from rest_framework.views import APIView from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework import status from apps.core.services import TwoFactorService, generate_recovery_codes from apps.core.serializers import TwoFactorVerifySerializer class TwoFactorSetupView(APIView): permission_classes = [IsAuthenticated] def post(self, request): user = request.user two_factor = TwoFactorService.get_or_create_secret(user) if two_factor.is_enabled: return Response( {"detail": "2FA already enabled"}, status=status.HTTP_400_BAD_REQUEST ) qr_code = TwoFactorService.generate_qr_code( user, two_factor.secret, ) return Response({ "qr_code": qr_code, "secret": two_factor.secret, }) class TwoFactorEnableView(APIView): permission_classes = [IsAuthenticated] def post(self, request): serializer = TwoFactorVerifySerializer(data=request.data) serializer.is_valid(raise_exception=True) success = TwoFactorService.enable_2fa( request.user, serializer.validated_data["token"] ) if not success: return Response( {"detail": "Invalid verification code"}, status=status.HTTP_400_BAD_REQUEST ) recovery_codes = generate_recovery_codes(request.user) return Response({ "message": "Recovery codes regenerated successfully", "detail": "These recovery codes will not be shown again. " "Please store them securely.", "recovery_codes": recovery_codes, }, status=status.HTTP_200_OK) class TwoFactorDisableView(APIView): permission_classes = [IsAuthenticated] def post(self, request): serializer = TwoFactorVerifySerializer(data=request.data) serializer.is_valid(raise_exception=True) success = TwoFactorService.disable_2fa( request.user, serializer.validated_data["token"] ) if not success: return Response( {"detail": "Invalid OTP"}, status=status.HTTP_400_BAD_REQUEST ) request.user.recovery_codes.all().delete() return Response({"detail": "2FA disabled successfully"})