Update MFA totp factor enroll flow (#37)

* update styles

* remove qr from factor details

* update styles

* qr code modal for totp

* update factor endpoints

* Update html to center buttons on enroll_factor

---------

Co-authored-by: Adam Wolfman <[email protected]>

Author: edignot

python-flask-mfa-example/app.py

@@ -1,5 +1,5 @@
 import os
-from flask import Flask, session, redirect, render_template, request, url_for
+from flask import Flask, session, redirect, render_template, request, url_for, jsonify
 import json
 import workos
 
@@ -36,31 +36,39 @@ def enroll_factor_details():
     return render_template("enroll_factor.html")
 
 
-@app.route("/enroll_factor", methods=["POST"])
-def enroll_factor():
+@app.route("/enroll_sms_factor", methods=["POST"])
+def enroll_sms_factor():
     factor_type = request.form.get("type")
-    totp_issuer = request.form.get("totp_issuer")
-    totp_user = request.form.get("totp_user")
     phone_number = request.form.get("phone_number")
 
-    if factor_type == "sms":
-        factor_type = "sms"
-        new_factor = workos.client.mfa.enroll_factor(
-            type=factor_type, phone_number=phone_number
-        )
+    new_factor = workos.client.mfa.enroll_factor(
+        type=factor_type, 
+        phone_number=phone_number
+    )
 
-    if factor_type == "totp":
-        factor_type = "totp"
-        new_factor = workos.client.mfa.enroll_factor(
-            type=factor_type, totp_issuer=totp_issuer, totp_user=totp_user
-        )
-    print(new_factor)
     session["factor_list"].append(new_factor)
-    print(session["factor_list"])
     session.modified = True
     return redirect("/")
 
 
+@app.route('/enroll_totp_factor', methods=['POST'])
+def enroll_totp_factor():
+    data = request.get_json()
+    type = data['type']
+    issuer = data['issuer']
+    user = data['user']
+
+    new_factor = workos.client.mfa.enroll_factor(
+        type=type,
+        totp_issuer=issuer,
+        totp_user=user
+    )
+
+    session['factor_list'].append(new_factor)
+    session.modified = True
+    return jsonify(new_factor['totp']['qr_code'])
+
+
 @app.route("/factor_detail")
 def factor_detail():
     factorId = request.args.get("id")
@@ -72,17 +80,13 @@ def factor_detail():
         if factor["type"] == "sms":
             phone_number = factor["sms"]["phone_number"]
 
-        if factor["type"] == "totp":
-            session["current_factor_qr"] = factor["totp"]["qr_code"]
-
     session["current_factor"] = fullFactor["id"]
     session["current_factor_type"] = fullFactor["type"]
     session.modified = True
     return render_template(
         "factor_detail.html",
         factor=fullFactor,
         phone_number=phone_number,
-        qr_code=session["current_factor_qr"],
     )
 
 

python-flask-mfa-example/static/login.css

@@ -1,7 +1,6 @@
 body {
     font-family: Inter, sans-serif;
     background-color: #f9f9fb;
-
 }
 
 .container_login {
@@ -126,7 +125,6 @@ h1 {
     align-items: center;
     position: relative;
     bottom: 10%;
-    /* background-color: #f9f9fb; */
 }
 
 .logged_in_div_left {
@@ -208,8 +206,7 @@ div.text_box {
     background-color: #f9f9fb;
     height: 60px;
     padding: 15px 30px 15px 30px;
-
-    z-index: 1000;
+    z-index: 998;
 }
 
 .logged_in_nav p {
@@ -273,20 +270,50 @@ pre.prettyprint {
     margin-bottom: 20px;
 }
 
-.qr_div {
-    align-self: center;
-    padding-top: 15px;
-}
-
-.qr_code {
-    width: 7vw;
-    max-width: 100px;
-}
-
 .code-input {
     width: 75px;
     height: 100px;
     margin: 0px 5px 30px 5px;
     font-size: 60px;
     color: darkslategray;
+}
+
+.overlay {
+  position: fixed;
+  top: 0;
+  left: 0;
+  right: 0;
+  bottom: 0;
+  background-color: rgba(0,0,0,0.5); 
+  z-index: 999; 
+}
+
+.modal {
+  position: absolute;
+  top: 50%;
+  left: 50%;
+  transform: translate(-50%, -50%);
+  background-color: #fff;
+  padding: 25px;
+  border-radius: 10px;
+  box-shadow: 0 0 10px rgba(0,0,0,0.5);
+  z-index: 1000;
+  display: flex;
+  flex-direction: column;
+  justify-content: center;
+  align-items: center;
+}
+
+.qr_code_instructions {
+  width: 300px;
+}
+
+.qr_code {
+  width: 300px;
+  margin: 25px;
+}
+
+button:disabled {
+  opacity: 0.5;
+  pointer-events: none;
 }

