticator.png   | Bin 0 -> 1634 bytes
 .../images/2fa/google_authenticator.png       | Bin 0 -> 2200 bytes
 app/assets/images/2fa/install_mobile.png      | Bin 0 -> 9859 bytes
 app/assets/images/2fa/ms_authenticator.png    | Bin 0 -> 1607 bytes
 .../_2fa_modal_apps_tab.html.erb              |  71 ++++++++++++++++++
 .../_2fa_modal_qr_code_tab.html.erb           |  13 ++++
 .../_2fa_modal_verify_code_tab.html.erb       |  18 +++++
 .../edit_partials/_avatar.html.erb            |  15 ++++
 .../edit_partials/_email.html.erb             |  40 ++++++++++
 .../edit_partials/_full_name.html.erb         |  12 +++
 .../edit_partials/_initials.html.erb          |  12 +++
 .../edit_partials/_password.html.erb          |  42 +++++++++++
 12 files changed, 223 insertions(+)
 create mode 100644 app/assets/images/2fa/2fa_authenticator.png
 create mode 100644 app/assets/images/2fa/google_authenticator.png
 create mode 100644 app/assets/images/2fa/install_mobile.png
 create mode 100644 app/assets/images/2fa/ms_authenticator.png
 create mode 100644 app/views/users/registrations/_2fa_modal_apps_tab.html.erb
 create mode 100644 app/views/users/registrations/_2fa_modal_qr_code_tab.html.erb
 create mode 100644 app/views/users/registrations/_2fa_modal_verify_code_tab.html.erb
 create mode 100644 app/views/users/registrations/edit_partials/_avatar.html.erb
 create mode 100644 app/views/users/registrations/edit_partials/_email.html.erb
 create mode 100644 app/views/users/registrations/edit_partials/_full_name.html.erb
 create mode 100644 app/views/users/registrations/edit_partials/_initials.html.erb
 create mode 100644 app/views/users/registrations/edit_partials/_password.html.erb

diff --git a/app/assets/images/2fa/2fa_authenticator.png b/app/assets/images/2fa/2fa_authenticator.png
new file mode 100644
index 0000000000000000000000000000000000000000..41a1e5d4f491c50c69872383f43e29eadf40f3ed
GIT binary patch
literal 1634
zcmV-o2A%ndP)<h;3K|Lk000e1NJLTq001%o001%w1^@s69zTe&00009a7bBm000XU
z000XU0RWnu7ytkO0drDELIAGL9O(c600d`2O+f$vv5yP<VFdsH1@}orK~#7F&6;^^
z6jdC@zi*D6J=#(ZrC1`+f=v*q2TD*#2viXWSAwAa<AKCtEKtBiNlYjp1dvO>h<N;m
z#P|n_2Newoh#-h2$YBT~K`=lO3%lE$-MReDESR)Ad(7<YvY)>;Z{C}EzxRH>_dDJ)
zgMb(428`?NP<}oN?bIn~=PyG4;|vT<vmP^_2(Et(_<nsM3>*ml-ofCis{x*e7ckd?
z=sNUp7~08`Q1|bLa^MiO(=_pL2cW3{M-$|@E@S9ZItgazVBN~W*WCl*fqICKH$WJA
zA6P{N+~Q0Sn!I-TGL+q|P!Au4dgKW7bAJJnKXuYMztjA@2CjE+a6^Z{*DxC5*s<WN
zs%UmB=htKvM7wwq%AW6_w0;Zqw-Ycfwb8_-<cb#pJ*kS^9lgMj8v15Thd5>o_&!w`
zhou!nzjO(axy?|&-wXHxfFR(uVA@zb24Va-gjTNve^(#dZnlExSK4r6+H_Kz3+`3M
zYsjwn!Gloo$#$@wJyIUq&N8-Xb5i$9MF<ndK|668v5!8sf82FPj7S9S4-JRWkw7WJ
z$^xi7d;qMxyi<G1l4}<(kT7wSDn>X4_3YV{_Eg=mHmHPDsw>RYnrKRMen*i?CyJ`W
z69ig3!Tpi$P7p<dIH|!p-_fHxJmJb!BzEnBy6+Gmig1c^K@=6z^Uol-d?}d6zD0U^
zCZcaFMq>MCj$<&##=wF;_?uq!TnOvkqJY5sdGrlGoZ{T7Y1>&ah(f^v0n;hKDUJm(
zqua!;FHtBGt-E2w6gb7Xevt0QT2?@BzXqRa?4c06z=%en?Awp{nvIU4-dng*bR(fa
zUa=1H>W#@r*b8Ji>BD$;w&&hrO=DLm0!U<t0z@hIcrDMgz?~oziHf5}K%6!iEL3JT
zq;`oXtOQK?{3}WWoS#BYaV`iYKGL%@tlS`*F8e1>LhSx}#Fnk1FFAK|PH=ww`gr)~
zH|1uKq<;R{FIhWSXq-Dl(~tObR~5@~>Ln<MaXkWg$Bvs(a(3jMUsy>|p>b{_J_+#+
zTVULXK$<d%cF1SjO;=T@2M<DCy2=_;Xx#Y`SwVdB`-s22K6A$+7A@R=#q<xsa+C`0
zl{es{s>VRD?&U=>=4{vq!ZI5&O<H)k9^H=~Lbuj$Q2EmV1Qsu%OwoCu=MDyDldGf%
z!c|t%@tR?yI0M0DE&o?B%&<G~N+Y<MyHOOV#L8>})l@;u)YZ%h(!fGN@MaagQzN7D
zW<L}Ki6eDRO|Mgzo}yX4ra#hQL}aLE&U9{66llNviekWZs{~ioJGI@evpD`q(s>oO
z(CSC$%!PXFnAJzW_AkPXbI7m6P;kh0#nB^e(`?)0R~+>iVhZI4LYeLR^uI47Jbnte
z+8XHpT!YbmgYt+X)WQ-nE%G?qN48(*>*^p*cq0AjMLxvf1ZaPrw>*5YYQ$XMYKS98
z+CQ^vWIn2tG&WK-JBpHl)L43XR@%Zx+NBg99bsLvl!CJ};RX#rVAhN2pJy5zT)qU{
zfFk*aOo&`Ek;@RbWfX+#*%P4+Ysi=0#$BPKJuqiB#Nm%*?3UF^#bLt`d}l4C6wXUD
zc|+H3;?xQ7H_y+Sk>+&VNYkbwv~?4>J9`z+W+-;^H_k%YhIKiWXB}NnYi(`lSkeOJ
z)16dV2%sR)Lb2*91mAoe(!_~5AMK9+FkmDSNPN8;9nA~rx9+VEQ4$cxjX`MDN(w`&
z91V5-&j;h`RfL-sK>guISfPKOu!<n<!eU4>XSgbvy8jCYVbG10ymcGowd<)Mr@Gr6
z8Y4V76rnYAhhAIjN(hs@1hJse>ha@<E?5NZ*zc65J1E3O!tlQ~55YwXX`B!FkiQ_e
zprbOj?E}c`slw8cB@(7^gRiSaXyaN4_4V)q?*zGt-rkOAQ!|u3du{Im8F}fzTP={D
zn(pbXm*;|5&?{q`w?N+X9_@~tY$LzG*AGG2)_1}8_dc5}j377BPM#ul`w;rMa}XQG
g!vDf^1-rKU5BW|TqH)%h9smFU07*qoM6N<$f(IH5AOHXW

literal 0
HcmV?d00001

diff --git a/app/assets/images/2fa/google_authenticator.png b/app/assets/images/2fa/google_authenticator.png
new file mode 100644
index 0000000000000000000000000000000000000000..c9405bd6032aa85f35ece9417ae15785851073eb
GIT binary patch
literal 2200
zcmV;J2xs?+P)<h;3K|Lk000e1NJLTq001%o001%w1^@s69zTe&00009a7bBm000XU
z000XU0RWnu7ytkO0drDELIAGL9O(c600d`2O+f$vv5yP<VFdsH2rWrOK~#7Ft(wVh
z6iE<<(`~bFZB~N>SOQLf#yr8;HzW=WPk=3P;e`DJ;3u%TB7|)=GdFWUnj3}_2PB$B
zAOX@eJ4h_eZnJsft8tW~voouzZGNd-Syj2jpRr_Qwp-k9!pO)-=fZ^xyIWdX{`mFl
z7x(ha%uHE6l})v(ysOH$iqyIJ^XJdWzP`Sy`weJu^MD9nUc7km5fQFeu1<X~WhcTW
zcOU*csaF+J6GH0vd`QiS$eA-|x?5XYk4mvSB%FO$DwUG5UNP`Z>W+T@{(W#Rgqk8U
zK0e+l0}e^?FBcKUmX|D9;?}NRn>@dM{n~x`^2Np4c^VuQ4K+omRJ7uS3l}h<8!kd3
zgk{T?HIxxJ1W#MNqVdb8PoM5}1yP8IkQkDIhH>D6f+U!po=(eOzkZGS4G8p$_D6)w
zkSl;p)54j>JT6PI%QqVzF#%;}6F>R(?OW6B%{!u8kC<A`MbH}ipd_TTt|9}*G$jH!
zv3EC5bUc0fbnlieTmG(8DpR2fQPWzwbZH%lwzjt99ul}{sBH#zavnW;#MLG1)a6+H
z;55$qM87_-U%%c-C+^3OAMWMLmzhGpfB)XSefu`?k58XIrSF*t%nYY*Z*O<ya=ETu
zj0_~6Jb98%mfVL=oH#L%OXS?SbG>5IBl^5x!2-8o!-n+xt5>h;>>Wt#cQ0PNNG@we
zF~6eB#H?Jo(uujaMT-^%wW=ii_EL91$P7n`kY>nAjY)N?T5(h~!i=I3gtd77{J9hR
zO$cOZDn<$tYu2oBTeohFk_fb`$>i-B9UZOei#A(PNF4Q34V)EoLNgFiOifL>hYugR
zj~_p}7(yg~oqbI3*|TTv!-o%U$BrGykVk@YS>z!sA4vPu0@{$-`8O-pTM~Eg-mP0F
z0)wS@zt7k=CJX;z;$m&Qa?i<=CnqVSQ44MO4dz2aO*3y1wBPVOd@vTuZM#_<P2cfH
zwc!fj&Ye4T(a0xZ;hR=oi1xq7+Sz9@_jd7>TA~q&ApNm{EFM38+(05mAS6WAOy~6(
zYb!x0kzJjAzi+pG8IyYR=1n0@5Wxrnw9x>;8iFG)U%oskXOW2cQwZ|@pxlnN%<k+m
z%?dIP9y~}=aqTc<`#isU_bwrk<*ch#t#T_?tOyBJh?M^<6VzE^d+KsP0}ZnX7!#5e
z9n%X9YU|c&wWMx{fcCHNi)7o9S@)D=o#=8oAnm|R{6Q5AMxD=}KW7eV+ff(o**-#~
zia_f9SrU8wBd?;)Ud(p!1Bk?&JoF6EGU<)|?hBun8O)-qjg>qvve+$ZsKe0euKlcA
zw=PLTLhXTM*>yX~*ckqIG^%DSC?`bpi9I$^1;MSEFymR_QO(W{1d*Pe9=Cn__S|)*
z=zIH(#q;|0>uN3KbY&+w<e-2Mxq9{LBwbKsZH&~k{P4YL(<ZlV+qR&I6%jNKWX~qi
zESHLO*zC&9-Pe*uk$f&|JO%4fnx)IfWFJhH%R0d!0nx-}y0#;GDM;~sGW2!t-o1wQ
zStObvN07LE`*zx<O*)1M$D4_7K*aADhm6fIb#P{E){pyFuU>Wc@86HMEAotqvzzq4
zllH60%eQKqYQ*orE=)G+gzB+MYvl4HASt=u#y)4I_<&txsJ+)$l?CyN^Prt;W%dZM
zPAFrmM7tQ-(EBVBDgz++gvPXW1UDg42@Pb+<VNZTvA7OdG#BzA|JhG-{Do96#)L>H
zldy8iy+YKQbOo?+<HiQz?aWYS@gpqyuznMZbRnoo`|bTn6924}I4BmUsk#D0Fd<*9
zJ|PY&bPe*g6PoqVGe8^aA34#idj9<RL?cuj^FymY2qZRd-rOL(otY4s5OVB20ci_;
zWH`9Wagnkvh{G}4w?HfSORS#W^$1DLETk1hXj_0^*pO?3LqN9Sln95z{0!y_fZQo7
z3A6&@GgdQMQA~kJan8j8ZTs?r!|eM}J=;oC6gd?c%(2A;kl3|rR~n&00{NOzG9jn+
zNpy5{B<=iuL$V3kK`o~(4j(=|$!~cs00giz3yGaOcQ!0m=6p7NZ^>BUeNvbcN3-@A
z$=};+-P!x7J!!0?E@{XBD}Bf}m?`ddwMR1q0DtB8eZtp_6^L(`5+tl9@DVQ7rvR!V
z>!5v6NBPpFOSOIb_DxHNd-a_jHtV3|V>YeF`4NO9Q?C%103s1N8|~?fwz~G%$wL$D
zjkFzk96qCUWQ+j`xs!GMhXy@$>eR4wc0`}ihW@O;p>-DYV1bPp_3h!dhE%?jy~e^g
zB+&+U+Ed@8O~=Kg`Wq%HCXk$|-jG4lg9(WEKPUJo5-b1&Nx{ulwINFYXvR(i>D1WR
z*q%_I(T$a4vpp>R`Wzw=%9V-$0r4+?ukNoW)`TG;2OK@IKBGhi1_o*}V=0-LND`Pw
z08`S`#@6Ni?%lf+GB)DbG0a#AiHV7c=#Qa=4vxgk5}zr0&ZIy{0s&yx$!5q0W_Ih=
zt@N<NlHw9g9G9P{`}4*s^gH{ZLx=h$+Vn}sRo4VG@_^9h46q1V&45`F{3<n2gal}H
z1tFoi(%s#CQ3h_88SBc^j*V1+Xr_m8_Io0Pm>wrMXpK57%#vvw7#|=1#}&k!{;6hY
zXsA<mgvUgHgZfW1c2&1R>LO=zC!dIZ7p+fTyLN5x?Af!Eu1U=6-<%*M=F=})+Ajik
zHtRz~CH6u>VoXR36JXpNF)tz(kdl0<8?)m)dFKBUOiQlDiH!)(y&@)bMIz#)2w!!-
a0sjH@4nz!tb@nj;0000<MNUMnLSTZZAS34h

