From 6a27837a5addab5ab424541530d419656bc65b8d Mon Sep 17 00:00:00 2001
From: Vasilis The Pikachu <vasilis@pikachu.systems>
Date: Thu, 13 Nov 2025 15:22:35 +0100
Subject: [PATCH 1/8] Make 2fa backup codes EVEN MORE EYE CATCHING

PLEASE BACK THEM UP
---
 .../Pages/Account/Manage/GenerateRecoveryCodes.cshtml |  9 +++++----
 .../Pages/Account/Manage/ShowRecoveryCodes.cshtml     | 11 ++++++++---
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/SS14.Web/Areas/Identity/Pages/Account/Manage/GenerateRecoveryCodes.cshtml b/SS14.Web/Areas/Identity/Pages/Account/Manage/GenerateRecoveryCodes.cshtml
index 284ab59..2c07cac 100644
--- a/SS14.Web/Areas/Identity/Pages/Account/Manage/GenerateRecoveryCodes.cshtml
+++ b/SS14.Web/Areas/Identity/Pages/Account/Manage/GenerateRecoveryCodes.cshtml
@@ -7,13 +7,14 @@
 
 <partial name="_StatusMessage" for="StatusMessage" />
 <h4>@ViewData["Title"]</h4>
-<div class="alert alert-warning" role="alert">
+<div class="alert alert-danger" role="alert">
     <p>
-        <span class="glyphicon glyphicon-warning-sign"></span>
+        <span class="glyphicon glyphicon-danger-sign"></span>
         <strong>Put these codes in a safe place.</strong>
     </p>
     <p>
-        If you lose your device and don't have the recovery codes you will lose access to your account.
+        If you lose your device and don't have the recovery codes you will lose access to your account, recovery even by
+        email support will be highly unlikely.
     </p>
     <p>
         Generating new recovery codes does not change the keys used in authenticator apps. If you wish to change the key
@@ -24,4 +25,4 @@
     <form method="post" class="form-group">
         <button class="btn btn-danger" type="submit">Generate Recovery Codes</button>
     </form>
-</div>
\ No newline at end of file
+</div>
diff --git a/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml b/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
index 23fa27b..246a889 100644
--- a/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
+++ b/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
@@ -7,13 +7,18 @@
 
 <partial name="_StatusMessage" for="StatusMessage" />
 <h4>@ViewData["Title"]</h4>
-<div class="alert alert-warning" role="alert">
+<div class="alert alert-danger" role="alert">
     <p>
         <strong>Put these codes in a safe place.</strong>
     </p>
     <p>
-        If you lose your device and don't have the recovery codes you will lose access to your account.
+        If you lose your device and don't have the recovery codes you will lose access to your account, recovery even
+        by email support will be highly unlikely.
+        <br /> <br />
+        Something like a physical notepad or a digital notes app is a good place to put these down, if you got a
+        password manager it should have a notes or description field that you can use.
     </p>
+    <h1>SERIOUSLY, write these down. We are not responsible if you lose your account this way.</h1>
 </div>
 <div class="row">
     <div class="col-md-12">
@@ -22,4 +27,4 @@
             <code class="recovery-code">@Model.RecoveryCodes[row]</code><text>&nbsp;</text><code class="recovery-code">@Model.RecoveryCodes[row + 1]</code><br />
         }
     </div>
-</div>
\ No newline at end of file
+</div>

From 69766a66631183bd9327b9bca00ed070ebbdd494 Mon Sep 17 00:00:00 2001
From: Vasilis The Pikachu <vasilis@pikachu.systems>
Date: Thu, 13 Nov 2025 15:28:25 +0100
Subject: [PATCH 2/8] Oh hey that works too

---
 .../Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml b/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
index 246a889..2a7f869 100644
--- a/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
+++ b/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
@@ -14,7 +14,8 @@
     <p>
         If you lose your device and don't have the recovery codes you will lose access to your account, recovery even
         by email support will be highly unlikely.
-        <br /> <br />
+    </p>
+    <p>
         Something like a physical notepad or a digital notes app is a good place to put these down, if you got a
         password manager it should have a notes or description field that you can use.
     </p>

From 4551f8ee1d44a969bb9e8b45a9ff49a92da3cdf5 Mon Sep 17 00:00:00 2001
From: Myra <vasilis@pikachu.systems>
Date: Tue, 18 Nov 2025 15:54:17 +0100
Subject: [PATCH 3/8] Suggest making multiple copies

