5 files changed, 64 insertions, 104 deletions

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index fef79cefc92..1f55b18e0b1 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -240,7 +240,7 @@ class ApplicationController < ActionController::Base
 
   def check_2fa_requirement
     if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled && !skip_two_factor?
-      redirect_to profile_account_path
+      redirect_to new_profile_two_factor_auth_path
     end
   end
 
diff --git a/app/controllers/profiles/accounts_controller.rb b/app/controllers/profiles/accounts_controller.rb
index bd827f2ab1b..175afbf8425 100644
--- a/app/controllers/profiles/accounts_controller.rb
+++ b/app/controllers/profiles/accounts_controller.rb
@@ -1,29 +1,6 @@
 class Profiles::AccountsController < Profiles::ApplicationController
-  skip_before_action :check_2fa_requirement
-  
   def show
-    unless current_user.otp_secret
-      current_user.otp_secret = User.generate_otp_secret(32)
-    end
-
-    unless current_user.otp_grace_period_started_at && two_factor_grace_period
-      current_user.otp_grace_period_started_at = Time.current
-    end
-
-    current_user.save! if current_user.changed?
-
-    if two_factor_authentication_required?
-      if two_factor_grace_period_expired?
-        flash.now[:alert] = 'You must enable Two-factor Authentication for your account.'
-      else
-        grace_period_deadline = current_user.otp_grace_period_started_at + two_factor_grace_period.hours
-        flash.now[:alert] = "You must enable Two-factor Authentication for your account before #{l(grace_period_deadline)}."
-      end
-    end
-
     @user = current_user
-
-    @qr_code = build_qr_code
   end
 
   def unlink
@@ -31,16 +8,4 @@ class Profiles::AccountsController < Profiles::ApplicationController
     current_user.identities.find_by(provider: provider).destroy
     redirect_to profile_account_path
   end
-
-  private
-
-  def build_qr_code
-    issuer = "#{issuer_host} | #{current_user.email}"
-    uri = current_user.otp_provisioning_uri(current_user.email, issuer: issuer)
-    RQRCode::render_qrcode(uri, :svg, level: :m, unit: 3)
-  end
-
-  def issuer_host
-    Gitlab.config.gitlab.host
-  end
 end
diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb
index 65ecee0746e..8f83fdd02bc 100644
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -2,7 +2,26 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
   skip_before_action :check_2fa_requirement
 
   def new
-    redirect_to profile_account_path
+    unless current_user.otp_secret
+      current_user.otp_secret = User.generate_otp_secret(32)
+    end
+
+    unless current_user.otp_grace_period_started_at && two_factor_grace_period
+      current_user.otp_grace_period_started_at = Time.current
+    end
+
+    current_user.save! if current_user.changed?
+
+    if two_factor_authentication_required?
+      if two_factor_grace_period_expired?
+        flash.now[:alert] = 'You must enable Two-factor Authentication for your account.'
+      else
+        grace_period_deadline = current_user.otp_grace_period_started_at + two_factor_grace_period.hours
+        flash.now[:alert] = "You must enable Two-factor Authentication for your account before #{l(grace_period_deadline)}."
+      end
+    end
+
+    @qr_code = build_qr_code
   end
 
   def create
@@ -13,9 +32,10 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
 
       render 'create'
     else
-      error = 'Invalid pin code'
+      @error = 'Invalid pin code'
+      @qr_code = build_qr_code
 
-      redirect_to profile_account_path, flash: { error: error }
+      render 'new'
     end
   end
 
