Make 2fa backup codes EVEN MORE EYE CATCHING

SS14.Web/Areas/Identity/Pages/Account/Manage/GenerateRecoveryCodes.cshtml

@@ -7,13 +7,14 @@
 
 <partial name="_StatusMessage" for="StatusMessage" />
 <h4>@ViewData["Title"]</h4>
-<div class="alert alert-warning" role="alert">
+<div class="alert alert-danger" role="alert">
     <p>
-        <span class="glyphicon glyphicon-warning-sign"></span>
+        <span class="glyphicon glyphicon-danger-sign"></span>
         <strong>Put these codes in a safe place.</strong>
     </p>
     <p>
-        If you lose your device and don't have the recovery codes you will lose access to your account.
+        If you lose your device and don't have the recovery codes you will lose access to your account, recovery even by
+        email support will be highly unlikely.
     </p>
     <p>
         Generating new recovery codes does not change the keys used in authenticator apps. If you wish to change the key
@@ -24,4 +25,4 @@
     <form method="post" class="form-group">
         <button class="btn btn-danger" type="submit">Generate Recovery Codes</button>
     </form>
-</div>
+</div>

SS14.Web/Areas/Identity/Pages/Account/Manage/GenerateRecoveryCodes.cshtml.cs

@@ -71,14 +71,14 @@ public async Task<IActionResult> OnPostAsync()
         await _accountLogManager.LogAndSave(user, new AccountLogRecoveryCodesGenerated());
 
         await _userManager.UpdateAsync(user);
-        
+
         var recoveryCodes = await _userManager.GenerateNewTwoFactorRecoveryCodesAsync(user, 10);
         RecoveryCodes = recoveryCodes.ToArray();
 
         await tx.CommitAsync();
-        
+
         _logger.LogInformation("User with ID '{UserId}' has generated new 2FA recovery codes.", userId);
         StatusMessage = "You have generated new recovery codes.";
         return RedirectToPage("./ShowRecoveryCodes");
     }
-}
+}

SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml

@@ -7,13 +7,19 @@
 
 <partial name="_StatusMessage" for="StatusMessage" />
 <h4>@ViewData["Title"]</h4>
-<div class="alert alert-warning" role="alert">
+<div class="alert alert-danger" role="alert">
     <p>
         <strong>Put these codes in a safe place.</strong>
     </p>
     <p>
-        If you lose your device and don't have the recovery codes you will lose access to your account.
+        If you lose your device and don't have the recovery codes you will lose access to your account, recovery even
+        by email support will be highly unlikely.
     </p>
+    <p>
+        Something like a physical notepad or a digital notes app is a good place to put these down, while not recommended
+        if you got a password manager it should have a notes or description field that you can use as well. It's also suggested to make multiple copies.
+    </p>
+    <p style="font-size: 40px; text-decoration: underline;">SERIOUSLY, write these down somewhere.</p>
 </div>
 <div class="row">
     <div class="col-md-12">
@@ -22,4 +28,10 @@
             <code class="recovery-code">@Model.RecoveryCodes[row]</code><text>&nbsp;</text><code class="recovery-code">@Model.RecoveryCodes[row + 1]</code><br />
         }
     </div>
-</div>
+</div>
+<br />
+<div>
+    <form id="download-recovery" asp-page-handler="DownloadRecoveryCodes" method="post" class="form-group">
+        <button class="btn btn-primary" type="submit">Download codes</button>
+    </form>
+</div>

SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml.cs

@@ -1,16 +1,27 @@
 using System;
-using System.Collections.Generic;
 using System.Linq;
+using System.Net.Mime;
+using System.Text;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.RazorPages;
-using Microsoft.Extensions.Logging;
+using SS14.Auth.Shared.Data;
 
 namespace SS14.Web.Areas.Identity.Pages.Account.Manage;
 
 public class ShowRecoveryCodesModel : PageModel
 {
+    private readonly SpaceUserManager _userManager;
+    private readonly ApplicationDbContext _dbContext;
+
+    public ShowRecoveryCodesModel(
+        SpaceUserManager userManager,
+        ApplicationDbContext dbContext)
+    {
+        _userManager = userManager;
+        _dbContext = dbContext;
+    }
+
     [TempData]
     public string[] RecoveryCodes { get; set; }
 
@@ -26,4 +37,27 @@ public IActionResult OnGet()
 
         return Page();
     }
-}
+
+    public async Task<IActionResult> OnPostDownloadRecoveryCodes()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        var rawValue = _dbContext.UserTokens
+            .Where(x => x.UserId == user.Id && x.Name == "RecoveryCodes")
+            .Select(q => q.Value)
+            .FirstOrDefault();
+
+        var recoveryCodes = rawValue?.Split(';', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries)
+                            ?? [];
+
+        var header = $"These are the 2fa recovery codes for the Space Station 14 account {user.UserName}. Keep them in a safe place.\n\n";
+        var text = header + string.Join("\n", recoveryCodes);
+
+        Response.Headers.Add("Content-Disposition", $"attachment; filename=SS14-{user.UserName}-Recovery.txt");
+        return new FileContentResult(Encoding.UTF8.GetBytes(text), MediaTypeNames.Text.Plain);
+    }
+}