rails_base 0.75.6 → 0.80.0

data/app/services/rails_base/mfa/totp/remove.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module RailsBase::Mfa::Totp
+  class Remove < RailsBase::ServiceBase
+    include Helper
+
+    delegate :user, to: :context
+    delegate :otp_code, to: :context
+    delegate :password, to: :context
+
+    def call
+      password_result = RailsBase::Authentication::AuthenticateUser.(email: user.email, current_user: user, password: password)
+
+      if password_result.failure?
+        log(level: :debug, msg: "#{lgp} Password validation failed. Unable to continue")
+        context.fail!(message: password_result.message)
+      end
+
+      valid_code = ValidateCode.(user: user, otp_code: otp_code)
+      if valid_code.failure?
+        log(level: :debug, msg: "#{lgp} Code Validation failed.")
+        context.fail!(message: "#{valid_code.message}. Please try again.")
+      end
+
+      begin
+        user.reset_otp!
+        log(level: :info, msg: "#{lgp} TOTP successfully removed from User Account")
+      rescue => e
+        context.fail!(message: "Yikes! Unknown error occured. TOTP was not removed from the account.")
+      end
+    end
+
+    def validate!
+      raise "Expected user to be a User." unless User === user
+      raise "Expected otp_code to be present" if otp_code.nil?
+      raise "Expected password to be present" if password.nil?
+    end
+  end
+end
+

data/app/services/rails_base/mfa/totp/validate_code.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module RailsBase::Mfa::Totp
+  class ValidateCode < RailsBase::ServiceBase
+    include Helper
+
+    delegate :user, to: :context
+    delegate :otp_code, to: :context
+
+    def call
+      return if validate_and_consume_otp
+
+      context.fail!(message: "Invalid TOTP code")
+    end
+
+    def validate_and_consume_otp
+      if user.consumed_timestep
+        # reconstruct the timestamp of the last consumed timestep
+        after_timestamp = user.consumed_timestep * otp.interval
+      end
+
+      if otp.verify(otp_code.gsub(/\s+/, ""), drift_behind: User.totp_drift_behind, drift_ahead: User.totp_drift_ahead, after: after_timestamp)
+        log(level: :debug, msg: "#{lgp} Correct code provided")
+        return consume_otp!
+      else
+        log(level: :debug, msg: "#{lgp} InValid code provided")
+      end
+
+      false
+    end
+
+    # An OTP cannot be used more than once in a given timestep
+    # Storing timestep of last valid OTP is sufficient to satisfy this requirement
+    def consume_otp!
+      timestep = Time.now.utc.to_i / otp.interval
+      if user.consumed_timestep != timestep
+        user.consumed_timestep = timestep
+        log(level: :debug, msg: "#{lgp} Consuming timestep based on code input")
+        return user.save(validate: false)
+      end
+
+      log(level: :debug, msg: "#{lgp} Timestep for code was already consumed. Invalid code")
+      false
+    end
+
+    def validate!
+      raise "Expected user to be a User. " unless User === user
+      raise "Expected otp_code to be present" if otp_code.nil?
+      raise "Expected `otp_secret` passed in or `otp_secret` present on User" if secret.nil?
+    end
+  end
+end

data/app/services/rails_base/mfa/totp/validate_temporary_code.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module RailsBase::Mfa::Totp
+  class ValidateTemporaryCode < RailsBase::ServiceBase
+    include Helper
+
+    delegate :user, to: :context
+    delegate :otp_code, to: :context
+
+    def call
+      valid_code = ValidateCode.(user: user, otp_code: otp_code, otp_secret: current_secret)
+      if valid_code.failure?
+        log(level: :debug, msg: "#{lgp} Code Validation failed. Will not persist temporary token")
+        context.fail!(message: valid_code.message)
+      end
+
+      log(level: :info, msg: "#{lgp} correctly validated authenticator code. Persisting")
+      user.persist_otp_metadata!
+      if user.otp_backup_codes.empty?
+        backup_codes = user.generate_otp_backup_codes!
+        log(level: :info, msg: "#{lgp} first authenticator added. Generating Backup Codes. Will also return backup codes to user")
+        context.backup_codes = backup_codes
+      else
+        log(level: :warn, msg: "#{lgp} added additional Authenticator. Will NOT provide backup codes")
+      end
+    end
+
+    def current_secret
+      @current_secret ||= user.reload.otp_metadata(safe: true, use_existing_temp: true)[:secret]
+    end
+
+    def validate!
+      raise "Expected user to be a User. " unless User === user
+      raise "Expected otp_code to be present" if otp_code.nil?
+    end
+  end
+end