literal 0
HcmV?d00001

diff --git a/app/assets/images/2fa/install_mobile.png b/app/assets/images/2fa/install_mobile.png
new file mode 100644
index 0000000000000000000000000000000000000000..ab9ee6cd1bcd4c430f0cf892446d66f99b1491fe
GIT binary patch
literal 9859
zcmYLP2|SeD_g6&OWh!OowUok;C2O)(k|kTRWDApB_U)C7Eqj{E7G66E*$pw6v6p>|
ztV6P|V}|+P=^sCzkL&T=bMLw5obOrgy-$SpLv=dpE7W9UWOVoLs_2rDooWHkM`tNP
z`(L}qQ}E}U%iYKBWMnkVq~B9yA5vJr%Tw;U>UYRK^{_30e<*B~G?mE6N@HmV7H7!F
z_*w3$DCv2hTKQq_z=ri%+rYBxMhf=rihci{PIm9==(&WDv%0IkCIuYn3lNXs0cx&n
zPhTcH7uxHV>uS$E<CX@yc(cJJn@EF>P%B<BZ5gDU&VMU1OjmYt^tmbozYXNLTSb&=
z_VH-GpIaUGdFz`u53^nP@x$lYq}T4=DTvO51p8gd#z5Q2z01mEWD@1|^`0`gt1+1o
zkA}wPtYp=#ub4VNeh`SXdyO1(8XpdqOfD}k7oxE0W+b~!cU?q8Ds%DcZ~~b^62UEo
zvMP>HF_oN}YR1K)ah8XSV#Vp~c<*k}>9C4-{>4~ZTU+7tuP;zAk-e;_uMZqzsnym#
zyLVSO*UX_xDp9ltbe<t~eyKe;N;lHzO%OJ_5y<`ch8bU;Jn4Ni;%@Y<b%cs!PJ&9j
z&#xnVZiBk^a}pmb0XXMD*c_@~PfVrsi03rf*;i0}B0h8;9ak~FJCi!gru~RSXW`*7
z`{dsFUfs~w5l0Dz`4kneG;+v(BLBJL-k#kjg<+tHZfg>;Mp^_OnK=AzSrUY$XZF0m
zE3U46s_q?OvgAv9gG_0~po7_Cqb^^mmuJZ)pFAGj4-=F6K37_~v-taWK=*2|D+MpJ
ze478GfNMBDgLt#DOWi|5TlN+zjHkXnZx5);P0&cXgb~UawR<4n!P&aO>|QxIQyvFZ
zVl2wQ1`=jD<)-jHK-~I;@n72O*ETlLjcy%Acs2`FmXv=YMgGwt`0imDRmj%g+V0VN
z6_+$>1+C+Q>NnFBgT$p?_4iXPt;Z|BAnc><88tMV`*)rbAI>g_3n;3FF>qd4ESa7v
zlrkf#VtZ{EkwUHaPLr(<9pz%g3Eg|iMB+HX{TVHe6`!b;mOU$=Fc~rP@skM-TT0DC
zR0x<&CVKs3@x<dB>mG;%1Z8a5&NUnP3a2UV8E<V0X&y<C^l^WcT_J(sC5Outg6FSI
zGX}1Vmb~7MPECE#Kp*zvo4!`~{vK?ArHqJU-Ad&Y5zz5p;;RaKJCcg;N8_wglqtw!
zaUN^yu}AA#;#L@;W<^34QEF4lvkgihtP%L5Lj)RLRK`t}ua=;LF2*eMq}(Dxg8t<?
z{V(Dz!nt*h$;@><px|cxwK?Y&Ro_hwS%k@Qj3G*OR*`0y`0?(Y{drkMa<YAlZ@GJ-
zVW|IQVY(8vece<_GgnxEBj@^>X?!6{-hA9=-u@waW0cbKJ($>ECTPFg*<aQpga#dH
z7&a!|q3FNkyc8`JsO0fA;~;u&Z&jSS5am?gzF-rEkI1o6jM9`K`*~Gdoum5gE79jw
z*hKSdw)NMj=7fk?4T=z4DmtkDYB*$+QW#91`<vS5->S{r>A{Slc?Cf=EL+}eIulT3
zLxEhl{~WhaxJ@y=#Z5VurZeDW8qAQR<@sgAeV;u6gD?rPnt%&R6l7W}b@wlH)_O@V
z3QFen92l><gtR_$w>Sg3M7nz(-r!ffp&MHEG7l+xKC%gcboW{?4s_xnaYq+bl<25#
zHpHiWrG}m@X-o@x(3-GBaEAkpqQ@@f^E{rq>w}$<eh`-*BE|NS<?=6+G<5*vC$d`E
zB@6qlJ1KM$jFh<o=3iXeA!MhY-UtZ0=5pxUc8Kczd1N7I!jHd6+&FI#PR97M`%-}s
z-!oH~Yy_P|69#Dwb9|)m$0tbfWatAnU&Tku9L?7+I(K+W?75x3f*RoCS6)t)sGn)C
zd#_Bm+?Cen5#9b;4(d>OJm$kD6zD_g?kb;xCSR&X*9Yy8rJK_(qZTq2#&zUez(LNQ
z<{YT1JPZ|E6?hiF+Y0~SQcV%BUfCY@Ct`SdE)-Pk>U0Y(aA44fsHf6wHAd6%j+->3
zNaH3IDTC13;!l2R{Y08gt#ai(B8uzuZ5Pi>JC4B-yAWLVPMim)kx^#42l0v$#lKt|
z@~vuCzrN2kSY{+UmeJ46p1U-?pN*pL$NWBIxJH`tZP7)MO<3tiQAu&Bfv2G?w1|vJ
zu`<m!94*<|6<N-Wha5-wx@GnLLJOP}*9;7X(jPw_^@e{HsyCh!mApa~`(*t7j9nwb
zgwfqQ&C=HWp?Jj7aB=DfdHlHfk?)X_lSAG)G#Br9%RfosR@KhwnwEBg5j^ZNFM^I#
z&0H#(n*|%THd31~+K?EF&E8dUe=K(d4<BN=LE~qtEOBBhc5aG%oXc1?mGGWVQ9ZhD
z4OX&F9&T&PAnZx3unk=CnhjsOzSD$daHWK@)u;=v%1viJu~({RMX@t8F9>EDrL3~7
zhFhwXN_$xe{uU3<BtEm%v^}$UaD*9A?=wSHSGufUQ}nV<u5jKB{Pad62ML9EWrla=
z^43bhd79_@PfxHaTe#xBIMJp)^gBnjiJIQl{`o21@s51BJroi?W7lUT$k?j$A6lC$
z(t`=D)y1dSosEpahfTA*uuj&dvoxbUlPR4-V4+rVWx;_Fmh4}QpX8RCq3QcwOuVE+
zM&!#h^Ui#ifS=Z3d+kReKD!5qp)cChT*sbQ2eG_WQm;Ih#6^EaIasjvvK*j$0rduS
zEMiuRdM6YS%^}hb;O#rdebVU8brP%U2PwPM!U#BO{>WktBdKG@s2-hh8-iz*2ebUP
z-6m1q+}gs<6b;AzBv^<#(L>7|_qO!nGA)5n$jB%_TzBCTU<_{=i5Q@h0Abvf0m}7|
z73Ql}8FA;O(F?$`I*Y_I{sJe7?ljfrvemnIN6R@bSgZDHKgf=yV4G~DFKIc9E?kY0
z@XMq8YSfvYw5`=@I*M>hxvV_Wz=P{+w~y`tw6uK&X!)jeT?lSDk!fT`+v=@aS`X&`
zZs<d`>Dqpi4He_StbC^QH%p{zgeB1EEK}<yuz@P)JUa%fDZvQ0P_K*#4l&ZFRsE4=
zWJ;@wB(-NU7g?401C+a6i|Ccbeq$t|+Kh!U8F|kkg|QiVwxsqpB!CHR%le)b=0X$|
zB(dpH+UA32I_Yc+z%$KA?P;CurrllZg+mmx5jUmHNW5e7)$oQ^?E${XBhd1aTCPZa
zR4_rb=!bDG%_Xz{(ustffxXwjr{*ZX53@vm%UX1%RUOgUmIAXC=|U<vwfyLy+o<R&
zr@qiAkv^-~LlNJ_4CeebRvYW_)#b+`2OP>wFvwwS##!;mBNEOAq4`284te>Ly~J6M
zT7O*b_F##EvU)5>kAF!gHPq2M`7WKMAQY0J3Qb{&{G7@15QuM7xj((dhEf|_9?^c3
z7KB4QZ@=$i--{JCHU3y=Sn|DQ%Qm&4ZD$!L`=B4#wn2&Z2At=OApDXtlNtm?LV|{b
z(kReP`<I*PhrjRDZg(`Vmf!-X1vq>~Bc^A2%&nH5t@8D^)=NE@+)^cv&ZuTqm3grk
z7)E||o<<6u$*lSz6<KnRgZj@i>}F1b#>Wob?Yp+gs+^z(_(k}4Gev90Yg)wYKUS%?
zi%Y~qzZ%5dx{YedFy2e<u_?G2w@rb-4YVSzX&8^R&|*}M%~+R+oJMQ!Uv6C|d7-Y6
z--ic8#OI70f1r#EbRgdSrnq<_;T^|fiO1zpPjz0LyOh1iDrKoK6w;ttssM!q{%ONA
z`4!@vpEzk%|BPl=tRXyl`OAf?*LFg~A0;0Sv5{NJWNxW#)!skfdH`A`Qp*)-ynp-X
z)x97j{%Be`UHUuj)R9}Yi7!HP%Kplr1U&OswB$~7MxJMuW`LF8=kIFDDmp1UGM?|?
zt@9aQGktJL&&HnXKq^@E+y~X51&3?SNjf+AWz;Id1TS{8B+Gnbh0?}u@%6v%%)UO;
z8BzQesU%^j53#k)^%2?7FF?XF_rH=q>SeV$ii9!fT)#*^H+%*yx|Z>kXL<T-kvlz;
z&OoT(uR9P6M(H?n5h<$LAiD|r1>VS7Mpe^r9%+D3<I8qoS1Xc7OT3gI9^9l3mr{4G
zM#aG9GxT#|HgQ~iyStV{oqMmHl>hc)TB$Z4{dBYUrj&Lo?W-^Q{B8%{Q2u}k%$O;x
z!qm4O>@Vg-wb>L@|Go`}QSCtmKmOG(OkzmtKCrLg2Z6?wD0-dzwL@osv}mV42Tx`m
z4QZu!M69x;mp!^f=`?hB$33SK_b63#E|EH4IkkPu|1vBMug|A!hJM3T8k|zHCQS&s
z&w9O=Ub(=AVd%ZhJMP9o-<9$bbIfi5+uQoM#460*JMzjXKfgU0n`)phg?b3As36zc
z1%f~f<3L^hd{B-rB&)i%wrMt5L8}6uYrSm+3hcQcU2{cO+t6yy=c!J`#Y}o@Bc;6g
zB^Pd$Y0^Se;3UNYmCXuuuq<|iYFBE2B{SU=siuuA;-VKT>#oeo>BLjg^ZZp@D>TXV
z=(C^KRmIo4RUCM>;3>*K^}s{KgVZ(d-DY`J)9Tzjnmq_wgG~{NAlyXk$^aACevEfa
z9Iri*R$9ThxVWqEhCpcszchKY!*k)H>U!7zxWxWyij9F}YSmZ=W?riJKL#}ow>+G_
z9f*X090NIjvThGVAQxw>A9b$?)riHF%l$6`MJ}BEi<jlAd$$!N2PkagF7Q<R&Rl*%
zLw6#^!4ey$_g?{%SGkMvj+yHxjEfLO<TzU1@#aLox#qFLp|Q1pq!=&Rktwrxc?F~J
zwJzS~m+04q!!x8;_*z8e{3m#vt&{nDSI`I%c@1*i$K2FK5D$y&JQ|_a^;U*-Eb*zs
zf5;fX2fNTsppzI<i@HfMc*2c#LS^>?q=*saerSBuDm|>@h#UwxHapbhZDtofY($%x
zBRAeLCTq+$>3?zumq~hrV*b<$ay7i;w5A^HgF}U1{x`D*Te@Sl!u09pc(1wUozbwv
zH&;%SHa#+#*3}RcPL6AGtu=vlf14uSXE;%fs0sw2ZT85*+k}If?J~7cIPG7B9@>Je
z=V{{kj$W*w*wE(0nv1d__%MlC(K1JyI3U8c6E&+Uf<y*NKhc`k4p~fk949N_XbvWf
zO}jeM^Ny#a2aLpC`rllLdUBk)%aN$GaIF6oPwV7${uBQ439ej0z6V^Z+?1GkOe@H)
zuMAHH8p*R^N(6G*bCf~0n>=%ZnhN9M2;hz&9VaeeB&Tf{FaPyZ1N4YskMH3>03r9>
z0UyZ|K7|&vsU5!ThzF=FfHrUTlV$5;6ykc5VO-b8fMYjOo+10In9f8mF5*5Z9sdUg
zP%xbgn74Zmc(8+7>rV&sNykBEO7Nt>=R33syBJ9(y^}><>y#$h#p0Tkb@Ex^lNEWi
zfK6<>mb-lkFZ}=e#7_F6hGC92^xJLl528s>z@7DkNo$8}Tr8c0h1-a>_$FZU;)Kmb
z0Z^ixGZCZf(>=P}(y9Z>jGrgKD;4B_=r_MUt(?lqm^L9E?zz1cmU;0+(b6AqICs|}
zkb9Z=5%{pTUC;I6#wd>UJ+uBg6*Hk70wAAX6z^DP9tETPtEI3+KQ2z87Oq=#J5JLH
z_WZ}bey1(iAI_d*;daiFiFaJ(#>qmyn@$G%w}_h5$UZ1`)D4FHPckO}#58Y{C##oL
zl%w=M8dEWKe9PPrz4udq1Oi07<BF#qhW3%pGS_B7grSz6dp-5SplFhV4-Q%0ez1LW
z&}<+jH5I1YZeS?YU{ic3H<*TV%7X5gUP<5%p_7o%15nW!=i-6aGAf&fXCzB2jAQ&r