---
 .../Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml b/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
index 2a7f869..7128ed3 100644
--- a/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
+++ b/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
@@ -17,7 +17,7 @@
     </p>
     <p>
         Something like a physical notepad or a digital notes app is a good place to put these down, if you got a
-        password manager it should have a notes or description field that you can use.
+        password manager it should have a notes or description field that you can use. It's also suggested to make multiple copies.
     </p>
     <h1>SERIOUSLY, write these down. We are not responsible if you lose your account this way.</h1>
 </div>

From d0ed9681784caade5cdb13e20543fe770d7e1499 Mon Sep 17 00:00:00 2001
From: Vasilis The Pikachu <vasilis@pikachu.systems>
Date: Tue, 27 Jan 2026 16:56:40 +0100
Subject: [PATCH 4/8] Change to h2

---
 .../Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml  | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml b/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
index 7128ed3..17270ae 100644
--- a/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
+++ b/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
@@ -16,10 +16,10 @@
         by email support will be highly unlikely.
     </p>
     <p>
-        Something like a physical notepad or a digital notes app is a good place to put these down, if you got a
-        password manager it should have a notes or description field that you can use. It's also suggested to make multiple copies.
+        Something like a physical notepad or a digital notes app is a good place to put these down, while not recommended
+        if you got a password manager it should have a notes or description field that you can use as well. It's also suggested to make multiple copies.
     </p>
-    <h1>SERIOUSLY, write these down. We are not responsible if you lose your account this way.</h1>
+    <h2>SERIOUSLY, write these down somewhere.</h2>
 </div>
 <div class="row">
     <div class="col-md-12">

From 1ef3cdb2631f07bb6d49b1e07fa7270a7a2b3f14 Mon Sep 17 00:00:00 2001
From: Vasilis The Pikachu <vasilis@pikachu.systems>
Date: Tue, 27 Jan 2026 20:42:09 +0100
Subject: [PATCH 5/8] Actually use a style

---
 .../Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml b/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
index 17270ae..0c27249 100644
--- a/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
+++ b/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
@@ -19,7 +19,7 @@
         Something like a physical notepad or a digital notes app is a good place to put these down, while not recommended
         if you got a password manager it should have a notes or description field that you can use as well. It's also suggested to make multiple copies.
     </p>
-    <h2>SERIOUSLY, write these down somewhere.</h2>
+    <p style="font-size: 40px;">SERIOUSLY, write these down somewhere.</p>
 </div>
 <div class="row">
     <div class="col-md-12">

From 23c915743081764ad00d1aaee70cadce1ca3cb12 Mon Sep 17 00:00:00 2001
From: Vasilis The Pikachu <vasilis@pikachu.systems>
Date: Tue, 27 Jan 2026 20:43:59 +0100
Subject: [PATCH 6/8] Make it more menacing

jojo symbols flying around this p
---
 .../Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml b/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
index 0c27249..334d06c 100644
--- a/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
+++ b/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
@@ -19,7 +19,7 @@
         Something like a physical notepad or a digital notes app is a good place to put these down, while not recommended
         if you got a password manager it should have a notes or description field that you can use as well. It's also suggested to make multiple copies.
     </p>
-    <p style="font-size: 40px;">SERIOUSLY, write these down somewhere.</p>
+    <p style="font-size: 40px; text-decoration: underline;">SERIOUSLY, write these down somewhere.</p>
 </div>
 <div class="row">
     <div class="col-md-12">

From 5760351ece107bd08a15741425d0e0972d9422c2 Mon Sep 17 00:00:00 2001
From: Vasilis The Pikachu <vasilis@pikachu.systems>
Date: Wed, 4 Feb 2026 14:26:51 +0100
Subject: [PATCH 7/8] Works

