users with backup code MFA could not utilize material them yet.

Billy Clark · Billy Clark · commit b44572c5ef9a · 2017-11-01T15:08:37.000-04:00
diff --git a/Makefile b/Makefile
@@ -12,6 +12,3 @@ errors:
 clean:
 	docker-compose kill
 	docker system prune -f
-
-
-# TODO: create local migrations for broker to load users and mfas to make testing easier.
diff --git a/README.md b/README.md
@@ -158,7 +158,8 @@ If configured, an alert will be shown to the user filled with the content of tha
 5. Click **hub-discovery**
 6. Click **idp4**
 7. Login as a "backup code" user: `username=`**has_backupcode** `password=`**a**
-7. TODO: add remaining steps
+8. Enter one fo the following codes to verify (`94923279, 82743523, 77802769, 01970541, 37771076, 39178450, 01813404, 00416843, 90068701, 35775442, 94923279, 82743523, 77802769, 01970541, 37771076, 39178450, 01813404, 00416843, 90068701, 35775442`)
+9. Click **Logout**
 
 #### TOTP code
 1. Goto [http://ssp-hub.local](http://ssp-hub.local)
diff --git a/dictionaries/mfa.definition.json b/dictionaries/mfa.definition.json
@@ -0,0 +1,51 @@
+
+{
+	"title": {
+		"en": "2-step verification",
+		"es": "TODO",
+		"fr": "TODO",
+		"ko": "TODO"
+	},
+	"header": {
+		"en": "2-step verification",
+		"es": "TODO",
+		"fr": "TODO",
+		"ko": "TODO"
+	},
+	"backup_code_header": {
+		"en": "Backup code",
+		"es": "TODO",
+		"fr": "TODO",
+		"ko": "TODO"
+	},
+	"backup_code_icon": {
+		"en": "Backup code icon",
+		"es": "TODO",
+		"fr": "TODO",
+		"ko": "TODO"
+	},
+	"backup_code_reminder": {
+		"en": "Each code can only be used once, so the code you enter this time will be used up and will not be available again.",
+		"es": "TODO",
+		"fr": "TODO",
+		"ko": "TODO"
+	},
+	"backup_code_input": {
+		"en": "Enter code",
+		"es": "TODO",
+		"fr": "TODO",
+		"ko": "TODO"
+	},
+	"button_verify": {
+		"en": "Verify",
+		"es": "TODO",
+		"fr": "TODO",
+		"ko": "TODO"
+	},
+	"remember_this": {
+		"en": "Remember this computer for 30 days",
+		"es": "TODO",
+		"fr": "TODO",
+		"ko": "TODO"
+	}
+}
diff --git a/themes/material/common-head-elements.php b/themes/material/common-head-elements.php
@@ -30,7 +30,7 @@
 $colors = htmlentities($this->configuration->getValue('theme.color-scheme', 'indigo-purple'));
 ?>
 <link rel="stylesheet" href="/module.php/material/material.<?= $colors ?>.1.2.1.min.css">
-<link rel="stylesheet" href="/module.php/material/styles.2.2.0.css">
+<link rel="stylesheet" href="/module.php/material/styles.2.2.1.css">
 