z$pmk^G9+`jV@?#@lBZ{eQL~Qn!!E0|XkW6-qk+DtLdr+{$PTXA7}E5ePdX#xz7S;H
z(7TlJ^-Qz_b44BWCCjfnv>x2>kO;v@P&NnqH?9}B1UN>g`5x@KO+6V>4z3%7g@*s7
zQugO#!|a_mKfmI!)K}O(=$Pq_?Oiz9VMCR1P)`&~Dyfj>s%1oFG@9+k(@>PYc>a9(
z#q>;+S5RupMsw&TS;XC-<<j0;0d!UIjyd<v6sj^Zk;D;hagp9YVR7m0poC&mp420s
z|M32O&K8za%itAFDn67Az13c@zW5#0W1jUp-jQeDFPt<ANGbjDTywC$7Q4LftJUQ9
z8I8DP&hLheGW%VjWdK7TLyp&;RSJ>st4Vy5=@oX>ywZx$eb5%2yjLIet(Q|nfoRZy
z_uD9l2%5m--Z!LU-*ruRtzngCe0{#8Pw-w+v%O>R`9!$WMt-&B8oaF$X%}Yt>1A1?
z+-8fj{S>MyD~D<thaBZ`JKd}rslx|IqCqd7FAZrfaAVAVO@wE`evMONL6~<uA;@d;
zpEF97OwfT)l4jM>RGW@M_}hU=tgsl4Wv|ArLk{C46RRHSg~L0)uej5@uifvnu}*eW
z*VJV+Io8-`7JsfF9xIRVAK55YxdnmzyZWykn3Yz<RR0=b=I8Ce0DY1JG9TmN`u<vi
zI~VaEwaPPvkwA^%CxGghqM_P+UI1P;<BwljYyeO<?7P`t0C8>jSbk;p8_c9|?5Z_g
z>r?)L<Wb3Tf8+qR_svZClOR4V53@B~xCRzvb|U6rw+%8Jcwu1yU{ZI?B;%8Gpk)m0
zbjDW+{Xq~8^^fJ#HZQCQWf?Nk2h638nWGYpRwYSDWfpGs=$<~x7y?6D7bXAV{rUzm
zIOEad60Z_QpJ)7viLthJyUD0gXRci?<r2L7l*r1`1$4|0{4mPQ2Yurm7_8%S%<r=U
ze~)j4pE6xoex87di#D!(4e1;5VRt(cR3DyNc6hqFhki1ujlEM|Sof*}aN1=!hVsE9
zs|vhjS48!%j8@|3^Y8pcrO~JV4@v$<+RL<-W4v((49%a+8U+lt{jRAt=IU3sCGR}3
z$weZ_C)wAu<hHrG({Y18%nd;eq<8VeTIr?jioN`Y!CzU1Jq;VRbJ2Apx%#w)9iTu+
z(3Ci4MF%2`NJEg(JdnosM4CIdKrZG|G!bSvGsFhgw)gQo$u)tuS$N1$ZMyRh{G_$4
zHsK$z1KBD2%rO=Vlf1Y%_ZUzMWhgz6g9Q1G{mcjn(jeF|R~CRB^UjI&I4N(%F-+(C
zlD6YKq>uw3eZU>lE4fKO$Jr##7&7lh)b<0tG$*}Qetu$G>03)nA=P0lpOZCkV1*o`
z{CY2sT{ZAeDZ~Qr4*OFH9ml*NfW}FGmQjA{6HdMz+9^Amq@C>t1`wz%j$xv#NGf%L
z7FZvzHSzVk;J^kElxTlJvOPjEKdCqecC-8-3PF0Pk7Yl6cD18E$eSQ-5XS9(W%St&
z2q5ts#8-c#->J{LFWeZQ`gf@|pA<WeO-%f^vf>D<8gDOo;%7Eh<;<!1;K8@KIqS`h
zK(RLMAGe|%>InA}?~A=Sw#m03f3B%Yw=|b&9JQ<a7Wu)?5C%Idt1RZG-+NB0xSgXz
zygdvSNzeAKz>zHgY~|t9$4Y|-Gt6mOzxawJ$FVh6R8;u!NR14S{3cX;EME**ROZZl
z{~j+Rgpt_*VS+{a*k&v-;hCV);IuMQIqSF4kzn|)zE943{i(ofkDs2zZ~Jw3jsy1R
zcRj&`ZN5xrR+!Td-`Jty;d?Y;@m8I#g!M4R^90y;8|x=3EBr|qAH>zaR)%A&kMKV`
z;UDJGg?#sZc<EV<L`%)qZ}p6~M{Y=lcG-tkBawIc-2Nv6dLE>B2I2Q^DU*SCM5q~$
zM^j<z{QSIit9R5Lk3-+ps<EVnq)^psI!?zb6V<*&waLJ#Fo4tHi{UPz^^4Vd6Csk(
zKn%Pk)Sr3dM^}xt@eD>X{v_kk8m<QWGZ=*FqqXbzCjGKYwAEW@$2Mb3-T>G7&#6G^
zZ*cqy>cEoybC>Fa+xXx^m9llpRh7o6dsXAb@>r%U!CxuRl#~f|{NCC!TL<T}@~(~!
zv4A<=u$QBDv*Q@a?@}i!mdqu`UHHT(B{|tUaT~={AAk>;L$Cbv>d9ksm{bg*Av!v>
z*A;^E4t?;+waMJp!y~&Kf0LpCq~AS?W8k5NVVW&I$*ctv79D#l2h)rV#3OjW-iPaQ
zW6>fZW#m-!-?q2EJYvC>T}AuCI*1ln4SIFq4qw6bv__jfkv|oIaLZ?o*U^^dSj6V1
zo<PL?TQBQjY<#Z{*RLf8xj=C0N5sYoE;Z!50z|sT#F&)WSB}D1{@QX#eG^I08(P-q
zz)Zz0fADf)!|jvD8Vbq4e@IuZ)h9MagqdUYGuJkS-@gU*<ckwm^{|>LGAuOacC)Ju
zX+cOD8W^~(F<-R7zC+igYRWwJR$UU0v6xg2?gS3b^Vk215Tw{R=~pnO-H()+TXdoA
zRPbzi<Z57OC@!^w(RMKhu2c9l%pSWo?xdb=o_phoK6IkAWVf+VzcudhcwiLF*~9?u
zPZY%~a^TKg(r3e9*Y8<d_eU-8^~tfdj8{qNnq#?V8{Eb$#;yg0U5%pWOsgrau(=i)
z+5oe<`-M3&?_PzzDedDdXzHuxA?b^=%*q!%D1CDaf4SvTz)=_>WljK|;(?^6lQx6b
zZc(^q<6;p7kGVIA0}_z{Sp!m$gKeaC_5zANG2rNP0XeSznl&5hnjswNEzZEXx7fNT
zf!i#Ib&EC86D`yHy((7x1QHODk!KD$3@5c{5x6U%#bmSJWXP|eHV6|u-T6l0HEg+!
z7-V3GXV{;d++8LL&350cVL0>Ysde&*`%#6k&h`y>rh?A45UFKDC2?;wRz0an?k)IW
z(ShLa^sVpzxbNoFsF6E9e&kr>dU^Dj<CnV^YHYbw7In5I;5-DugUiZHfe^GfyvUtP
zksKW-HK?b=kKXSXHrjI=)fTrf9yAwQxd?*<fCDk9$UwCAE7sPHXznfC?S?g5{C<Md
z+O_XhopoKqpm^}Gerl&f%LnJF7lbn@GnqlqvT#{~TpVX4qd`Oi$SUu}Unoad+Cd@H
zD$pX9NSDlT78!PoqS>K1V?bqj`HQuzZ2#G1;JtX+1wV*#bjG@3q(z(dKBsC+Tn$KS
zn;Bn$1LiV1I7}eF$U>p_6gGUUlU)w9&YEYj_|k?p>d?x<o2LYM;5=)fc!FAI$a#CY
zZ>^f>Po;TJZ(%BbG&U}?21Hq!S_%@PEagcpk7adOhV=4$0sR~eLR|#+ad2$%aHLAV
zxEGv^-oErcAj0wopo_3Xl3E_iksE>ga^}L0)<~>%D=RD~Cr6N?zWmJ^@9KC}tpDs5
zIO|+D9WKZ+0;i9^vW$93Z8*y=O!EtNbMny+Uq5~==-)d{%rO6Y>=KE3K=QwWOrt$O
zmua*{Y5_I#_qo}}C5Ap+=Iin;OG}rjL$b-K3Jwo{p|RkwcQK&GM%~rKQm`X-#=AxP
z4N#A0QpJ1O2Zi1fj}#f?Togl_{y{uA9JBCUF+QqVy+%q~^aXD&w7N!R2#NrZD(jd*
zm{2!e{VS)JnT373djh4yf8;2bO&*f2EB?@HIl%xAE5Yq7=`<+hKu3kP+`(CEfqq-T
zwK*0f9h7ny!KgTAw8}ZCEMZ3^Tv!=d$OcmJWt)$HPi)4ws2Ojx_M$2iw2N5>f<>ai
z2|*bBVb#MI{vO+lOq=m*r2JeS5E%n3V7LM1ue$&Q`4-xKD{gI^plik#_}hw;mvf^d
zPGtE2vj;N&Hw!OSFyHTzYGC0*$R$9X+Foz%JAuMwi;Ig-n##=UFPB<z@^OM=%qbvr
zb8chI6`-8)Mbh$LbASO!ox%R*=`OBw7#$gxuj!}*PU1egKDFwX8}aimaM57HcJLVx
z|DYwUrF9)VQi&-wIpi(1A|7HF7V4|h_rJ#m4lIi&aD!SF)=PEyW@PyEQ_5H#OX=_?
zU}^de-8VkOxL(c!H_B2@vv~RapCL(V@m3ht0Dn(;BCX{-C|`e(mz$7i(ehxh=mhDJ
z4|_XsaCXe(E~L{eL-l(P_23>$8KW8~tpx5a0IAtD1A)nO=G4KX8mKt7?m}YOu3|Cd
zQ+0$n0maK*{)2!zLYE^y<)UiKXO<<f^r$!>vWpQnJI1S()lp$5U#rmc&b&UiI>L&j
zgFMP~mGc0^qBrMNhFHN6qdhey==DA%7^uz^e=B*9!`$oLvuW*sgZ}i@6#eVJ;&sm7
zIjUv*5jR0=4Jtv8)7RBq?d@;i$epAZQ8TV&2!xcUBEKL+-POh>b$|SprSuhWX)?6T
zJ)zjuOf`o?9~@jk;#cdwR8~HG@+7$@NM3#YXH))M+2UbSm-Y(ULOJ>p0L2pT_gj(e
zT2g2AxL(zI8bpf9Jc`1H`FNK{J5<*M_=QMHN!eRj@kY!VV6B>jIt3$T6t_AO)|lZ}
znw&C#Q3B<8Dac^440GeR8RlYN@}d>*_>QdSxvg<m7E3{`vwwj5<)>iF;<I*ZW&@|}
zG7HWS6MUlOUV_WLeA1x@xOWL@3_EK9QZl$Dd?SP<a9bKNaR2?6KPLU1M&O4|UoBI~
zf!DGK_M8U5lth>_IMyK_7gPpkg|)?_FqQm1l;B#hkA)Sm0#&E43pmKVo2JBg>f=pe
zs!ec>`KlXS71go(h@<ql!pXFGm~D~1q+-*9aSS6F43=}1bgt^NmOmRzaGm>t8pw)w
zJPoGQWs!|1zM?5&d_H}!Gr^t{rSNxc;64bA?&~JKn&So+jvc||IICcE#XNh>I=HB~
z&3Ni|DsTXBn-Rtcs&+sz0OBed{=xUG>q$3(x!T&8riN;>z3~q_G7oqcFHqKNb%nt@
zs~AZw5rh~RxjpZY7kq%JvxXH1B+7+?yW#?H=kX9~;`Ywzbl@z@f&!$PU80@z$wl5+
zj00*uz%cNjm%@U^;}55=G{kMKvzCi@*hl$EA2OU))ZPtKBs_WP0@7<M`u{oWCnhFF
zeOe2^;c1)-Y1b1_%E3reb`p0ziDVHGe#KkG)ZWT%QjHsqMG*29XqRk=T|~VfrKJ=g
zx&O04?5E%nE<K=;xlPE>#T*LpZ<p1wevl|9d5?^&V{Bz{P_S%+D~K*AB+0qV-;M~r
znW*F3N`!g_b+JusEx-R{uIyuWU)T#fHnx3`a1~rN|Ki^baQR-j8zhALwsclaq=8MU
z>z3-dtd<vh!(KTv>)5(kpZ~DKKNqqQ7fn_<C6f&=UTn7_sbDrWv{8ZBy2heBm3e++
z-VlLi+DWWDy%J-O#mY7+^ldG>HYI;F^E6`T589pL?d1l5h_rLt3bjt!m$>4VWF#4J
z^~QH?8HA_p>L*FO>8~X3j_k>AmL1SJKP3G{`{#xC(!?pqv=jD+1NR=Yjw*6v2AnU9
z1zfGd>pJW2Y5E9=ItRL0T$i7!Cxl=z?j*qe8pifEK7Eb55=`BV&#AXOs^c`xX}oVK
z{nchswY&nCx3<S{8AzQS)$6~J$#)<YY}mJ&>~<EnxhT44NjI9CtXT6R{xtaV;x^w5
zPDH_0W73*@UTi2Z*9X^E4hcVZnk?_@jL1=i55e#VpWI%h87Qa6$m;l%E9#lsa(ioQ
zP@`rr0Od!qsK))OLbO(j|KOJum>Uun!`N0kQseCHGfjDh0`cI~SJsX9TUr(EEp2`I
zb9IURA)!s;ZDtb5Pt4C+Fl&kcYu8^O{u-_6p-N1YRb&kuaT$25T3I}bV;hA-x4-s;
z-K@f2V)a2TyMK&ayWBT7<gTDNbCm|jW;L7kRqULtEbNPH)4bNG`I7&qpr@>_H0qEB
z3Gd{75ZW2oC_fy~fUhW6`kbC-1<*x$TGrM@uCN;Q|Gco$W1i~o;5mB*_S7(;bG*I4
zWh+$MF!ToiG?`Wl_;%#S!<iA0&u_fmdrN(Gh`ITA{HCOD5`a)CJvRhc;I`%p<=dT_
z2mVr@uOcG6%>Pq;-klt8Z<-xpQ2vnV_pbTfVFB|BsiRdg@N-Y~p~|N_Phb8Yzl+T-

