snapshot: preserve account security and profile UI cleanup

backend/workflows/tests/test_account_ui.py

@@ -90,12 +90,15 @@ class AccountUISmokeTests(TestCase):
         profile.refresh_from_db()
         self.assertTrue(profile.totp_enabled)
         self.assertTrue(profile.totp_secret)
+        self.assertEqual(len(profile.totp_recovery_codes), 8)
+        self.assertContains(response, 'Recovery-Codes')
 
     def test_login_requires_totp_when_enabled(self):
         profile = self.user.profile
         profile.totp_secret = 'JBSWY3DPEHPK3PXP'
         profile.totp_enabled = True
-        profile.save(update_fields=['totp_secret', 'totp_enabled', 'updated_at'])
+        profile.set_recovery_codes(['ABCDE-12345'])
+        profile.save(update_fields=['totp_secret', 'totp_enabled', 'totp_recovery_codes', 'updated_at'])
 
         client = Client()
         response = client.post(
@@ -113,3 +116,13 @@ class AccountUISmokeTests(TestCase):
             HTTP_HOST='localhost',
         )
         self.assertEqual(response.status_code, 302)
+
+        client = Client()
+        response = client.post(
+            '/accounts/login/',
+            {'username': 'profile-user', 'password': 'secret-12345', 'recovery_code': 'ABCDE-12345'},
+            HTTP_HOST='localhost',
+        )
+        self.assertEqual(response.status_code, 302)
+        profile.refresh_from_db()
+        self.assertEqual(profile.totp_recovery_codes, [])