prep for 2fa login check

- new 2fa checker page to be inserted between initial login and completion of login
- new views and forms for above

bookwyrm/forms/edit_user.py

@@ -123,6 +123,7 @@ class ConfirmPasswordForm(CustomForm):
 class Confirm2FAForm(CustomForm):
     otp = forms.CharField(max_length=6, min_length=6, widget=forms.TextInput)
 
+    # IDK if we need this?
     class Meta:
         model = models.User
         fields = ["otp_secret"]
@@ -133,4 +134,16 @@ class Confirm2FAForm(CustomForm):
         totp = pyotp.TOTP(self.instance.otp_secret)
 
         if not totp.verify(otp):
-            self.add_error("otp", _("Code does not match"))
+            # maybe it's a backup code?
+            hotp = pyotp.HOTP(self.instance.otp_secret)
+            hotp_count = (
+                self.instance.hotp_count if self.instance.hotp_count is not None else 0
+            )
+
+            if not hotp.verify(otp, hotp_count):
+                self.add_error("otp", _("Code does not match"))
+
+            # TODO: backup codes
+            # increment the user hotp_count if it was an HOTP
+            # self.instance.hotp_count = hotp_count + 1
+            # self.instance.save(broadcast=False, update_fields=["hotp_count"])