literal 0
HcmV?d00001

diff --git a/app/assets/images/2fa/ms_authenticator.png b/app/assets/images/2fa/ms_authenticator.png
new file mode 100644
index 0000000000000000000000000000000000000000..00f36b7fa115b81b7b669259de94633ac5e869a8
GIT binary patch
literal 1607
zcmV-N2Dtf&P)<h;3K|Lk000e1NJLTq001%o001%w1^@s69zTe&00009a7bBm000XU
z000XU0RWnu7ytkO0drDELIAGL9O(c600d`2O+f$vv5yP<VFdsH1>8wQK~#7F-CApG
z6jc=dW@o$G$F_x5+CmErr4p4NM8QY!@dM+7ABq|SqR})&iC`o#sDU3Q{7^B%4>bf6
zOd7#ZLkUnzgH{3t1TBdYrL;BewuRc)ZnxWRcRStL$BgH0*==pN+dDh6P0E*SGBfx2
z-E+=8=iIvj-fgqOrW^oJ0adYKK0y$CP{nGDVuu;oI0QxA3aFTOP*qy^@K$7rl8L0S
zX<m|uf#xoRD@^lFo#KHcW5OK*Gg1i^6Iv_W{-p>hA+o|I;+568cyL)dO0vbsw;pd8
z4P9fX{%Zv7zOdn>1nh1x%+i-+ia7A>B5Ycd3(*vRre1#-HAH6jITw1RFpPpRM5u@R
z?y}&*wxuY{N#knb@P@Gda2J|g0T=;8jD2mP6_<9DP9qUgRJ1!~wD!x80{>sH!fZ1x
zZ7;=YS^y)U+eR`40pD#|g8WP|_O0I&#I9N=PBwWVvk$}}J59jzE3<H5V-bpS$A@KY
zs$Vb0{a<uK(y14^CG!5dg}A548hdZ*_2c1#w@}qgB%(VNjp7ZfIM(8$vYU}QQLHSm
zM*7eTT|}5tyzx+O?0qbtVB?W)booLvwqa$gjzo2%cx`PiG6a3wm@XnqNzY63Cv^Nw
zqZjQXp;_CpI#pMPWA9~)tXOOlp$EE%JW-kfvpBJmCmTn&+n#M3jXkqI9$%ILJ<w(B
z`RO9M-9fbU`EjkskF)kM?zX?&8pFOHop@kLI#v;hMH%|cRhJ*JnFRzwDgw04f;m9u
z--0Ug$eWkth*+3zLR4YM*5Q^FbdH4KW}cmPv4}p<cMCmQNGiT?@>^GO5~1;Oh{P(|
zaULn56)mt}d7cH!^3zbVz=AY0<0W9K{jzB)M4FNBb_dYq3E?I=#D;D^8hd55(6<rh
zZ;}uWzeK3k@*FdsDbK`H<u*KhZx(DB`V4d`Mk#!$Zyv=tyAMCxC3LWjgL5<ECQ@t>
z(YmJ$nd!z(ekMqM1$Xan=Z?p?g{Z13%;vdEU(8JDHJD6F^AY=ijMIP9maGbRX>|@(
z6c`g%#Y4)79KJGyopp}!Sc~w<MHfEbP=IZZ=J9u;K_dLRBJg)?r-=7M@)7c+Zyr+h
zopsJg85d|QRpDpCO@v$k<dDKux8}N+CO&-<^6fIN@u<BVP5}{5P=QP0Ba%>ZoO2tZ
zvD|?a5FsB1mp8~&_XRR+Yn<=o>?377U^$JJyq@1isAf|ipMICq?)24j1<0MWU0W%H
z*}tJMQpSU3$||*ZcukJsa;L;qk6aFlDeWzp6q=V)R8USKjLNAkykkY7iOA_@ALQWd
zGpW2Xh?l?bLDTSrDzfJ%EB{61Z|+&!`)Q0*luc@ZCL(S!l(RPy=Nui*0Cv<3z#ng4
zpa}Q9dKX$IrMmHOvDJs6pav%bt#Kw9-w*#JUa7CIxDiNTq+Z(nj{WIDA{@Tz(R_fX
zIe0oj>1>;0W~1*Iq;o1JjRe0I$ING0T@=>;WFLiAXbw@>vCY2oE>yl+9Jl<N&5QA+
zoY>!_i8C+vUOIu4RBdX-kW{Qyb;FByC{<lkIz7+M%TA*olETH-QB*bZdH$(LDlV64
z!M0TOAgpL#xtYL@hu%EZPkkrXXVM8q8)a`F)bty2*TwqyxPAckVZO*A9&}|&hyL*3
z+lC?N#nIn~u<!DauB!%JM3{<gJ>@`MQ*wIEaQvDF6*UgshqwB3SBgSjJlc)g>->jv
zQPfiQ_;#(sh*=nOtq`JsaP#p#e00XiRX<1(!l(64Y^>_Vu*{hn%mPDitQgkQso^oY
zW+++^|H7xA&ax`1dr{vm8G8L@I1z>ty7$=i*h0LuE)QAOaiOzAxkJCYvG@ESWsk;4
zVKP!eB#JVd8GF{}N1i{sFi4l6v!B!_i<A<HK}AZhrWxku#4W`n819&VKA0kZ6`J=j
z`AkrRBXc48lp%6(D4Z}sGVOwDuAHBeG5MgH4nh*P{|8GGM$vCO+{pj{002ovPDHLk
FV1ns3`jr3x

literal 0
HcmV?d00001

diff --git a/app/views/users/registrations/_2fa_modal_apps_tab.html.erb b/app/views/users/registrations/_2fa_modal_apps_tab.html.erb
new file mode 100644
index 000000000..d9806b291
--- /dev/null
+++ b/app/views/users/registrations/_2fa_modal_apps_tab.html.erb
@@ -0,0 +1,71 @@
+<div role="tabpanel" class="tab-pane active" id="2fa-step-1">
+  <div class="modal-header">
+    <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">&times;</span></button>
+    <h2 class="modal-title">1. Install an Authenticator App on your mobile device</h2>
+  </div>
+  <div class="modal-body">
+    <p>Use your phone to download an authenticator app. It is needed to enable the 2FA in SciNote. Bellow you can see the most commonly used ones.</p>
+    <div class="two-factor-apps">
+      <div class="apps-list">
+        <div class="app">
+          <div class="app-logo">
+            <%= image_tag('2fa/google_authenticator.png', class: 'logo-image') %>
+          </div>
+          <div class="app-information">
+            <p class="app-name">Google authenticator</p>
+            <div class="app-store">
+              <a href="" class="store">
+                <i class="fab fa-android"></i>
+                Android
+              </a>
+              <a href="" class="store">
+                <i class="fab fa-apple"></i>
+                iOS
+              </a>
+            </div>
+          </div>
+        </div>
+        <div class="app">
+          <div class="app-logo">
+            <%= image_tag('2fa/ms_authenticator.png', class: 'logo-image') %>
+          </div>
+          <div class="app-information">
+            <p class="app-name">Microsoft authenticator</p>
+            <div class="app-store">
+              <a href="" class="store">
+                <i class="fab fa-android"></i>
+                Android
+              </a>
+              <a href="" class="store">
+                <i class="fab fa-apple"></i>
+                iOS
+              </a>
+            </div>
+          </div>
+        </div>
+        <div class="app">
+          <div class="app-logo">
+            <%= image_tag('2fa/2fa_authenticator.png', class: 'logo-image') %>
+          </div>
+          <div class="app-information">
+            <p class="app-name">2FA authenticator</p>
+            <div class="app-store">
+              <a href="" class="store">
+                <i class="fab fa-android"></i>
+                Android
+              </a>
+              <a href="" class="store">
+                <i class="fab fa-apple"></i>
+                iOS
+              </a>
+            </div>
+          </div>
+        </div>
+      </div>
+      <%= image_tag('2fa/install_mobile.png', class: 'install-mobile') %>
+    </div>
+  </div>
+  <div class="modal-footer">
+    <div class="btn btn-primary btn-next-step" data-step="#2fa-step-2">Start</div>
+  </div>
+</div>
diff --git a/app/views/users/registrations/_2fa_modal_qr_code_tab.html.erb b/app/views/users/registrations/_2fa_modal_qr_code_tab.html.erb
new file mode 100644
index 000000000..056e82108
--- /dev/null
+++ b/app/views/users/registrations/_2fa_modal_qr_code_tab.html.erb
@@ -0,0 +1,13 @@
+<div role="tabpanel" class="tab-pane" id="2fa-step-2">
+  <div class="modal-header">
+    <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">&times;</span></button>
+    <h2 class="modal-title">2. Scan the QR code with your app</h2>
+  </div>
+  <div class="modal-body">
+    <p>Open your authenticator app and use it to scan this code to add 2FA.</p>
+    <div class="qr-code"></div>
+  </div>
+  <div class="modal-footer">
+    <div class="btn btn-primary btn-next-step" data-step="#2fa-step-3">Next</div>
+  </div>
+</div>
diff --git a/app/views/users/registrations/_2fa_modal_verify_code_tab.html.erb b/app/views/users/registrations/_2fa_modal_verify_code_tab.html.erb
new file mode 100644
index 000000000..51799c6c2
--- /dev/null
+++ b/app/views/users/registrations/_2fa_modal_verify_code_tab.html.erb
@@ -0,0 +1,18 @@
+<div role="tabpanel" class="tab-pane" id="2fa-step-3">
+  <div class="modal-header">
+    <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">&times;</span></button>
+    <h2 class="modal-title">3. Enter the code given by your authenticator app</h2>
+  </div>
+  <%= form_with(url: users_2fa_enable_path, method: "post", class: "2fa-enable-form") do %>
+    <div class="modal-body">
+      <p>Enter the generated code into the fields bellow to finalize the setup of the two-factor authorisation.</p>
+      <p class="sci-input-container submit-code-field">
+        <%= label_tag :submit_code, t("users.registrations.edit.2fa_modal.submit_code_label") %>
+        <%= text_field_tag :submit_code, '', class: "sci-input-field" %>
+      </p>
+    </div>
+    <div class="modal-footer">
+      <%= button_tag 'Verify', class: 'btn btn-primary', type: :submit %>
+    </div>
+  <% end %>
+</div>
diff --git a/app/views/users/registrations/edit_partials/_avatar.html.erb b/app/views/users/registrations/edit_partials/_avatar.html.erb
new file mode 100644
index 000000000..3f521adf3
--- /dev/null
+++ b/app/views/users/registrations/edit_partials/_avatar.html.erb
@@ -0,0 +1,15 @@
+<div data-part="view">
+  <div class="form-group user-settings-edit-avatar">
+    <% @user_avatar_url ||= avatar_path(current_user, :thumb) %>
+    <div class="avatar-container">
+      <div class="avatar-image">
+          <%= image_tag @user_avatar_url %>
+      </div>
+      <div class="avatar-edit"></div>
+      <div class="avatar-edit-text">
+        <span class="fas fa-pencil-alt"></span>
+        <span><%=t "users.registrations.edit.avatar_btn" %></span>
+      </div>
+    </div>
+  </div>
+</div>
diff --git a/app/views/users/registrations/edit_partials/_email.html.erb b/app/views/users/registrations/edit_partials/_email.html.erb
new file mode 100644
index 000000000..1267b30ff
--- /dev/null
+++ b/app/views/users/registrations/edit_partials/_email.html.erb
@@ -0,0 +1,40 @@
+<%= form_for(resource,
+             as: resource_name,
+             url: registration_path(resource_name, format: :json),
+             remote: true,
+             html: { method: :put, "data-for" => "email", class: 'settings-page-email', id: 'user-email-field' }) do |f| %>
+  <div data-part="view">
+    <div class="form-group">
+      <%= f.label t("users.registrations.edit.email_label") %>
+      <div class="input-group">
+        <input data-role="src" class="form-control" disabled="disabled" type="text" value="<%= @user.email %>" name="fake_user[email]" id="fake_user_email">
+        <span class="input-group-btn">
+          <a href="#" class="btn btn-default" data-action="edit"><%=t "general.edit" %></a>
+        </span>
+      </div>
+      <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
+        <div class="alert alert-info" style="margin-top: 15px;" role="alert">
+          <span class="fas fa-info-circle" aria-hidden="true"></span>
+          <%=t "users.registrations.edit.waiting_for_confirm", email: resource.unconfirmed_email %>
+        </div>
+      <% end %>
+    </div>
+  </div>
+  <div data-part="edit" style="display: none;">
+    <div class="well">
+      <h4><%=t "users.registrations.edit.email_title" %></h4>
+      <div class="form-group">
+        <%= f.label :email, t("users.registrations.edit.new_email_label") %>
+        <%= f.email_field :email, class: "form-control", "data-role" => "edit" %>
+      </div>
+      <div class="form-group">
+        <%= f.label :current_password, t("users.registrations.edit.current_password_label") %> <i><%=t "users.registrations.edit.password_explanation" %></i>
+        <%= f.password_field :current_password, autocomplete: "off", class: "form-control", "data-role" => "clear", id: 'edit-email-current-password' %>
+      </div>
+      <div class="align-right">
+        <a href="#" class="btn btn-default" data-action="cancel"><%=t "general.cancel" %></a>
+        <%= f.submit t("general.save"), class: "btn btn-success" %>
+      </div>
+    </div>
+  </div>
+<% end %>
diff --git a/app/views/users/registrations/edit_partials/_full_name.html.erb b/app/views/users/registrations/edit_partials/_full_name.html.erb
new file mode 100644
index 000000000..e69f58e54
--- /dev/null
+++ b/app/views/users/registrations/edit_partials/_full_name.html.erb
@@ -0,0 +1,12 @@
+<span class="settings-page-full-name user-settings-block">
+  <label><%= t("users.registrations.edit.name_label") %></label>
+  <%= render partial: "shared/inline_editing",
+             locals: {
+               initial_value: @user.full_name,
+               config: {
+                 params_group: 'user',
+                 field_to_udpate: 'full_name',
+                 path_to_update: registration_path(resource_name, format: :json)
+               }
+             } %>
+</span>
diff --git a/app/views/users/registrations/edit_partials/_initials.html.erb b/app/views/users/registrations/edit_partials/_initials.html.erb
new file mode 100644
index 000000000..d938d8d00
--- /dev/null
+++ b/app/views/users/registrations/edit_partials/_initials.html.erb
@@ -0,0 +1,12 @@
+<span class="settings-page-initials user-settings-block">
+  <label><%= t("users.registrations.edit.initials_label") %></label>
+  <%= render partial: "shared/inline_editing",
+             locals: {
+               initial_value: @user.initials,
+               config: {
+                 params_group: 'user',
+                 field_to_udpate: 'initials',
+                 path_to_update: registration_path(resource_name, format: :json)
+               }
+             } %>
+</span>
diff --git a/app/views/users/registrations/edit_partials/_password.html.erb b/app/views/users/registrations/edit_partials/_password.html.erb
new file mode 100644
index 000000000..ec0541479
--- /dev/null
+++ b/app/views/users/registrations/edit_partials/_password.html.erb
@@ -0,0 +1,42 @@
+<%= form_for(resource,
+             as: resource_name,
+             url: registration_path(resource_name, format: :json),
+             remote: true,
+             html: { method: :put, "data-for" => "password", class: 'settings-page-change-password', id: 'user-password-field' }) do |f| %>
+  <%= hidden_field_tag "user[change_password]", "true" %>
+  <div data-part="view">
+    <div class="form-group">
+      <%= f.label t("users.registrations.edit.password_label") %>
+      <div class="input-group">
+        <input class="form-control" disabled="disabled" autocomplete="off" type="password" value="aaaaaaaaaa" name="fake_user[current_password]" id="fake_user_current_password">
+        <span class="input-group-btn">
+          <a href="#" class="btn btn-default" data-action="edit"><%=t "general.edit" %></a>
+        </span>
+      </div>
+    </div>
+  </div>
+  <div data-part="edit" style="display: none;">
+    <div class="well">
+      <h4><%=t "users.registrations.edit.password_title" %></h4>
+      <div class="form-group">
+        <%= f.label :current_password, t("users.registrations.edit.current_password_label") %> <i><%=t "users.registrations.edit.password_explanation" %></i>
+        <%= f.password_field :current_password, autocomplete: "off", class: "form-control", "data-role" => "clear", id: 'edit-password-current-password' %>
+      </div>
+
+      <div class="form-group">
+          <%= f.label :password, t("users.registrations.edit.new_password_label") %>
+          <%= f.password_field :password, autocomplete: "off", class: "form-control", "data-role" => "clear" %>
+      </div>
+
+      <div class="form-group">
+        <%= f.label :password_confirmation, t("users.registrations.edit.new_password_2_label") %>
+        <%= f.password_field :password_confirmation, autocomplete: "off", class: "form-control", "data-role" => "clear" %>
+      </div>
+
+      <div class="align-right">
+        <a href="#" class="btn btn-default" data-action="cancel"><%=t "general.cancel" %></a>
+        <%= f.submit t("general.save"), class: "btn btn-success" %>
+      </div>
+    </div>
+  </div>
+<% end %>