diff --git a/app/views/profiles/accounts/show.html.haml b/app/views/profiles/accounts/show.html.haml
index a5417655001..6efd119f260 100644
--- a/app/views/profiles/accounts/show.html.haml
+++ b/app/views/profiles/accounts/show.html.haml
@@ -40,32 +40,8 @@
       %p
         Download the Google Authenticator application from App Store for iOS or Google Play for Android and scan this code.
         More information is available in the #{link_to('documentation', help_page_path('profile', 'two_factor_authentication'))}.
-      .row.append-bottom-10
-        .col-md-3
-          = raw @qr_code
-        .col-md-9
-          .account-well
-            %p.prepend-top-0.append-bottom-0
-              Can't scan the code?
-            %p.prepend-top-0.append-bottom-0
-              To add the entry manually, provide the following details to the application on your phone.
-            %p.prepend-top-0.append-bottom-0
-              Account:
-              = current_user.email
-            %p.prepend-top-0.append-bottom-0
-              Key:
-              = current_user.otp_secret.scan(/.{4}/).join(' ')
-            %p.two-factor-new-manual-content
-              Time based: Yes
-      = form_for @user, url: profile_two_factor_auth_path, method: :post do |f|
-        - if flash[:error]
-          .alert.alert-danger
-            = flash[:error]
-        .form-group
-          = label_tag :pin_code, nil, class: "label-light"
-          = text_field_tag :pin_code, nil, class: "form-control", required: true
-        .prepend-top-default
-          = submit_tag 'Enable two-factor authentication', class: 'btn btn-success'
+      .append-bottom-10
+        = link_to 'Enable two-factor authentication', new_profile_two_factor_auth_path, class: 'btn btn-success'
     - else
       = link_to 'Disable Two-factor Authentication', profile_two_factor_auth_path, method: :delete, class: 'btn btn-danger',
               data: { confirm: 'Are you sure?' }
diff --git a/app/views/profiles/two_factor_auths/new.html.haml b/app/views/profiles/two_factor_auths/new.html.haml
index b2830aa0834..c82c5962191 100644
--- a/app/views/profiles/two_factor_auths/new.html.haml
+++ b/app/views/profiles/two_factor_auths/new.html.haml
@@ -1,41 +1,40 @@
 - page_title 'Two-factor Authentication', 'Account'
 
-%h2.page-title Two-factor Authentication (2FA)
-%p
-  Download the Google Authenticator application from App Store for iOS or Google
-  Play for Android and scan this code.
-
-  More information is available in the #{link_to('documentation', help_page_path('profile', 'two_factor_authentication'))}.
-
-%hr
-
-= form_tag profile_two_factor_auth_path, method: :post, class: 'form-horizontal two-factor-new' do |f|
-  - if @error
-    .alert.alert-danger
-      = @error
-  .form-group
-    .col-lg-2.col-lg-offset-2
-      = raw @qr_code
-    .col-lg-7.col-lg-offset-1.manual-instructions
-      %h3 Can't scan the code?
-
-      %p
-        To add the entry manually, provide the following details to the
-        application on your phone.
-
-      %dl
-        %dt Account
-        %dd= current_user.email
-      %dl
-        %dt Key
-        %dd= current_user.otp_secret.scan(/.{4}/).join(' ')
-      %dl
-        %dt Time based
-        %dd Yes
-  .form-group
-    = label_tag :pin_code, nil, class: "control-label"
-    .col-lg-10
-      = text_field_tag :pin_code, nil, class: "form-control", required: true, autofocus: true
-  .form-actions
-    = submit_tag 'Submit', class: 'btn btn-success'
-    = link_to 'Configure it later', skip_profile_two_factor_auth_path, :method => :patch,  class: 'btn btn-cancel' if two_factor_skippable?
+.row.prepend-top-default
+  .col-lg-3
+    %h4.prepend-top-0
+      Two-factor Authentication (2FA)
+    %p
+      Increase your account's security by enabling two-factor authentication (2FA).
+  .col-lg-9
+    %p
+      Status: #{current_user.two_factor_enabled? ? 'enabled' : 'disabled'}
+    %p
+      Download the Google Authenticator application from App Store for iOS or Google Play for Android and scan this code.
+      More information is available in the #{link_to('documentation', help_page_path('profile', 'two_factor_authentication'))}.
+    .row.append-bottom-10
+      .col-md-3
+        = raw @qr_code
+      .col-md-9
+        .account-well
+          %p.prepend-top-0.append-bottom-0
+            Can't scan the code?
+          %p.prepend-top-0.append-bottom-0
+            To add the entry manually, provide the following details to the application on your phone.
+          %p.prepend-top-0.append-bottom-0
+            Account:
+            = current_user.email
+          %p.prepend-top-0.append-bottom-0
+            Key:
+            = current_user.otp_secret.scan(/.{4}/).join(' ')
+          %p.two-factor-new-manual-content
+            Time based: Yes
+    = form_tag profile_two_factor_auth_path, method: :post do |f|
+      - if @error
+        .alert.alert-danger
+          = @error
+      .form-group
+        = label_tag :pin_code, nil, class: "label-light"
+        = text_field_tag :pin_code, nil, class: "form-control", required: true
+      .prepend-top-default
+        = submit_tag 'Enable two-factor authentication', class: 'btn btn-success'