* Add recovery code support for two-factor auth
When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.
The two-factor prompt during login now accepts both OTP codes and
The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.
Fixes#563 and fixes#987
* Set OTP_SECRET in test enviroment
* add missing .html to view file names
It took me ages to get Mastodon set up with the tests passing because
the environment variables I needed to define weren't documented and I
had to work them out one at a time.
This change adds a .env.test file, and makes it so it isn't ignored by
git. I think it makes sense for the .env.test file to be in git, since
there's nothing secret in it, but other approaches would be to have a
.env.test.sample (like the corresponding one for production), or to set
these values in a test helper, or to adapt the tests to work with
environments other than this one. I'd be happy to make these changes if
that would be preferred.
Being able to get set up and run the tests is a pretty important part of
being able to contribute to Mastodon (or your test coverage with
suffer!), so having some sort of solution like this one is vital.