From 88c092dc98a629d8fa77b3bddc020d5505479be2 Mon Sep 17 00:00:00 2001
From: aignatov-bio <aignatov@biosistemika.com>
Date: Tue, 7 Jul 2020 15:59:02 +0200
Subject: [PATCH 12/17] Add i18n and constants

---
 .../javascripts/users/registrations/edit.js   |   2 +-
 app/assets/stylesheets/settings/users.scss    |  67 +++++++++-
 app/assets/stylesheets/themes/scinote.scss    |  17 +--
 .../users/registrations/_2fa_modal.html.erb   |   8 +-
 .../_2fa_modal_apps_tab.html.erb              |  36 +++---
 .../_2fa_modal_qr_code_tab.html.erb           |   6 +-
 .../_2fa_modal_verify_code_tab.html.erb       |   8 +-
 app/views/users/registrations/edit.html.erb   | 115 +++++++++---------
 .../registrations/edit_partials/_2fa.html.erb |  19 +++
 .../edit_partials/_email.html.erb             |  18 ++-
 .../edit_partials/_password.html.erb          |  22 ++--
 config/initializers/constants.rb              |  15 +++
 config/locales/en.yml                         |  40 ++++--
 13 files changed, 241 insertions(+), 132 deletions(-)
 create mode 100644 app/views/users/registrations/edit_partials/_2fa.html.erb

diff --git a/app/assets/javascripts/users/registrations/edit.js b/app/assets/javascripts/users/registrations/edit.js
index 38969d9a3..c3216489c 100644
--- a/app/assets/javascripts/users/registrations/edit.js
+++ b/app/assets/javascripts/users/registrations/edit.js
@@ -102,5 +102,5 @@
 
   $('#twoFactorAuthenticationModal').on('click', '.btn-next-step', function() {
     $('#twoFactorAuthenticationModal').find(`[href="${$(this).data('step')}"]`).tab('show');
-  })
+  });
 }());
diff --git a/app/assets/stylesheets/settings/users.scss b/app/assets/stylesheets/settings/users.scss
index 204355d72..010350d75 100644
--- a/app/assets/stylesheets/settings/users.scss
+++ b/app/assets/stylesheets/settings/users.scss
@@ -1,11 +1,54 @@
 @import "constants";
 @import "mixins";
 
-.user-settings-block {
-  display: block;
-  margin-bottom: 20px;
+.user-settings {
+  .settings-row {
+    margin-top: 2em;
+
+    .user-attribute {
+      align-items: center;
+      display: flex;
+
+      .btn {
+        margin-left: auto;
+      }
+    }
+  }
+
+  .user-settings-block {
+    display: block;
+    margin-bottom: 20px;
+  }
+
+
+  .two-factor-container {
+    border: $border-default;
+    column-gap: 1em;
+    display: grid;
+    grid-template-columns:  auto fit-content;
+    margin: 1em 0;
+    padding: 1em;
+    row-gap: .5em;
+
+
+    .title {
+      @include font-main;
+      flex-basis: 100%;
+      grid-column: 1 / span 2;
+
+      .enabled {
+        @include font-button;
+        color: $brand-success;
+      }
+    }
+
+    .btn {
+      align-self: end;
+    }
+  }
 }
 
+
 .two-factor-modal {
   .two-factor-apps {
     align-items: center;
@@ -54,3 +97,21 @@
     padding: 4em;
   }
 }
+
+@media (max-width: 700px) {
+  .user-settings {
+    .two-factor-container {
+      grid-template-columns:  auto;
+
+      .title {
+        grid-column: 1;
+      }
+    }
+  }
+
+  .two-factor-modal {
+    .install-mobile {
+      display: none;
+    }
+  }
+}
diff --git a/app/assets/stylesheets/themes/scinote.scss b/app/assets/stylesheets/themes/scinote.scss
index 56f9abf8e..e504f8d67 100644
--- a/app/assets/stylesheets/themes/scinote.scss
+++ b/app/assets/stylesheets/themes/scinote.scss
@@ -469,8 +469,10 @@ a[data-toggle="tooltip"] {
 }
 
 .user-statistics {
+  margin-top: 1em;
+
   .list-inline {
-    margin-left: 15px;
+    margin-left: 0;
   }
 
   .label {
@@ -479,10 +481,8 @@ a[data-toggle="tooltip"] {
 
   li {
     height: 100px;
-    margin: 15px;
-    padding-bottom: 15px;
-    padding-left: 10px;
-    padding-right: 10px;
+    margin-bottom: 1em;
+    margin-right: 2em;
     width: 100px;
   }
 }
@@ -1318,10 +1318,9 @@ ul.content-activities {
 .avatar-container {
   background-color: lighten($color-concrete, 2%);
   border-radius: 50%;
-  height: 100px;
-  margin-top: 5px;
+  height: 5em;
   position: relative;
-  width: 100px;
+  width: 5em;
 
   .avatar-edit {
     background-color: $color-silver-chalice;
@@ -1356,6 +1355,8 @@ ul.content-activities {
 
     img {
       border-radius: 50%;
+      height: 100%;
+      width: 100%;
     }
   }
 }
diff --git a/app/views/users/registrations/_2fa_modal.html.erb b/app/views/users/registrations/_2fa_modal.html.erb
index ecbf62bba..16a161c56 100644
--- a/app/views/users/registrations/_2fa_modal.html.erb
+++ b/app/views/users/registrations/_2fa_modal.html.erb
@@ -4,18 +4,18 @@
       <% if current_user.two_factor_auth_enabled? %>
         <div class="modal-header">
           <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">&times;</span></button>
-          <h2 class="modal-title">Disable two-factor authentication</h2>
+          <h2 class="modal-title"><%= t("users.registrations.edit.2fa_modal.disable.title") %></h2>
         </div>
         <%= form_with(url: users_2fa_disable_path, method: "post", class: "2fa-disable-form") do %>
           <div class="modal-body">
-            <p>Enter your password bellow to confirm disableing 2FA. This will remove authentication, from your account and make you more vulnerable to potential attacks.</p>
+            <p><%= t("users.registrations.edit.2fa_modal.disable.description") %></p>
             <div class="sci-input-container password-field">
-              <%= label_tag :password, t("users.registrations.edit.2fa_modal.password_label") %>
+              <%= label_tag :password, t("users.registrations.edit.2fa_modal.disable.password_label") %>
               <%= password_field_tag :password, '', class: "sci-input-field" %>
             </div>
           </div>
           <div class="modal-footer">
-            <%= button_tag 'Disable 2FA', type: 'submit', class: "btn btn-danger" %>
+            <%= button_tag t("users.registrations.edit.2fa_modal.disable.disable_2fa"), type: 'submit', class: "btn btn-danger" %>
           </div>
         <% end %>
       <% else %>
diff --git a/app/views/users/registrations/_2fa_modal_apps_tab.html.erb b/app/views/users/registrations/_2fa_modal_apps_tab.html.erb
index d9806b291..51abf2198 100644
--- a/app/views/users/registrations/_2fa_modal_apps_tab.html.erb
+++ b/app/views/users/registrations/_2fa_modal_apps_tab.html.erb
@@ -1,10 +1,10 @@
 <div role="tabpanel" class="tab-pane active" id="2fa-step-1">
   <div class="modal-header">
     <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">&times;</span></button>
-    <h2 class="modal-title">1. Install an Authenticator App on your mobile device</h2>
+    <h2 class="modal-title"><%= t("users.registrations.edit.2fa_modal.step_1.title") %></h2>
   </div>
   <div class="modal-body">
-    <p>Use your phone to download an authenticator app. It is needed to enable the 2FA in SciNote. Bellow you can see the most commonly used ones.</p>
+    <p><%= t("users.registrations.edit.2fa_modal.step_1.description") %></p>
     <div class="two-factor-apps">
       <div class="apps-list">
         <div class="app">
@@ -12,15 +12,15 @@
             <%= image_tag('2fa/google_authenticator.png', class: 'logo-image') %>
           </div>
           <div class="app-information">
-            <p class="app-name">Google authenticator</p>
+            <p class="app-name"><%= t("users.registrations.edit.2fa_modal.step_1.google_auth") %></p>
             <div class="app-store">
-              <a href="" class="store">
+              <a href="<%= Constants::TWO_FACTOR_URL[:google][:android] %>" class="store" target="_blank">
                 <i class="fab fa-android"></i>
-                Android
+                <%= t("users.registrations.edit.2fa_modal.step_1.android") %>
               </a>
-              <a href="" class="store">
+              <a href="<%= Constants::TWO_FACTOR_URL[:google][:ios] %>" class="store" target="_blank">
                 <i class="fab fa-apple"></i>
-                iOS
+                <%= t("users.registrations.edit.2fa_modal.step_1.ios") %>
               </a>
             </div>
           </div>
@@ -30,15 +30,15 @@
             <%= image_tag('2fa/ms_authenticator.png', class: 'logo-image') %>
           </div>
           <div class="app-information">
-            <p class="app-name">Microsoft authenticator</p>
+            <p class="app-name"><%= t("users.registrations.edit.2fa_modal.step_1.microsoft_auth") %></p>
             <div class="app-store">
-              <a href="" class="store">
+              <a href="<%= Constants::TWO_FACTOR_URL[:microsoft][:android] %>" class="store" target="_blank">
                 <i class="fab fa-android"></i>
-                Android
+                <%= t("users.registrations.edit.2fa_modal.step_1.android") %>
               </a>
-              <a href="" class="store">
+              <a href="<%= Constants::TWO_FACTOR_URL[:microsoft][:ios] %>" class="store" target="_blank">
                 <i class="fab fa-apple"></i>
-                iOS
+                <%= t("users.registrations.edit.2fa_modal.step_1.ios") %>
               </a>
             </div>
           </div>
@@ -48,15 +48,15 @@
             <%= image_tag('2fa/2fa_authenticator.png', class: 'logo-image') %>
           </div>
           <div class="app-information">
-            <p class="app-name">2FA authenticator</p>
+            <p class="app-name"><%= t("users.registrations.edit.2fa_modal.step_1.2fa_auth") %></p>
             <div class="app-store">
-              <a href="" class="store">
+              <a href="<%= Constants::TWO_FACTOR_URL[:two_fa][:android] %>" class="store" target="_blank">
                 <i class="fab fa-android"></i>
-                Android
+                <%= t("users.registrations.edit.2fa_modal.step_1.android") %>
               </a>
-              <a href="" class="store">
+              <a href="<%= Constants::TWO_FACTOR_URL[:two_fa][:ios] %>" class="store" target="_blank">
                 <i class="fab fa-apple"></i>
-                iOS
+                <%= t("users.registrations.edit.2fa_modal.step_1.ios") %>
               </a>
             </div>
           </div>
@@ -66,6 +66,6 @@
     </div>
   </div>
   <div class="modal-footer">
-    <div class="btn btn-primary btn-next-step" data-step="#2fa-step-2">Start</div>
+    <div class="btn btn-primary btn-next-step" data-step="#2fa-step-2"><%= t("users.registrations.edit.2fa_modal.step_1.start") %></div>
   </div>
 </div>
diff --git a/app/views/users/registrations/_2fa_modal_qr_code_tab.html.erb b/app/views/users/registrations/_2fa_modal_qr_code_tab.html.erb
index 056e82108..d4f421c78 100644
--- a/app/views/users/registrations/_2fa_modal_qr_code_tab.html.erb
+++ b/app/views/users/registrations/_2fa_modal_qr_code_tab.html.erb
@@ -1,13 +1,13 @@
 <div role="tabpanel" class="tab-pane" id="2fa-step-2">
   <div class="modal-header">
     <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">&times;</span></button>
-    <h2 class="modal-title">2. Scan the QR code with your app</h2>
+    <h2 class="modal-title"><%= t("users.registrations.edit.2fa_modal.step_2.title") %></h2>
   </div>
   <div class="modal-body">
-    <p>Open your authenticator app and use it to scan this code to add 2FA.</p>
+    <p><%= t("users.registrations.edit.2fa_modal.step_2.description") %></p>
     <div class="qr-code"></div>
   </div>
   <div class="modal-footer">
-    <div class="btn btn-primary btn-next-step" data-step="#2fa-step-3">Next</div>
+    <div class="btn btn-primary btn-next-step" data-step="#2fa-step-3"><%= t("users.registrations.edit.2fa_modal.step_2.next") %></div>
   </div>
 </div>
diff --git a/app/views/users/registrations/_2fa_modal_verify_code_tab.html.erb b/app/views/users/registrations/_2fa_modal_verify_code_tab.html.erb
index 51799c6c2..75fea64b8 100644
--- a/app/views/users/registrations/_2fa_modal_verify_code_tab.html.erb
+++ b/app/views/users/registrations/_2fa_modal_verify_code_tab.html.erb
@@ -1,18 +1,18 @@
 <div role="tabpanel" class="tab-pane" id="2fa-step-3">
   <div class="modal-header">
     <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">&times;</span></button>
-    <h2 class="modal-title">3. Enter the code given by your authenticator app</h2>
+    <h2 class="modal-title"><%= t("users.registrations.edit.2fa_modal.step_3.title") %></h2>
   </div>
   <%= form_with(url: users_2fa_enable_path, method: "post", class: "2fa-enable-form") do %>
     <div class="modal-body">
-      <p>Enter the generated code into the fields bellow to finalize the setup of the two-factor authorisation.</p>
+      <p><%= t("users.registrations.edit.2fa_modal.step_3.description") %></p>
       <p class="sci-input-container submit-code-field">
-        <%= label_tag :submit_code, t("users.registrations.edit.2fa_modal.submit_code_label") %>
+        <%= label_tag :submit_code, t("users.registrations.edit.2fa_modal.step_3.enter_code") %>
         <%= text_field_tag :submit_code, '', class: "sci-input-field" %>
       </p>
     </div>
     <div class="modal-footer">
-      <%= button_tag 'Verify', class: 'btn btn-primary', type: :submit %>
+      <%= button_tag t("users.registrations.edit.2fa_modal.step_3.verify"), class: 'btn btn-primary', type: :submit %>
     </div>
   <% end %>
 </div>
diff --git a/app/views/users/registrations/edit.html.erb b/app/views/users/registrations/edit.html.erb
index 1357e68cc..e146d4fc1 100644
--- a/app/views/users/registrations/edit.html.erb
+++ b/app/views/users/registrations/edit.html.erb
@@ -2,70 +2,65 @@
 <% provide(:container_class, "no-second-nav-container") %>
 