data/app/services/rails_base/mfa.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module RailsBase::Mfa
+  MFA_DECISIONS = [
+    OTP = :otp,
+    SMS = :sms,
+    NONE = :none
+  ]
+
+  def self.mfa_link(mfa:, mfa_event:)
+    case mfa
+    when OTP
+      { method: :get, link: RailsBase.url_routes.mfa_with_event_path(mfa_event:, type: mfa) }
+    when SMS
+      { method: :post, link: RailsBase.url_routes.sms_validate_send_event_path(mfa_event:) }
+    end
+  end
+end

data/app/services/rails_base/name_change.rb

@@ -41,9 +41,9 @@ class RailsBase::NameChange < RailsBase::ServiceBase
 		return if admin_user_id
 
 		RailsBase::EmailVerificationMailer.event(
-			user: current_user,
-			event: "Succesfull name change",
-			msg: "We changed the name on your account from #{original_name} to #{context.name_change}."
+			current_user,
+			"Succesfull name change",
+			"We changed the name on your account from #{original_name} to #{context.name_change}."
 		).deliver_me
 	end
 

data/app/views/layouts/rails_base/application.html.erb

@@ -83,12 +83,28 @@
         <%= render partial: 'rails_base/shared/logged_out_header'%>
       <% end %>
       <% if notice %>
-      <div class="alert alert-success alert-dismissible fade show" role="alert">
-        <%= notice %>
-        <button type="button" class="close" data-dismiss="alert" aria-label="Close">
-          <span aria-hidden="true">&times;</span>
-        </button>
-      </div>
+        <% if session.delete(:add_mfa_button) %>
+          <div class="alert alert-success alert-dismissible fade show" role="alert">
+            <div class="row">
+              <div class="col-md-6">
+                <%= notice %>
+              </div>
+              <div class="col-md-6">
+                <%= link_to "Enable MFA", RailsBase.url_routes.user_settings_path(openmfa: true), method: :get, class: "btn btn-light float-right" %>
+              </div>
+              <button type="button" class="close" data-dismiss="alert" aria-label="Close">
+                <span aria-hidden="true">&times;</span>
+              </button>
+            </div>
+          </div>
+        <% else %>
+          <div class="alert alert-success alert-dismissible fade show" role="alert">
+            <%= notice %>
+            <button type="button" class="close" data-dismiss="alert" aria-label="Close">
+              <span aria-hidden="true">&times;</span>
+            </button>
+          </div>
+        <% end %>
       <% end %>
       <% if alert %>
         <div class="alert alert-danger alert-dismissible fade show" role="alert">

data/app/views/rails_base/devise/passwords/new.html.erb

@@ -10,7 +10,7 @@
     		<%= f.label :email, class: 'text-center' %><br>
 	      <%= f.email_field :email, autofocus: true, autocomplete: "email", placeholder: :email, class: 'form-control'%>
       <div class="invalid-feedback">
-        Password Confirmation does not match Password
+        Valid email required
       </div>
 	  </div>
 	</div>

data/app/views/rails_base/mfa/_switch_mfa_type.html.erb

@@ -0,0 +1,17 @@
+<% if mfa_options.length > 0 %>
+<br>
+<div class="row">
+  <div class="col-md-6 offset-3">
+    <hr>
+  </div>
+</div>
+<% end %>
+
+<% mfa_options.each do |metadata| %>
+  <br>
+  <div class="row">
+    <div class="col-md-6 offset-md-3">
+      <%= link_to metadata[:text], metadata[:link], method: metadata[:method], class: "btn btn-warning btn-block" %>
+    </div>
+  </div>
+<% end %>

data/app/views/rails_base/mfa/validate/sms/sms_event_input.html.erb

@@ -0,0 +1,2 @@
+
+<%= render partial: 'rails_base/shared/mfa/sms/login_input', locals: {  mfa_options: @mfa_options, mfa_event: @__rails_base_mfa_event } %>

data/app/views/rails_base/mfa/validate/totp/totp_event_input.html.erb

@@ -0,0 +1 @@
+<%= render partial: 'rails_base/shared/mfa/totp/login_input', locals: { endpoint: RailsBase.url_routes.totp_validate_event_path(mfa_event: @__rails_base_mfa_event.event), type: :rest, mfa_options: @mfa_options } %>

