Commit bbf59b7

@@ -0,0 +1,4 @@
+class MfasController < ApplicationController
+  def new
+  end
+end

@@ -0,0 +1,13 @@
+<div class="container">
+  <div class="row">
+    <div class="col">
+      <h1>MFA Login</h1>
+      <%= form_for :mfa, url: mfa_path, method: :post do |form| %>
+        <div class="form-group">
+          <%= form.number_field :code, class: 'form-control', autofocus: true, required: :required %>
+        </div>
+        <%= form.button t('.login'), type: 'submit', class: 'btn btn-primary', data: { disable_with: t('.loading') } %>
+      <% end %>
+    </div>
+  </div>
+</div>

@@ -1,10 +1,12 @@
 Rails.application.routes.draw do
   # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
-  resource :session, only: [:new, :create, :destroy]
   post "/session/logout" => "sessions#destroy", as: :logout
   post "/session/new" => "sessions#new"
   resource :metadata, only: [:show]
+  resource :mfa, only: [:new, :create]
+  resource :session, only: [:new, :create, :destroy]
   resources :registrations, only: [:new, :create]
+
   namespace :my do
     resource :dashboard, only: [:show]
     resource :mfa, only: [:show, :new, :edit, :create, :destroy]

@@ -0,0 +1,21 @@
+require 'rails_helper'
+
+RSpec.describe "/mfa" do
+  context "when username/password entry has been completed" do
+    let(:current_user) { create(:user, :mfa_configured) }
+
+    before { http_login(current_user) }
+
+    describe "GET /mfa/new" do
+      before { get '/mfa/new' }
+
+      specify { expect(response).to have_http_status(:ok) }
+    end
+  end
+
+  context "when username/password entry has not been completed" do
+    before { get '/mfa/new' }
+
+    specify { expect(response).to redirect_to(new_session_path) }
+  end
+end