 <%= render partial: "users/settings/sidebar" %>
-<div class="tab-content">
-  <div class="tab-pane content-pane active" role="tabpanel">
-    <div class="row">
-      <div class="col-md-12">
-        <h1><%=t "users.registrations.edit.title" %></h1>
-
-        <% if not resource.errors.empty? %>
-          <div class="alert alert-danger">
-            <%= devise_error_messages! %>
-          </div>
-        <% end %>
-        <div class="row">
-          <div class="col-md-4 col-lg-2">
-          <%= render partial: 'users/registrations/edit_partials/avatar' %>
-          </div>
-          <div class="col-md-8 col-lg-10">
-            <div class="row">
-              <div class="col-md-6">
-                <%= render partial: 'users/registrations/edit_partials/full_name' %>
-                <%= render partial: 'users/registrations/edit_partials/initials' %>
-              </div>
-              <div class="col-md-6">
-                <%= render partial: 'users/registrations/edit_partials/email' %>
-                <%= render partial: 'users/registrations/edit_partials/password' %>
-              </div>
+<div class="content-pane active flexible user-settings">
+  <div class="content-header">
+    <h1><%=t "users.registrations.edit.title" %></h1>
+  </div>
+  <div class="row settings-row">
+    <div class="col-md-12">
+      <% if not resource.errors.empty? %>
+        <div class="alert alert-danger">
+          <%= devise_error_messages! %>
+        </div>
+      <% end %>
+      <div class="row">
+        <div class="col-md-2 col-lg-1">
+        <%= render partial: 'users/registrations/edit_partials/avatar' %>
+        </div>
+        <div class="col-md-10 col-lg-11">
+          <div class="row">
+            <div class="col-md-6">
+              <%= render partial: 'users/registrations/edit_partials/full_name' %>
+              <%= render partial: 'users/registrations/edit_partials/initials' %>
+            </div>
+            <div class="col-md-6">
+              <%= render partial: 'users/registrations/edit_partials/email' %>
+              <%= render partial: 'users/registrations/edit_partials/password' %>
             </div>
           </div>
         </div>
-        <% if current_user.two_factor_auth_enabled? %>
-          <button class="btn btn-danger" id="twoFactorAuthenticationDisable"><%= t("users.registrations.edit.2fa_button_disable") %></button>
-        <% else %>
-          <button class="btn btn-primary" id="twoFactorAuthenticationEnable" data-qr-code-url="<%= users_2fa_qr_code_path %>"><%= t("users.registrations.edit.2fa_button") %></button>
-        <% end %>
-     </div>
-    </div>
-
-    <!-- User statistics -->
-    <div class="row">
-      <div class="col-md-12">
-        <div class="row user-statistics">
-          <div class="col-md-12">
-            <h2 style="margin-top: 10px;"><%=t "users.statistics.title" %></h2>
-            <ul class="list-inline">
-              <li class="label label-primary">
-                <h2><%= @user.statistics[:number_of_teams]%></h2>
-                <%= t("users.statistics.team").pluralize(@user.statistics[:number_of_teams]) %>
-              </li>
-              <li class="label label-primary">
-                <h2><%= @user.statistics[:number_of_projects] %></h2>
-                <%= t("users.statistics.project").pluralize(@user.statistics[:number_of_projects]) %>
-              </li>
-              <li class="label label-primary">
-                <h2><%= @user.statistics[:number_of_experiments] %></h2>
-                <%= t("users.statistics.experiment").pluralize(@user.statistics[:number_of_experiments]) %>
-              </li>
-              <li class="label label-primary">
-                <h2><%= @user.statistics[:number_of_protocols] %></h2>
-                <%= t("users.statistics.protocol").pluralize(@user.statistics[:number_of_protocols]) %>
-              </li>
-            </ul>
-          </div>
-        </div>
-        <span style="display: none;" data-hook="profile-statistics"></span>
       </div>
+      <%= render partial: 'users/registrations/edit_partials/2fa' %>
+   </div>
+  </div>
+
+  <!-- User statistics -->
+  <div class="row">
+    <div class="col-md-12">
+      <div class="row user-statistics">
+        <div class="col-md-12">
+          <h2><%=t "users.statistics.title" %></h2>
+          <ul class="list-inline">
+            <li class="label label-primary">
+              <h2><%= @user.statistics[:number_of_teams]%></h2>
+              <%= t("users.statistics.team").pluralize(@user.statistics[:number_of_teams]) %>
+            </li>
+            <li class="label label-primary">
+              <h2><%= @user.statistics[:number_of_projects] %></h2>
+              <%= t("users.statistics.project").pluralize(@user.statistics[:number_of_projects]) %>
+            </li>
+            <li class="label label-primary">
+              <h2><%= @user.statistics[:number_of_experiments] %></h2>
+              <%= t("users.statistics.experiment").pluralize(@user.statistics[:number_of_experiments]) %>
+            </li>
+            <li class="label label-primary">
+              <h2><%= @user.statistics[:number_of_protocols] %></h2>
+              <%= t("users.statistics.protocol").pluralize(@user.statistics[:number_of_protocols]) %>
+            </li>
+          </ul>
+        </div>
+      </div>
+      <span style="display: none;" data-hook="profile-statistics"></span>
     </div>
   </div>
 </div>
diff --git a/app/views/users/registrations/edit_partials/_2fa.html.erb b/app/views/users/registrations/edit_partials/_2fa.html.erb
new file mode 100644
index 000000000..b9d9480e5
--- /dev/null
+++ b/app/views/users/registrations/edit_partials/_2fa.html.erb
@@ -0,0 +1,19 @@
+<div class="two-factor-container">
+  <div class="title">
+    <b><%= t("users.registrations.edit.2fa_title") %></b>
+    <% if current_user.two_factor_auth_enabled? %>
+      <span class="enabled">
+        <i class="fas fa-shield-alt"></i>
+        <%= t("users.registrations.edit.2fa_enabled") %>
+      </span>
+    <% end %>
+  </div>
+  <div class="description">
+    <%= t("users.registrations.edit.2fa_description") %>
+  </div>
+  <% if current_user.two_factor_auth_enabled? %>
+    <button class="btn btn-secondary" id="twoFactorAuthenticationDisable"><%= t("users.registrations.edit.2fa_button_disable") %></button>
+  <% else %>
+    <button class="btn btn-primary" id="twoFactorAuthenticationEnable" data-qr-code-url="<%= users_2fa_qr_code_path %>"><%= t("users.registrations.edit.2fa_button") %></button>
+  <% end %>
+</div>
diff --git a/app/views/users/registrations/edit_partials/_email.html.erb b/app/views/users/registrations/edit_partials/_email.html.erb
index 1267b30ff..50be8c942 100644
--- a/app/views/users/registrations/edit_partials/_email.html.erb
+++ b/app/views/users/registrations/edit_partials/_email.html.erb
@@ -6,11 +6,9 @@
   <div data-part="view">
     <div class="form-group">
       <%= f.label t("users.registrations.edit.email_label") %>
-      <div class="input-group">
-        <input data-role="src" class="form-control" disabled="disabled" type="text" value="<%= @user.email %>" name="fake_user[email]" id="fake_user_email">
-        <span class="input-group-btn">
-          <a href="#" class="btn btn-default" data-action="edit"><%=t "general.edit" %></a>
-        </span>
+      <div class="user-attribute">
+        <%= @user.email %>
+        <a href="#" class="btn btn-default" data-action="edit"><%=t "general.edit" %></a>
       </div>
       <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
         <div class="alert alert-info" style="margin-top: 15px;" role="alert">
@@ -23,16 +21,16 @@
   <div data-part="edit" style="display: none;">
     <div class="well">
       <h4><%=t "users.registrations.edit.email_title" %></h4>
-      <div class="form-group">
+      <div class="form-group sci-input-container">
         <%= f.label :email, t("users.registrations.edit.new_email_label") %>
-        <%= f.email_field :email, class: "form-control", "data-role" => "edit" %>
+        <%= f.email_field :email, class: "form-control sci-input-field", "data-role" => "edit" %>
       </div>
-      <div class="form-group">
+      <div class="form-group sci-input-container">
         <%= f.label :current_password, t("users.registrations.edit.current_password_label") %> <i><%=t "users.registrations.edit.password_explanation" %></i>
-        <%= f.password_field :current_password, autocomplete: "off", class: "form-control", "data-role" => "clear", id: 'edit-email-current-password' %>
+        <%= f.password_field :current_password, autocomplete: "off", class: "form-control sci-input-field", "data-role" => "clear", id: 'edit-email-current-password' %>
       </div>
       <div class="align-right">
-        <a href="#" class="btn btn-default" data-action="cancel"><%=t "general.cancel" %></a>
+        <a href="#" class="btn btn-light" data-action="cancel"><%=t "general.cancel" %></a>
         <%= f.submit t("general.save"), class: "btn btn-success" %>
       </div>
     </div>
diff --git a/app/views/users/registrations/edit_partials/_password.html.erb b/app/views/users/registrations/edit_partials/_password.html.erb
index ec0541479..512ad3a34 100644
--- a/app/views/users/registrations/edit_partials/_password.html.erb
+++ b/app/views/users/registrations/edit_partials/_password.html.erb
@@ -7,34 +7,32 @@
   <div data-part="view">
     <div class="form-group">
       <%= f.label t("users.registrations.edit.password_label") %>
-      <div class="input-group">
-        <input class="form-control" disabled="disabled" autocomplete="off" type="password" value="aaaaaaaaaa" name="fake_user[current_password]" id="fake_user_current_password">
-        <span class="input-group-btn">
-          <a href="#" class="btn btn-default" data-action="edit"><%=t "general.edit" %></a>
-        </span>
+      <div class="user-attribute">
+        ••••••••••••
+        <a href="#" class="btn btn-default" data-action="edit"><%=t "general.edit" %></a>
       </div>
     </div>
   </div>
   <div data-part="edit" style="display: none;">
     <div class="well">
       <h4><%=t "users.registrations.edit.password_title" %></h4>
-      <div class="form-group">
+      <div class="form-group sci-input-container">
         <%= f.label :current_password, t("users.registrations.edit.current_password_label") %> <i><%=t "users.registrations.edit.password_explanation" %></i>
-        <%= f.password_field :current_password, autocomplete: "off", class: "form-control", "data-role" => "clear", id: 'edit-password-current-password' %>
+        <%= f.password_field :current_password, autocomplete: "off", class: "form-control sci-input-field", "data-role" => "clear", id: 'edit-password-current-password' %>
       </div>
 
-      <div class="form-group">
+      <div class="form-group sci-input-container">
           <%= f.label :password, t("users.registrations.edit.new_password_label") %>
-          <%= f.password_field :password, autocomplete: "off", class: "form-control", "data-role" => "clear" %>
+          <%= f.password_field :password, autocomplete: "off", class: "form-control sci-input-field", "data-role" => "clear" %>
       </div>
 
-      <div class="form-group">
+      <div class="form-group sci-input-container">
         <%= f.label :password_confirmation, t("users.registrations.edit.new_password_2_label") %>
-        <%= f.password_field :password_confirmation, autocomplete: "off", class: "form-control", "data-role" => "clear" %>
+        <%= f.password_field :password_confirmation, autocomplete: "off", class: "form-control sci-input-field", "data-role" => "clear" %>
       </div>
 