data/app/views/rails_base/secondary_authentication/reset_password_input.html.erb

@@ -0,0 +1,4 @@
+
+<h2 class='text-center'>Reset your password <%= @user.full_name%></h2>
+
+<%= render partial: 'rails_base/shared/reset_password_form', locals: { sign_in_flow: true, url: RailsBase.url_routes.reset_password_auth_path(data: @data) }%>

data/app/views/rails_base/shared/_enable_mfa_auth_modal.html.erb

@@ -86,7 +86,7 @@
 		var data = { 'phone_number': number}
 		$.ajax({
 		  type: "POST",
-		  url: "<%= RailsBase.url_routes.phone_registration_path%>",
+		  url: "<%= RailsBase.url_routes.phone_registration_path %>",
 		  headers: { 'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content') },
 		  dataType: 'json',
 		  data: data,

data/app/views/rails_base/shared/_logged_in_header.html.erb

@@ -1,5 +1,5 @@
 <nav class="navbar navbar-expand-lg navbar-light bg-light">
-  <a class="navbar-brand" href="#"><%= RailsBase.config.app.web_title_logged_in(current_user)%></a>
+  <a class="navbar-brand" href="<%= RailsBase.url_routes.authenticated_root_path %>"><%= RailsBase.config.app.web_title_logged_in(current_user)%></a>
   <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
     <span class="navbar-toggler-icon"></span>
   </button>
@@ -41,22 +41,6 @@
         </button>
       </div>
       <div class="modal-body ">
-        <div class='row'>
-          <div class='col'>
-            <% if RailsBase.config.mfa.enable? %>
-              <% if current_user.mfa_enabled %>
-                <button type="button" class="btn btn-block btn_info close-me" data-toggle="modal" data-target="#modifyMfamodal">
-                    Modify 2fa Auth
-                </button>
-              <% else %>
-                <button type="button" class="btn btn-block btn_info close-me" data-toggle="modal" data-target="#enableMfamodal">
-                  Enable 2fa Auth
-                </button>
-              <% end %>
-            <% end %>
-          </div>
-        </div>
-        </br>
         <div class='row'>
           <div class='col'>
             <a class="btn btn_info btn-block" href="<%=RailsBase.url_routes.user_settings_path %>" role="button">Modify User</a>
@@ -88,14 +72,6 @@
   </div>
 </div>
 
-<% if RailsBase.config.mfa.enable? %>
-  <% if current_user.mfa_enabled %>
-    <%= render partial: 'rails_base/shared/modify_mfa_auth_modal'%>
-  <% else %>
-    <%= render partial: 'rails_base/shared/enable_mfa_auth_modal'%>
-  <% end %>
-<% end %>
-
 <% if @__admin_actions_array && @__admin_actions_array.present? %>
   <%= render partial: 'rails_base/shared/admin_actions_modal'%>
 <% end %>

data/app/views/rails_base/shared/_modify_mfa_auth_modal.html.erb

@@ -1,4 +1,10 @@
-<% confirm = "Disabling 2fa on your account will make it more vulnerable. Are you sure you want to disable two factor authentication via SMS text?" %>
+<%
+  code_length = RailsBase::Authentication::Constants::MFA_LENGTH
+  values = [
+    { name: '#smsRemovalPassword', criteria: { required: true }},
+    { name: '#smsRemovalCode', criteria: { required: true, pattern: :numeric, min_length: code_length }}
+  ]
+%>
 
