Add 'otp_force' basic setting (#1051)

If the 'otp_force' and 'otp_field_enabled' basic settings are both enabled, automatically enable 2FA for the user after login or signup, if needed, by setting a new OTP secret. Redirect the user to a welcome page for scanning the QR code.

Also show the secret key in ASCII form on the user profile page for easier copying into other applications.

powerdnsadmin/routes/user.py

@@ -1,7 +1,4 @@
 import datetime
-import qrcode as qrc
-import qrcode.image.svg as qrc_svg
-from io import BytesIO
 from flask import Blueprint, request, render_template, make_response, jsonify, redirect, url_for, g, session, current_app
 from flask_login import current_user, login_required, login_manager
 
@@ -94,13 +91,9 @@ def qrcode():
     if not current_user:
         return redirect(url_for('index'))
 
-    img = qrc.make(current_user.get_totp_uri(),
-                   image_factory=qrc_svg.SvgPathImage)
-    stream = BytesIO()
-    img.save(stream)
-    return stream.getvalue(), 200, {
+    return current_user.get_qrcode_value(), 200, {
         'Content-Type': 'image/svg+xml',
         'Cache-Control': 'no-cache, no-store, must-revalidate',
         'Pragma': 'no-cache',
         'Expires': '0'
-    }
+    }