       <div class="align-right">
-        <a href="#" class="btn btn-default" data-action="cancel"><%=t "general.cancel" %></a>
+        <a href="#" class="btn btn-light" data-action="cancel"><%=t "general.cancel" %></a>
         <%= f.submit t("general.save"), class: "btn btn-success" %>
       </div>
     </div>
diff --git a/config/initializers/constants.rb b/config/initializers/constants.rb
index efac12b14..792a14937 100644
--- a/config/initializers/constants.rb
+++ b/config/initializers/constants.rb
@@ -205,6 +205,21 @@ class Constants
 
   ACADEMY_BL_LINK = 'https://scinote.net/academy/?utm_source=SciNote%20software%20BL&utm_medium=SciNote%20software%20BL'.freeze
 
+  TWO_FACTOR_URL = {
+    google: {
+      android: 'https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2',
+      ios: 'https://apps.apple.com/us/app/google-authenticator/id388497605'
+    },
+    microsoft: {
+      android: 'https://play.google.com/store/apps/details?id=com.azure.authenticator',
+      ios: 'https://apps.apple.com/us/app/microsoft-authenticator/id983156458'
+    },
+    two_fa: {
+      android: 'https://play.google.com/store/apps/details?id=com.twofasapp',
+      ios: 'https://apps.apple.com/us/app/2fa-authenticator-2fas/id1217793794'
+    },
+  }
+
   #=============================================================================
   # Protocol importers
   #=============================================================================
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 0c8d6a71f..7967a534e 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -1629,7 +1629,7 @@ en:
         head_title: "My profile"
         title: "My profile"
         avatar_label: "Profile photo"
-        avatar_btn: "Edit photo"
+        avatar_btn: "Edit"
         avatar_modal:
           title: 'Change your profile photo'
           upload_button: 'Upload a photo'
@@ -1648,16 +1648,38 @@ en:
         password_title: "Change password"
         new_password_label: "New password"
         new_password_2_label: "New password confirmation"
-        2fa_button: "Enable two-factor authentication"
-        2fa_button_disable: "Disable two-factor authentication"
+        2fa_title: "Two-factor authentication"
+        2fa_description: "Two-factor authentication (2FA) is a way of verifying a user’s identity by using a combination of two different verification methods. It adds an extra layer of security to your account and protects from potential remote attacs or other threats."
+        2fa_enabled: "Enabled"
+        2fa_button: "Enable authentication"
+        2fa_button_disable: "Disable authentication"
         2fa_modal:
-          title: 'Two-factor authentication'
-          password_label: 'Password'
-          submit_code_label: 'Submit code'
-          submit_button: 'Submit'
+          step_1:
+            title: "1. Install an Authenticator App on your mobile device"
+            description: "Use your phone to download an authenticator app. It is needed to enable the 2FA in SciNote. Bellow you can see the most commonly used ones."
+            google_auth: "Google authenticator"
+            microsoft_auth: "Microsoft authenticator"
+            2fa_auth: "2FA authenticator"
+            android: "Android"
+            ios: "iOS"
+            start: "Start"
+          step_2:
+            title: "2. Scan the QR code with your app"
+            description: "Open your authenticator app and use it to scan this code to add 2FA."
+            next: "Next"
+          step_3:
+            title: "3. Enter the code given by your authenticator app"
+            description: "Enter the generated code into the fields bellow to finalize the setup of the two-factor authorisation."
+            enter_code: "Enter authenticator code"
+            verify: "Verify"
+          disable:
+            title: "Disable two-factor authentication"
+            description: "Enter your password bellow to confirm disableing 2FA. This will remove authentication, from your account and make you more vulnerable to potential attacks."
+            password_label: "Enter password"
+            disable_2fa: "Disable 2FA"
         2fa_errors:
-          wrong_submit_code: 'Not correct code'
-          wrong_password: 'Not correct password'
+          wrong_submit_code: "Not correct code"
+          wrong_password: "Not correct password"
       new:
         head_title: "Sign up"
         team_name_label: "Team name"

From 2bab52827800c432eb425d35747fbe1d41e299c0 Mon Sep 17 00:00:00 2001
From: aignatov-bio <aignatov@biosistemika.com>
Date: Thu, 9 Jul 2020 14:19:21 +0200
Subject: [PATCH 13/17] Fix test

---
 features/settings_page/profile.feature | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/features/settings_page/profile.feature b/features/settings_page/profile.feature
index e2bc02aed..24cdafce0 100644
--- a/features/settings_page/profile.feature
+++ b/features/settings_page/profile.feature
@@ -57,7 +57,7 @@ Scenario: Successfully changes user email
   And I change "nonadmin@myorg.com" with "user@myorg.com" email
   And I fill in "mypassword1234" in "#edit-email-current-password" field of ".settings-page-email" form
   Then I click "Save" button
-  And I should see "user@myorg.com" in ".settings-page-email" input field
+  And I should see "user@myorg.com"
 
 @javascript
 Scenario: Unsuccessful Password Change, password is too short

From fef6e5f1dbf1b6445cddaf4a4029177bed59afc7 Mon Sep 17 00:00:00 2001
From: aignatov-bio <aignatov@biosistemika.com>
Date: Thu, 9 Jul 2020 17:01:00 +0200
Subject: [PATCH 14/17] Add recovery strategy for 2fa

---
 .../javascripts/users/registrations/edit.js   |  8 ++++++
 app/assets/stylesheets/settings/users.scss    | 11 ++++++++
 .../users/registrations_controller.rb         |  4 +--
 app/models/user.rb                            | 26 +++++++++++++++++--
 .../users/registrations/_2fa_modal.html.erb   |  4 ++-
 .../_2fa_modal_apps_tab.html.erb              |  2 +-
 .../_2fa_modal_qr_code_tab.html.erb           |  2 +-
 .../_2fa_modal_recovery_codes_tab.html.erb    | 16 ++++++++++++
 config/initializers/constants.rb              |  2 ++
 config/locales/en.yml                         |  5 ++++
 ...9142830_add_otp_recovery_codes_to_users.rb |  9 +++++++
 db/structure.sql                              |  6 +++--
 12 files changed, 86 insertions(+), 9 deletions(-)
 create mode 100644 app/views/users/registrations/_2fa_modal_recovery_codes_tab.html.erb
 create mode 100644 db/migrate/20200709142830_add_otp_recovery_codes_to_users.rb

diff --git a/app/assets/javascripts/users/registrations/edit.js b/app/assets/javascripts/users/registrations/edit.js
index c3216489c..465aa97a6 100644
--- a/app/assets/javascripts/users/registrations/edit.js
+++ b/app/assets/javascripts/users/registrations/edit.js
@@ -94,6 +94,14 @@
 
   $('#twoFactorAuthenticationModal .2fa-enable-form').on('ajax:error', function(e, data) {
     $(this).find('.submit-code-field').addClass('error').attr('data-error-text', data.responseJSON.error);
+  }).on('ajax:success', function(e, data) {
+    var blob = new Blob([data.recovery_codes.join('\r\n')], { type: 'text/plain;charset=utf-8' });
+    $('#twoFactorAuthenticationModal').find('.recovery-codes').html(data.recovery_codes.join('<br>'));
+    $('#twoFactorAuthenticationModal').find('[href="#2fa-step-4"]').tab('show');
+    $('.download-recovery-codes').attr('href', window.URL.createObjectURL(blob));
+    $('#twoFactorAuthenticationModal').one('hide.bs.modal', function() {
+      location.reload();
+    });
   });
 
   $('#twoFactorAuthenticationModal .2fa-disable-form').on('ajax:error', function(e, data) {
diff --git a/app/assets/stylesheets/settings/users.scss b/app/assets/stylesheets/settings/users.scss
index 010350d75..58bf693da 100644
--- a/app/assets/stylesheets/settings/users.scss
+++ b/app/assets/stylesheets/settings/users.scss
@@ -96,6 +96,17 @@
     justify-content: center;
     padding: 4em;
   }
+
+  .verified-label {
+    color: $brand-success;
+    margin-top: 0;
+  }
+
+  .recovery-codes {
+    @include font-h3;
+    line-height: 2em;
+    text-align: center;
+  }
 }
 
 @media (max-width: 700px) {
diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb
index 4e2b65929..e1ab95937 100644
--- a/app/controllers/users/registrations_controller.rb
+++ b/app/controllers/users/registrations_controller.rb
@@ -184,8 +184,8 @@ class Users::RegistrationsController < Devise::RegistrationsController
 
   def two_factor_enable
     if current_user.valid_otp?(params[:submit_code])
-      current_user.enable_2fa!
-      redirect_to edit_user_registration_path
+      recovery_codes = current_user.enable_2fa!
+      render json: { recovery_codes: recovery_codes }
     else
       render json: { error: t('users.registrations.edit.2fa_errors.wrong_submit_code') }, status: :unprocessable_entity
     end
diff --git a/app/models/user.rb b/app/models/user.rb
index e58cfeed2..268ac7e99 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -654,11 +654,33 @@ class User < ApplicationRecord
   end
 
   def enable_2fa!
-    update!(two_factor_auth_enabled: true)
+    recovery_codes = []
+    Constants::TWO_FACTOR_RECOVERY_CODE_COUNT.times do
+      recovery_codes.push(SecureRandom.hex(Constants::TWO_FACTOR_RECOVERY_CODE_LENGTH / 2))
+    end
+
+    update!(
+      two_factor_auth_enabled: true,
+      otp_recovery_codes: recovery_codes.map { |c| Devise::Encryptor.digest(self.class, c) }
+    )
+
+    recovery_codes
   end
 
   def disable_2fa!
-    update!(two_factor_auth_enabled: false, otp_secret: nil)
+    update!(two_factor_auth_enabled: false, otp_secret: nil, otp_recovery_codes: nil)
+  end
+
+  def recover_2fa!(code)
+    return unless otp_recovery_codes
+
+    otp_recovery_codes.each do |recovery_code|
+      if Devise::Encryptor.compare(self.class, recovery_code, code)
+        update(otp_recovery_codes: otp_recovery_codes.reject { |i| i == recovery_code })
+        return true
+      end
+    end
+    false
   end
 
   protected
diff --git a/app/views/users/registrations/_2fa_modal.html.erb b/app/views/users/registrations/_2fa_modal.html.erb
index 16a161c56..89567c8dd 100644
--- a/app/views/users/registrations/_2fa_modal.html.erb
+++ b/app/views/users/registrations/_2fa_modal.html.erb
@@ -1,4 +1,4 @@
-<div class="modal two-factor-modal" id="twoFactorAuthenticationModal" tabindex="-1" role="dialog">
+<div class="modal two-factor-modal" id="twoFactorAuthenticationModal" tabindex="-1" role="dialog" data-backdrop="static">
   <div class="modal-dialog" role="document">
     <div class="modal-content">
       <% if current_user.two_factor_auth_enabled? %>
@@ -23,11 +23,13 @@
             <li role="presentation"><a href="#2fa-step-1" data-toggle="tab" data-no-turbolink="true"></a></li>
             <li role="presentation"><a href="#2fa-step-2" data-toggle="tab" data-no-turbolink="true"></a></li>
             <li role="presentation"><a href="#2fa-step-3" data-toggle="tab" data-no-turbolink="true"></a></li>
+            <li role="presentation"><a href="#2fa-step-4" data-toggle="tab" data-no-turbolink="true"></a></li>
           </ul>
           <div class="tab-content">
             <%= render partial: '2fa_modal_apps_tab' %>
             <%= render partial: '2fa_modal_qr_code_tab' %>
             <%= render partial: '2fa_modal_verify_code_tab' %>
+            <%= render partial: '2fa_modal_recovery_codes_tab' %>
           </div>
       <% end %>
     </div>
diff --git a/app/views/users/registrations/_2fa_modal_apps_tab.html.erb b/app/views/users/registrations/_2fa_modal_apps_tab.html.erb
index 51abf2198..08feb40da 100644
--- a/app/views/users/registrations/_2fa_modal_apps_tab.html.erb
+++ b/app/views/users/registrations/_2fa_modal_apps_tab.html.erb
@@ -66,6 +66,6 @@
     </div>
   </div>
   <div class="modal-footer">
-    <div class="btn btn-primary btn-next-step" data-step="#2fa-step-2"><%= t("users.registrations.edit.2fa_modal.step_1.start") %></div>
+    <button class="btn btn-primary btn-next-step" data-step="#2fa-step-2"><%= t("users.registrations.edit.2fa_modal.step_1.start") %></button>
   </div>
 </div>
diff --git a/app/views/users/registrations/_2fa_modal_qr_code_tab.html.erb b/app/views/users/registrations/_2fa_modal_qr_code_tab.html.erb
index d4f421c78..1dfad1611 100644
--- a/app/views/users/registrations/_2fa_modal_qr_code_tab.html.erb
+++ b/app/views/users/registrations/_2fa_modal_qr_code_tab.html.erb
@@ -8,6 +8,6 @@
     <div class="qr-code"></div>
   </div>
   <div class="modal-footer">
-    <div class="btn btn-primary btn-next-step" data-step="#2fa-step-3"><%= t("users.registrations.edit.2fa_modal.step_2.next") %></div>
+    <button class="btn btn-primary btn-next-step" data-step="#2fa-step-3"><%= t("users.registrations.edit.2fa_modal.step_2.next") %></button>
   </div>
 </div>
diff --git a/app/views/users/registrations/_2fa_modal_recovery_codes_tab.html.erb b/app/views/users/registrations/_2fa_modal_recovery_codes_tab.html.erb
new file mode 100644
index 000000000..8f325641d
--- /dev/null
+++ b/app/views/users/registrations/_2fa_modal_recovery_codes_tab.html.erb
@@ -0,0 +1,16 @@
+<div role="tabpanel" class="tab-pane" id="2fa-step-4">
+  <div class="modal-header">
+    <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">&times;</span></button>
+    <h2 class="modal-title"><%= t("users.registrations.edit.2fa_modal.step_4.title") %></h2>
+  </div>
+  <div class="modal-body">
+    <h1 class="verified-label"><i class="fas fa-check-circle">&nbsp;</i><%= t("users.registrations.edit.2fa_modal.step_4.verified") %></h1>
+    <p><%= t("users.registrations.edit.2fa_modal.step_4.description") %></p>
+    <div class="recovery-codes"></div>
+  </div>
+  <div class="modal-footer">
+    <a href download="scinote_recovery_codes.txt" class="btn btn-secondary download-recovery-codes">
+      <%= t("users.registrations.edit.2fa_modal.step_4.download_codes") %>
+    </a>
+  </div>
+</div>
diff --git a/config/initializers/constants.rb b/config/initializers/constants.rb
index 792a14937..346c73c12 100644
--- a/config/initializers/constants.rb
+++ b/config/initializers/constants.rb
@@ -219,6 +219,8 @@ class Constants
       ios: 'https://apps.apple.com/us/app/2fa-authenticator-2fas/id1217793794'
     },
   }
+  TWO_FACTOR_RECOVERY_CODE_COUNT = 6
+  TWO_FACTOR_RECOVERY_CODE_LENGTH = 12
 