 <div class="modal fade" id="modifyMfamodal" tabindex="-1" role="dialog" aria-labelledby="exampleModalLabel" aria-hidden="true">
   <div class="modal-dialog modal-lg" role="document">
@@ -9,8 +15,49 @@
           <span aria-hidden="true">&times;</span>
         </button>
       </div>
-      <div class="modal-body">
-        <%= button_to "Disable 2fa", RailsBase.url_routes.remove_phone_registration_mfa_path, data: { confirm: confirm }, method: :delete, class: "btn btn_danger btn-block" %>
+      <div class="modal-body mfaSmsModalBody">
+        <div class="mfaSmsStatusDiv"></div>
+        <%= form_with(url: RailsBase.url_routes.remove_phone_registration_mfa_path, method: :delete) do |form| %>
+          <div id="confirmSmsAuthenticationCode">
+            <div class="smsInput">
+              <div class="input-group input-group-lg">
+                <div class="input-group-prepend">
+                  <span class="input-group-text" id="smsInput-Prepend">Password</span>
+                </div>
+                <%= form.password_field :password, id: "smsRemovalPassword", class:"form-control" %>
+                <div class="invalid-feedback">
+                  Password required to remove SMS option for MFA
+                </div>
+              </div>
+            </div>
+            <br>
+            <div class="smsInput">
+              <div class="input-group input-group-lg">
+                <div class="input-group-prepend">
+                  <span class="input-group-text" id="smsInput-Prepend">SMS Code</span>
+                </div>
+                <%= form.telephone_field :sms_code, id: "smsRemovalCode", class:"form-control", placeholder: "Code delivered via SMS" %>
+                <div class="invalid-feedback">
+                  SMS Code is required. At least <%= code_length %> numerics expected
+                </div>
+              </div>
+            </div>
+            <br>
+            <div class="smsSubmit">
+              <div class="row">
+                <div class="col-md-9">
+                  <%= form.submit "Confirm SMS MFA Removal", id: "confirmSmsRemovalButton", class: " btn btn_danger btn-block" %>
+                </div>
+                <div class="col-md-3">
+                  <button type="button" id="sendSmsButton" class="btn btn_warning btn-block" onclick="sendSMS()">
+                    Send SMS
+                  </button>
+                </div>
+              </div>
+            </div>
+          </div>
+        <% end %>
+
       </div>
       <div class="modal-footer">
         <button type="button" class="mr-auto btn btn_secondary" data-dismiss="modal">Close</button>
@@ -18,3 +65,55 @@
     </div>
   </div>
 </div>
+
+
+
+<%= render partial: 'rails_base/shared/custom_form_validation_javascript', locals: { function_name: "mfaSmsRemoval", values: values } %>
+
+<script type="text/javascript">
+  $(`#confirmSmsRemovalButton`).prop("disabled", true)
+  $(`.mfaSmsModalBody input`).on("keypress", function() {
+    setConfirmButtonStatus()
+  });
+
+  $(`.mfaSmsModalBody input`).change(function() {
+    setConfirmButtonStatus()
+  });
+
+  function setConfirmButtonStatus(){
+    if(mfaSmsRemoval_validation_event()){
+      $(`#confirmSmsRemovalButton`).prop("disabled", false)
+    } else {
+      $(`#confirmSmsRemovalButton`).prop("disabled", true)
+    }
+  }
+
+  function setDelay(){
+    $(`#sendSmsButton`).prop("disabled", true)
+    timeoutClock = setTimeout(enableSendSMS, 5_000);
+  }
+
+  function enableSendSMS(){
+    $(`#sendSmsButton`).prop("disabled", false)
+  }
+
+  function sendSMS(){
+    $(`#sendSmsButton`).text("Resend SMS")
+    setDelay();
+    $.ajax({
+      type: "POST",
+      url: "<%= RailsBase.url_routes.sms_validate_send_event_path(mfa_event: RailsBase::MfaEvent::DISABLE_SMS_EVENT) %>",
+      headers: { 'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content') },
+      dataType: 'json',
+      success: function(data) {
+        html_notice = `<p class="alert alert-success">${data.message}</p>`
+        $(`.mfaSmsStatusDiv`).html(html_notice)
+      },
+      error: function(xhr, status, error) {
+        html_notice = `<p class="alert alert-danger">${xhr.responseJSON.message}</p>`
+        $(`.mfaSmsStatusDiv`).html(html_notice)
+        console.log(xhr.responseJSON)
+      }
+    })
+  }
+</script>

data/app/views/rails_base/shared/mfa/sms/_login_input.html.erb

@@ -0,0 +1,13 @@
+
+<div class="row" >
+  <div class="col-md-8 offset-md-2">
+    <%= render partial: 'rails_base/shared/mfa_input_layout', locals: { url: RailsBase.url_routes.sms_validate_event_path(mfa_event: mfa_event.event), size: 30, masked_phone: @masked_phone }%>
+    <br>
+    <div class="text-center">
+      <%= button_to 'Resend MFA', RailsBase.url_routes.sms_validate_send_event_path(mfa_event: mfa_event.event), method: :post, class: 'btn btn_warning', style: 'width: 25%;'  %>
+    </div>
+  </div>
+</div>
+
+
+<%= render partial: 'rails_base/mfa/switch_mfa_type', locals: { mfa_options: @mfa_options } %>