 <script async src="/module.php/material/material.1.2.1.min.js"></script>
 
diff --git a/themes/material/mfa/prompt-for-mfa-backupcode.php b/themes/material/mfa/prompt-for-mfa-backupcode.php
@@ -0,0 +1,99 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title><?= $this->t('{material:mfa:title}') ?></title>
+
+    <?php include __DIR__ . '/../common-head-elements.php' ?>
+</head>
+<body class="gradient-bg">
+<div class="mdl-layout mdl-layout--fixed-header fill-viewport">
+    <header class="mdl-layout__header">
+        <div class="mdl-layout__header-row">
+            <span class="mdl-layout-title">
+                <?= $this->t('{material:mfa:header}') ?>
+            </span>
+        </div>
+    </header>
+    <main class="mdl-layout__content" layout-children="column">
+        <form layout-children="column" method="POST">
+            <?php
+            foreach ($this->data['formData'] as $name => $value) {
+             ?>
+            <input type="hidden" name="<?= htmlentities($name); ?>"
+                   value="<?= htmlentities($value); ?>"/>
+            <?php
+            }
+            ?>
+            <div class="mdl-card mdl-shadow--8dp">
+                <div class="mdl-card__media white-bg margin" layout-children="column">
+                    <img src="/module.php/material/mfa-backup-codes.svg"
+                         alt="<?= $this->t('{material:mfa:backup_code_icon}') ?>">
+                </div>
+
+                <div class="mdl-card__title center">
+                    <h1 class="mdl-card__title-text">
+                        <?= $this->t('{material:mfa:backup_code_header}') ?>
+                    </h1>
+                </div>
+
+                <div class="mdl-card__title" >
+                    <p class="mdl-card__subtitle-text">
+                        <?= $this->t('{material:mfa:backup_code_reminder}') ?>
+                    </p>
+                </div>
+
+                <div class="mdl-card__supporting-text" layout-children="column">
+                    <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
+                        <label for="mfaSubmission" class="mdl-textfield__label">
+                            <?= $this->t('{material:mfa:backup_code_input}') ?>
+                        </label>
+                        <input name="mfaSubmission" class="mdl-textfield__input" autofocus
+                               id="mfaSubmission"/>
+                    </div>
+                </div>
+
+                <?php
+                $message = $this->data['errorMessage'];
+
+                if (! empty($message)) {
+                ?>
+                <div class="mdl-card__supporting-text" layout-children="column">
+                    <p class="mdl-color-text--red error">
+                        <i class="material-icons">error</i>
+
+                        <span class="mdl-typography--caption">
+                            <?= htmlentities($message) ?>
+                        </span>
+                    </p>
+                </div>
+
+                <script>
+                    ga('send','event','error','backupcode', <?= $message ?>');
+                </script>
+                <?php
+                }
+                ?>
+
+                <div class="mdl-card__actions" layout-children="row">
+                    <span flex></span>
+                    <button type="submit" name="submitMfa"
+                            class="mdl-button mdl-button--raised mdl-button--primary">
+                        <?= $this->t('{material:mfa:button_verify}') ?>
+                    </button>
+                </div>
+            </div>
+
+            <div>
+                <label class="mdl-checkbox mdl-js-checkbox mdl-js-ripple-effect">
+                    <span class="mdl-checkbox__label">
+                        <?= $this->t('{material:mfa:remember_this}') ?>
+                    </span>
+                    <input type="checkbox" name="rememberMe" value="true" checked
+                           class="mdl-checkbox__input"/>
+                </label>
+            </div>
+        </form>
+    </main>
+</div>
+</body>
+</html>
diff --git a/www/mfa-backup-codes.svg b/www/mfa-backup-codes.svg
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="24" height="24" viewBox="0 0 24 24"><path d="M13,9H18.5L13,3.5V9M6,2H14L20,8V20A2,2 0 0,1 18,22H6C4.89,22 4,21.1 4,20V4C4,2.89 4.89,2 6,2M15,18V16H6V18H15M18,14V12H6V14H18Z" /></svg>
diff --git a/www/styles.2.2.1.css b/www/styles.2.2.1.css
@@ -1,3 +1,7 @@
+p {
+  max-width: 60ch;
+}
+
 .fill-viewport {
   width: 100vw;
   height: 100vh;
@@ -68,6 +72,11 @@ form p.error > i {
   margin: 1em;
 }
 
+/* don't want images to be too small on cards */
+.mdl-card__media > img {
+  min-width: 20%;
+}
+
 /* phones (2 cards / row) */
 @media only screen and (min-width : 320px) {
   .mdl-card.row-aware {