   #=============================================================================
   # Protocol importers
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 7967a534e..b13149b13 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -1672,6 +1672,11 @@ en:
             description: "Enter the generated code into the fields bellow to finalize the setup of the two-factor authorisation."
             enter_code: "Enter authenticator code"
             verify: "Verify"
+          step_4:
+            title: "4. Save your bypass codes"
+            verified: "2FA Verified"
+            description: "Your 2FA is now verified. Save these one-time codes bellow to access your account in case you lose your device. This way you will be able to reset the authorization."
+            download_codes: "Download codes"
           disable:
             title: "Disable two-factor authentication"
             description: "Enter your password bellow to confirm disableing 2FA. This will remove authentication, from your account and make you more vulnerable to potential attacks."
diff --git a/db/migrate/20200709142830_add_otp_recovery_codes_to_users.rb b/db/migrate/20200709142830_add_otp_recovery_codes_to_users.rb
new file mode 100644
index 000000000..62a58aa60
--- /dev/null
+++ b/db/migrate/20200709142830_add_otp_recovery_codes_to_users.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class AddOtpRecoveryCodesToUsers < ActiveRecord::Migration[6.0]
+  def change
+    change_table :users, bulk: true do |t|
+      t.jsonb :otp_recovery_codes
+    end
+  end
+end
diff --git a/db/structure.sql b/db/structure.sql
index 64b2353de..212fa0e91 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -2659,7 +2659,8 @@ CREATE TABLE public.users (
     settings jsonb DEFAULT '{}'::jsonb NOT NULL,
     variables jsonb DEFAULT '{}'::jsonb NOT NULL,
     two_factor_auth_enabled boolean DEFAULT false NOT NULL,
-    otp_secret character varying
+    otp_secret character varying,
+    otp_recovery_codes jsonb
 );
 
 
@@ -7270,6 +7271,7 @@ INSERT INTO "schema_migrations" (version) VALUES
 ('20200603125407'),
 ('20200604210943'),
 ('20200622140843'),
-('20200622155632');
+('20200622155632'),
+('20200709142830');
 
 

From 7d20bf6fea7d44da3ddb75b409c1cc41293a9250 Mon Sep 17 00:00:00 2001
From: aignatov-bio <aignatov@biosistemika.com>
Date: Mon, 13 Jul 2020 09:51:04 +0200
Subject: [PATCH 15/17] Add recovery screen

---
 app/controllers/users/sessions_controller.rb  | 25 +++++++++++++++++++
 .../users/sessions/two_factor_auth.html.erb   |  2 ++
 .../sessions/two_factor_recovery.html.erb     | 19 ++++++++++++++
 config/routes.rb                              |  2 ++
 4 files changed, 48 insertions(+)
 create mode 100644 app/views/users/sessions/two_factor_recovery.html.erb

diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb
index aef23a8c1..c11e25e15 100644
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@@ -28,6 +28,12 @@ class Users::SessionsController < Devise::SessionsController
     generate_demo_project
   end
 
+  def two_factor_recovery
+    unless session[:otp_user_id]
+      redirect_to new_user_session_path
+    end
+  end
+
   # DELETE /resource/sign_out
   # def destroy
   #   super
@@ -83,6 +89,25 @@ class Users::SessionsController < Devise::SessionsController
     end
   end
 
+  def authenticate_with_recovery_code
+    user = User.find_by(id: session[:otp_user_id])
+
+    unless user
+      flash[:alert] = t('devise.sessions.2fa.no_user_error')
+      redirect_to root_path && return
+    end
+
+    session.delete(:otp_user_id)
+    if user.recover_2fa!(params[:recovery_code])
+      sign_in(user)
+      generate_demo_project
+      flash[:notice] = t('devise.sessions.signed_in')
+    else
+      flash.now[:alert] = t('Not correct recovery code')
+    end
+    redirect_to root_path
+  end
+
   protected
 
   # If you have extra params to permit, append them to the sanitizer.
diff --git a/app/views/users/sessions/two_factor_auth.html.erb b/app/views/users/sessions/two_factor_auth.html.erb
index ec1de0fa4..38dfdec22 100644
--- a/app/views/users/sessions/two_factor_auth.html.erb
+++ b/app/views/users/sessions/two_factor_auth.html.erb
@@ -13,6 +13,8 @@
         <div class="actions" style="margin-top: 10px; margin-bottom: 10px;">
           <%= button_tag t("devise.sessions.new.submit"), type: :submit, class: "btn btn-primary log-in-button" %>
         </div>
+
+        <%= link_to 'I have a bypass code', users_two_factor_recovery_path %>
     <% end %>
     </div>
   </div>
diff --git a/app/views/users/sessions/two_factor_recovery.html.erb b/app/views/users/sessions/two_factor_recovery.html.erb
new file mode 100644
index 000000000..d614d621f
--- /dev/null
+++ b/app/views/users/sessions/two_factor_recovery.html.erb
@@ -0,0 +1,19 @@
+<% provide(:head_title, '2FA Bypass') %>
+<% content_for(:body_class, 'sign-in-layout') %>
+<div class="sign-in-container">
+  <div class="sign-in-form-wrapper">
+    <div class="center-block center-block-narrow">
+      <h1 class="log-in-title">2FA Bypass</h1>
+      <%= form_with url: users_authenticate_with_recovery_code_path, local: true  do %>
+        <div class="input-group sci-input-container">
+          <%= label :recovery_code, 'Bypass code' %>
+          <%= text_field_tag(:recovery_code, '', { class: "form-control sci-input-field" })%>
+        </div>
+
+        <div class="actions" style="margin-top: 10px; margin-bottom: 10px;">
+          <%= button_tag 'Enter', type: :submit, class: "btn btn-primary" %>
+        </div>
+    <% end %>
+    </div>
+  </div>
+</div>
diff --git a/config/routes.rb b/config/routes.rb
index a40473c03..9f3521be1 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -656,7 +656,9 @@ Rails.application.routes.draw do
       get 'avatar/:id/:style' => 'users/registrations#avatar', as: 'avatar'
       get 'users/auth_token_sign_in' => 'users/sessions#auth_token_create'
       get 'users/sign_up_provider' => 'users/registrations#new_with_provider'
+      get 'users/two_factor_recovery' => 'users/sessions#two_factor_recovery'
       post 'users/authenticate_with_two_factor' => 'users/sessions#authenticate_with_two_factor'
+      post 'users/authenticate_with_recovery_code' => 'users/sessions#authenticate_with_recovery_code'
       post 'users/complete_sign_up_provider' => 'users/registrations#create_with_provider'
 
       post 'users/2fa_enable' => 'users/registrations#two_factor_enable'

From c5929544002fe0f68c9bdc167f4a163e3fa2641e Mon Sep 17 00:00:00 2001
From: aignatov-bio <aignatov@biosistemika.com>
Date: Mon, 13 Jul 2020 16:05:23 +0200
Subject: [PATCH 16/17] Add UX

---
 app/controllers/users/sessions_controller.rb    |  6 ++++--
 app/models/user.rb                              |  2 +-
 .../users/sessions/two_factor_auth.html.erb     | 17 +++++++++--------
 .../users/sessions/two_factor_recovery.html.erb | 13 +++++++------
 config/locales/en.yml                           | 16 ++++++++++++----
 5 files changed, 33 insertions(+), 21 deletions(-)

diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb
index c11e25e15..ca575eddb 100644
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@@ -102,10 +102,12 @@ class Users::SessionsController < Devise::SessionsController
       sign_in(user)
       generate_demo_project
       flash[:notice] = t('devise.sessions.signed_in')
+      redirect_to root_path
     else
-      flash.now[:alert] = t('Not correct recovery code')
+      flash[:alert] = t("devise.sessions.2fa_recovery.not_correct_code")
+      redirect_to new_user_session_path
     end
-    redirect_to root_path
+
   end
 
   protected
diff --git a/app/models/user.rb b/app/models/user.rb
index 268ac7e99..cc0dd5cc4 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -676,7 +676,7 @@ class User < ApplicationRecord
 
     otp_recovery_codes.each do |recovery_code|
       if Devise::Encryptor.compare(self.class, recovery_code, code)
-        update(otp_recovery_codes: otp_recovery_codes.reject { |i| i == recovery_code })
+        update!(otp_recovery_codes: otp_recovery_codes.reject { |i| i == recovery_code })
         return true
       end
     end
diff --git a/app/views/users/sessions/two_factor_auth.html.erb b/app/views/users/sessions/two_factor_auth.html.erb
index 38dfdec22..c2db9afa5 100644
--- a/app/views/users/sessions/two_factor_auth.html.erb
+++ b/app/views/users/sessions/two_factor_auth.html.erb
@@ -3,18 +3,19 @@
 <div class="sign-in-container">
   <div class="sign-in-form-wrapper">
     <div class="center-block center-block-narrow">
-      <h1 class="log-in-title"><%=t "devise.sessions.2fa.title" %></h1>
+      <h1 class="log-in-title"><%= t "devise.sessions.2fa.title" %></h1>
       <%= form_with url: users_authenticate_with_two_factor_url, local: true  do %>
-        <div class="input-group sci-input-container">
+        <p><%= t "devise.sessions.2fa.description" %></p>
+        <p class="input-group sci-input-container">
           <%= label :otp, t("devise.sessions.2fa.field") %>
-          <%= text_field_tag(:otp, '', { class: "form-control sci-input-field", placeholder: t("devise.sessions.2fa.placeholder") })%>
-        </div>
+          <%= text_field_tag(:otp, '', { class: "form-control sci-input-field" })%>
+        </p>
 
-        <div class="actions" style="margin-top: 10px; margin-bottom: 10px;">
-          <%= button_tag t("devise.sessions.new.submit"), type: :submit, class: "btn btn-primary log-in-button" %>
-        </div>
+        <p class="actions">
+          <%= button_tag t("devise.sessions.2fa.enter"), type: :submit, class: "btn btn-primary" %>
+        </p>
 
-        <%= link_to 'I have a bypass code', users_two_factor_recovery_path %>
+        <%= link_to t("devise.sessions.2fa.bypass_code_link"), users_two_factor_recovery_path %>
     <% end %>
     </div>
   </div>
diff --git a/app/views/users/sessions/two_factor_recovery.html.erb b/app/views/users/sessions/two_factor_recovery.html.erb
index d614d621f..3b7f6eaa4 100644
--- a/app/views/users/sessions/two_factor_recovery.html.erb
+++ b/app/views/users/sessions/two_factor_recovery.html.erb
@@ -3,15 +3,16 @@
 <div class="sign-in-container">
   <div class="sign-in-form-wrapper">
     <div class="center-block center-block-narrow">
-      <h1 class="log-in-title">2FA Bypass</h1>
+      <h1 class="log-in-title"><%= t "devise.sessions.2fa_recovery.title" %></h1>
       <%= form_with url: users_authenticate_with_recovery_code_path, local: true  do %>
-        <div class="input-group sci-input-container">
-          <%= label :recovery_code, 'Bypass code' %>
+        <p><%= t "devise.sessions.2fa_recovery.description" %></p>
+        <p class="input-group sci-input-container">
+          <%= label :recovery_code, t("devise.sessions.2fa_recovery.bypass_code") %>
           <%= text_field_tag(:recovery_code, '', { class: "form-control sci-input-field" })%>
-        </div>
+        </p>
 
-        <div class="actions" style="margin-top: 10px; margin-bottom: 10px;">
-          <%= button_tag 'Enter', type: :submit, class: "btn btn-primary" %>
+        <div class="actions">
+          <%= button_tag t("devise.sessions.2fa_recovery.enter"), type: :submit, class: "btn btn-primary" %>
         </div>
     <% end %>
     </div>
diff --git a/config/locales/en.yml b/config/locales/en.yml
index b13149b13..92bb60692 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -34,11 +34,19 @@ en:
         remember_me: "Remember me"
         submit: "Log in"
       2fa:
-        title: "Two factor check"
-        field: "One time password"
-        placeholder: "Enter code"
-        error_message: "One Time Password is not correct."
+        title: "Two-factor authentication"
+        description: "Enter the one-time code found in your authenticator app to log in to SciNote."
+        field: "Authenticator code"
+        error_message: "One time code is not correct."
         no_user_error: "Cannot find user!"
+        enter: "Enter"
+        bypass_code_link: "I have a bypass code"
+      2fa_recovery:
+        title: "2FA Bypass"
+        description: "Enter one of the bypass codes provided when you creted 2FA authentication. The code will no longer be valid after use."
+        bypass_code: "Bypass code"
+        enter: "Enter"
+        not_correct_code: "Not correct recovery code"
       create:
         team_name: "%{user}'s projects"
       auth_token_create:

From cadbc3e47bc49bf9eac477756ef609008806a624 Mon Sep 17 00:00:00 2001
From: aignatov-bio <aignatov@biosistemika.com>
Date: Tue, 14 Jul 2020 11:20:06 +0200
Subject: [PATCH 17/17] Fix tests

---
 spec/controllers/users/sessions_controller_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/controllers/users/sessions_controller_spec.rb b/spec/controllers/users/sessions_controller_spec.rb
index 718939da1..f7fa1adf8 100644
--- a/spec/controllers/users/sessions_controller_spec.rb
+++ b/spec/controllers/users/sessions_controller_spec.rb
@@ -84,7 +84,7 @@ RSpec.describe Users::SessionsController, type: :controller do
         allow_any_instance_of(User).to receive(:valid_otp?).and_return(nil)
         action
 
-        expect(flash[:alert]).to eq('One Time Password is not correct.')
+        expect(flash[:alert]).to eq(I18n.t('devise.sessions.2fa.error_message'))
       end
 
       it 'does not set current user' do