data/app/views/rails_base/shared/mfa/totp/_login_input.html.erb

@@ -0,0 +1,22 @@
+<div class="row text-center">
+  <div class="col-md-10 offset-md-1">
+    <div class="h1"> One Time Password</div>
+    <div class="row">
+      <div class="col">
+        MFA is required on your account before you can proceed. Please use the gnerated code from provided by your Password Manager.
+      </div>
+    </div>
+
+    <hr>
+
+    <div class="row">
+      <div class="col">
+        <div class="totpComfirmation">
+          <%= render partial: 'rails_base/shared/totp/confirm_code', locals: { endpoint: endpoint, type: :rest } %>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
+
+<%= render partial: 'rails_base/mfa/switch_mfa_type', locals: { mfa_options: mfa_options } %>

data/app/views/rails_base/shared/totp/_add_authenticator.html.erb

@@ -0,0 +1,76 @@
+<div id="totpAddAuthentication">
+  <div class="description">
+    <h4>What is this?</h4>
+    One time Passwords (OTP) are an industry standard for a secondary Authentication (MFA). <%= RailsBase.app_name %> supports One Time Passwords via Time based One Time Password (also referred to as TOTP).
+    <div class="row"><div class="col-6 offset-3">
+      <hr>
+    </div></div>
+    When TOTP is enabled on your account, upon logging in, you will be required to also provided the secondary Authentication facor before accessing your data. This is optional but highly recommended.
+    <div class="row"><div class="col-6 offset-3">
+      <hr>
+    </div></div>
+    <h4>How to use is this?</h4>
+    Using your password manager, you can scan the QR code here to store along with your Username and Password for <%= RailsBase.app_name %>. When logging in, your Password Manager should automatically give you your OTP.
+  </div>
+  <br>
+  <div class="row">
+    <div class="col-lg-6">
+      <div class="qrCode text-center"></div>
+    </div>
+    <div class="col-lg-6">
+      <div class="row otpauthLink" style="height: 50%; margin-top: 12.5%;">
+        <div class="col-12">
+          <a class="btn btn-info btn-block" id="defaultManagerURI" href="" target="_blank">Open Default Password Manager</a>
+        </div>
+      </div>
+      <div class="row otpauthLink">
+        <div class="col-12">
+          <button onclick="copyURIToClipboard()" class="btn btn-info btn-block" id="copyPasteURI">Copy To ClipBoard</button>
+        </div>
+      </div>
+    </div>
+  </div>
+
+  <br>
+  <div class="row"><div class="col-6 offset-3">
+    <hr>
+  </div></div>
+  <div class="totpValidation">
+    <div class="totpdescription">
+      <h4>Confirm TOTP code</h4>
+      Once you have added the TOTP Athentication to your password manager, please validate the below by entering the code. Once the code is validated, TOTP is enabled on your account.
+    </div>
+    <div class="totpComfirmation">
+      <%= render partial: 'rails_base/shared/totp/confirm_code', locals: { endpoint: endpoint, type: type } %>
+    </div>
+  </div>
+</div>
+
+
+<script type="text/javascript">
+  var text_to_write;
+  function copyURIToClipboard(){
+    navigator.clipboard.writeText(text_to_write)
+  }
+
+  function retrieveSuccess(data){
+    $(`#totpAddAuthentication .qrCode`).html(data.qr_code)
+    $(`#totpAddAuthentication #defaultManagerURI`).attr(`href`, data.uri)
+    text_to_write = data.uri
+  }
+
+  function retreiveSecret(){
+    $.ajax({
+      type: "POST",
+      url: "<%= RailsBase.url_routes.totp_register_secret_path %>",
+      headers: { 'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content') },
+      dataType: 'json',
+      success: function(data) {
+        retrieveSuccess(data)
+      },
+      error: function(xhr, status, error) {
+        _rails_base_display_alert(`Failed to get event`);
+      }
+    })
+  }
+</script>

data/app/views/rails_base/shared/totp/_add_authenticator_modal.html.erb

@@ -0,0 +1,25 @@
+<div class="modal fade" id="totpEnableModal" tabindex="-1" role="dialog" aria-labelledby="exampleModalLabel" aria-hidden="true">
+  <div class="modal-dialog modal-lg" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+        <h3 class="modal-title" id="exampleModalLabel">Add Authenticator Device</h3>
+        <button type="button" class="close" data-dismiss="modal" aria-label="Close">
+          <span aria-hidden="true">&times;</span>
+        </button>
+      </div>
+      <div class="modal-body">
+        <%= render partial: 'rails_base/shared/totp/add_authenticator', locals: { endpoint: endpoint, type: type } %>
+      </div>
+      <div class="modal-footer">
+        <button type="button" class="mr-auto btn btn_secondary" data-dismiss="modal">Close</button>
+      </div>
+    </div>
+  </div>
+</div>
+
+<script type="text/javascript">
+  $('#totpEnableModal').on('shown.bs.modal', function (e) {
+    retreiveSecret()
+  })
+
+</script>