---
 .../Manage/GenerateRecoveryCodes.cshtml.cs    |  6 +--
 .../Account/Manage/ShowRecoveryCodes.cshtml   |  6 +++
 .../Manage/ShowRecoveryCodes.cshtml.cs        | 42 +++++++++++++++++--
 3 files changed, 48 insertions(+), 6 deletions(-)

diff --git a/SS14.Web/Areas/Identity/Pages/Account/Manage/GenerateRecoveryCodes.cshtml.cs b/SS14.Web/Areas/Identity/Pages/Account/Manage/GenerateRecoveryCodes.cshtml.cs
index b6a858e..a613cfa 100644
--- a/SS14.Web/Areas/Identity/Pages/Account/Manage/GenerateRecoveryCodes.cshtml.cs
+++ b/SS14.Web/Areas/Identity/Pages/Account/Manage/GenerateRecoveryCodes.cshtml.cs
@@ -71,14 +71,14 @@ public async Task<IActionResult> OnPostAsync()
         await _accountLogManager.LogAndSave(user, new AccountLogRecoveryCodesGenerated());
 
         await _userManager.UpdateAsync(user);
-        
+
         var recoveryCodes = await _userManager.GenerateNewTwoFactorRecoveryCodesAsync(user, 10);
         RecoveryCodes = recoveryCodes.ToArray();
 
         await tx.CommitAsync();
-        
+
         _logger.LogInformation("User with ID '{UserId}' has generated new 2FA recovery codes.", userId);
         StatusMessage = "You have generated new recovery codes.";
         return RedirectToPage("./ShowRecoveryCodes");
     }
-}
\ No newline at end of file
+}
diff --git a/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml b/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
index 334d06c..446b1c2 100644
--- a/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
+++ b/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
@@ -29,3 +29,9 @@
         }
     </div>
 </div>
+<br />
+<div>
+    <form id="download-recovery" asp-page-handler="DownloadRecoveryCodes" method="post" class="form-group">
+        <button class="btn btn-primary" type="submit">Download codes</button>
+    </form>
+</div>
diff --git a/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml.cs b/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml.cs
index e1ff308..aeb54bd 100644
--- a/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml.cs
+++ b/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml.cs
@@ -1,16 +1,29 @@
 using System;
-using System.Collections.Generic;
 using System.Linq;
+using System.Net.Mime;
+using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.RazorPages;
-using Microsoft.Extensions.Logging;
+using Serilog;
+using SS14.Auth.Shared.Data;
 
 namespace SS14.Web.Areas.Identity.Pages.Account.Manage;
 
 public class ShowRecoveryCodesModel : PageModel
 {
+    private readonly SpaceUserManager _userManager;
+    private readonly ApplicationDbContext _dbContext;
+
+    public ShowRecoveryCodesModel(
+        SpaceUserManager userManager,
+        ApplicationDbContext dbContext)
+    {
+        _userManager = userManager;
+        _dbContext = dbContext;
+    }
+
     [TempData]
     public string[] RecoveryCodes { get; set; }
 
@@ -26,4 +39,27 @@ public IActionResult OnGet()
 
         return Page();
     }
-}
\ No newline at end of file
+
+    public async Task<IActionResult> OnPostDownloadRecoveryCodes()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        var rawValue = _dbContext.UserTokens
+            .Where(x => x.UserId == user.Id && x.Name == "RecoveryCodes")
+            .Select(q => q.Value)
+            .FirstOrDefault();
+
+        var recoveryCodes = rawValue?.Split(';', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries)
+                            ?? [];
+
+        var header = $"These are the 2fa recovery codes for the Space Station 14 account {user.UserName}. Keep them in a safe place.\n\n";
+        var text = header + string.Join("\n", recoveryCodes);
+
+        Response.Headers.Add("Content-Disposition", $"attachment; filename=SS14-{user.UserName}-Recovery.txt");
+        return new FileContentResult(Encoding.UTF8.GetBytes(text), MediaTypeNames.Text.Plain);
+    }
+}

From f707f1d972a36947b7a3434e30b67b4e7ba69d6f Mon Sep 17 00:00:00 2001
From: Vasilis The Pikachu <vasilis@pikachu.systems>
Date: Wed, 4 Feb 2026 14:27:52 +0100
Subject: [PATCH 8/8] Remove unneeded uses

---
 .../Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml.cs   | 2 --
 1 file changed, 2 deletions(-)

diff --git a/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml.cs b/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml.cs
index aeb54bd..1c91632 100644
--- a/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml.cs
+++ b/SS14.Web/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml.cs
@@ -3,10 +3,8 @@
 using System.Net.Mime;
 using System.Text;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.RazorPages;
-using Serilog;
 using SS14.Auth.Shared.Data;
 
 namespace SS14.Web.Areas.Identity.Pages.Account.Manage;