python-flask-mfa-example/templates/enroll_factor.html

@@ -42,47 +42,108 @@ <h2 class="home-hero-gradient">Enterprise Ready</h2>
                 <div class="flex space_between ">
                     <div class="factor_card">
                         <h2>Enroll SMS Factor</h2>
-                        <form method="POST" action="{{ url_for('enroll_factor') }}">
+                        <form method="POST" action="{{ url_for('enroll_sms_factor') }}">
                             <div class="flex">
                                 <div class="flex">
                                     <input class="text_input" type="text" id="phone_number" name="phone_number"
-                                        placeholder="Phone Number" required>
+                                        placeholder="Phone Number">
                                 </div>
                             </div>
-                            <div>
-                                <button type="submit" name="type" value="sms"
-                                    class="button button-outline button-sm">Enroll New
+                            <div class="flex">
+                                <div>
+                                    <button type="submit" name="type" value="sms" id="sms-factor-submit-btn" 
+                                    class="button button-outline button-sm" disabled>Enroll New
                                     Factor</button>
+                                </div>                                
                             </div>
                         </form>
                     </div>
 
                     <div class="factor_card">
                         <h2>Enroll TOTP Factor</h2>
-                        <form method="POST" action="{{ url_for('enroll_factor') }}">
+                        <div>
                             <div class="flex-column">
                                 <div class="flex">
                                     <input class="text_input" type="text" id="totp_issuer" name="totp_issuer"
-                                        placeholder="TOTP Issuer" required>
+                                        placeholder="TOTP Issuer">
                                 </div>
                                 <div class="flex">
                                     <input class="text_input" type="text" id="totp_user" name="totp_user"
-                                        placeholder="User Email" required>
+                                        placeholder="User Email">
                                 </div>
                             </div>
-                            <div>
-                                <button type="submit" name="type" value="totp"
-                                    class="button button-outline button-sm">Enroll New Factor</button>
-                            </div>
-                        </form>
+                            <div class="flex">
+                                <div>
+                                    <button value="totp" id="totp-factor-submit-btn" class="button button-outline button-sm" disabled>Enroll New Factor</button>
+                                </div>
+                            </div>                            
+                        </div>
                     </div>
 
                 </div>
             </div>
 
         </div>
     </div>
-
+    <div class="overlay" id="overlay" style="display: none;">
+        <div class="modal" id="modal">
+            <button id="close-modal-btn">I've scanned a QR code</button>
+        </div>
+    </div>
 </body>
 
+<script>
+    const phoneNumber = document.getElementById("phone_number")
+    const totpIssuer = document.getElementById("totp_issuer")
+    const totpUser = document.getElementById("totp_user") 
+    const smsSubmitButton = document.getElementById("sms-factor-submit-btn")
+    const totpSubmitButton = document.getElementById("totp-factor-submit-btn")
+    const closeModalBtn = document.getElementById("close-modal-btn")
+    const overlay = document.getElementById("overlay")
+    const modal = document.getElementById("modal")
+    phoneNumber.addEventListener("input", validateSmsForm)
+    totpIssuer.addEventListener("input", validateTotpForm)
+    totpUser.addEventListener("input", validateTotpForm)
+    function validateSmsForm() {
+        if (phoneNumber.value.trim() !== "") {
+            smsSubmitButton.disabled = false
+        } else {
+            smsSubmitButton.disabled = true
+        }
+    }
+    function validateTotpForm() {
+        if (totpIssuer.value.trim() !== "" && totpUser.value.trim() !== "") {
+            totpSubmitButton.disabled = false
+        } else {
+            totpSubmitButton.disabled = true
+        }
+    }
+    totpSubmitButton.addEventListener("click", function() {
+        fetch('/enroll_totp_factor', {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json'
+            },
+            body: JSON.stringify({
+                type: 'totp',
+                issuer: totpIssuer.value,
+                user: totpUser.value,
+            })
+        })
+            .then(response => response.json())
+            .then(qr_code => {
+                overlay.style.display = "block"
+                modal.innerHTML = `
+                    <h2>Scan the QR code</h2>
+                    <p class="qr_code_instructions">Use the authenticator app to scan the QR code. After you scan the code, click 'Continue'.</p>
+                    <img class="qr_code" src=${qr_code} alt="qr_code">
+                    <a href="/" class="button button-outline">Continue</a>
+                `
+            })
+    })
+    closeModalBtn.addEventListener("click", function() {
+        overlay.style.display = "none"
+    })
+</script>
+
 </html>

python-flask-mfa-example/templates/factor_detail.html

@@ -52,12 +52,6 @@ <h2>ID: {{factor['id']}}</h2>
                             <p>Updated At: <code>{{factor['updated_at']}}</code></p>
                         </div>
                     </div>
-                    {% if factor['type'] == 'totp' %}
-                    <div class="qr_div">
-                        <img class="qr_code" src="{{qr_code}}" alt="qr_code">
-                    </div>
-
-                    {% endif %}
                 </div>
 
                 <div class="flex-column">