data/app/views/rails_base/shared/totp/_confirm_code.html.erb

@@ -0,0 +1,31 @@
+<%
+  case type
+  when :ajax
+    partial = "rails_base/shared/totp/confirm_code_ajax"
+    endpoint = endpoint
+  when :rest
+    partial = "rails_base/shared/totp/confirm_code_rest"
+    endpoint = endpoint
+  else
+    raise "type must be of [:ajax, :rest]"
+  end
+%>
+<%= form_with(url: endpoint, method: :post) do |f| %>
+  <div id="confirmTotpAuthenticationCode">
+    <br>
+    <div class="totpInput">
+      <div class="input-group input-group-lg">
+        <div class="input-group-prepend">
+          <span class="input-group-text" id="totpInput-Prepend">OTP</span>
+        </div>
+        <%= f.telephone_field :totp_code, id: "totpInput-Input", class:"form-control", placeholder: "One Time Password Value" %>
+      </div>
+    </div>
+    <br>
+    <div class="totpSubmit">
+      <%= render partial: partial, locals: { endpoint: endpoint, form: f } %>
+    </div>
+  </div>
+<% end %>
+
+

data/app/views/rails_base/shared/totp/_confirm_code_ajax.html.erb

@@ -0,0 +1,3 @@
+<script type="text/javascript">
+
+</script>

data/app/views/rails_base/shared/totp/_confirm_code_rest.html.erb

@@ -0,0 +1,5 @@
+<div class="row">
+  <div class="col-md-6 offset-md-3">
+    <%= form.submit "Confirm OTP Code", class: " btn btn_success btn-block" %>
+  </div>
+</div>

data/app/views/rails_base/shared/totp/_remove_authenticator_modal.html.erb

@@ -0,0 +1,50 @@
+<div class="modal fade" id="totpDisableModal" tabindex="-1" role="dialog" aria-labelledby="exampleModalLabel" aria-hidden="true">
+  <div class="modal-dialog modal-lg" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+        <h3 class="modal-title" id="exampleModalLabel">Remove TOTP as Multi Factor Authenticator</h3>
+        <button type="button" class="close" data-dismiss="modal" aria-label="Close">
+          <span aria-hidden="true">&times;</span>
+        </button>
+      </div>
+      <div class="modal-body">
+        <div class="text-center">
+          Time based One time Password is one of the the most Secure MFA option that <%= RailsBase.app_name %> provides. If you would like to remove this MFA option, please enter your credentials below and confirm. Upon Successful request, TOTP is no longer active on your account
+        </div>
+        <hr>
+        <%= form_with(url: RailsBase.url_routes.totp_register_delete_path, method: :delete) do |form| %>
+          <div id="confirmTotpAuthenticationCode">
+            <div class="totpInput">
+              <div class="input-group input-group-lg">
+                <div class="input-group-prepend">
+                  <span class="input-group-text" id="totpInput-Prepend">Password</span>
+                </div>
+                <%= form.password_field :password, id: "totpRemoval-password", class:"form-control" %>
+              </div>
+            </div>
+            <br>
+            <div class="totpInput">
+              <div class="input-group input-group-lg">
+                <div class="input-group-prepend">
+                  <span class="input-group-text" id="totpInput-Prepend">TOTP</span>
+                </div>
+                <%= form.telephone_field :totp_code, id: "totpRemoval-code", class:"form-control", placeholder: "One Time Password Value" %>
+              </div>
+            </div>
+            <br>
+            <div class="totpSubmit">
+              <div class="row">
+                <div class="col-md-6 offset-md-3">
+                  <%= form.submit "Confirm TOTP Removal", class: " btn btn_danger btn-block" %>
+                </div>
+              </div>
+            </div>
+          </div>
+        <% end %>
+      </div>
+      <div class="modal-footer">
+        <button type="button" class="mr-auto btn btn_secondary" data-dismiss="modal">Close</button>
+      </div>
+    </div>
+  </div>
+</div>