Add invalid TOTP login email notifications.

app/auth/views/mfa.py

@@ -16,6 +16,7 @@ from wtforms import BooleanField, StringField, validators
 from app.auth.base import auth_bp
 from app.config import MFA_USER_ID, URL
 from app.db import Session
+from app.email_utils import send_email, render
 from app.extensions import limiter
 from app.models import User, MfaBrowser
 
@@ -91,6 +92,12 @@ def mfa():
             return response
 
         else:
+            send_email(
+                user.email,
+                "There was an unsuccessful login on your SimpleLogin account",
+                render("transactional/invalid-totp-login.txt"),
+                render("transactional/invalid-totp-login.html"),
+            )
             flash("Incorrect token", "warning")
             # Trigger rate limiter
             g.deduct_limit = True

templates/emails/transactional/invalid-totp-login.html

@@ -0,0 +1,10 @@
+{% extends "base.html" %}
+
+{% block content %}
+  {{ render_text("There has been an unsuccessful login on your SimpleLogin account.") }}
+  {{ render_text("An invalid TOTP code was provided. <b>The email and password were provided correctly.</b>") }}
+
+  {{ render_text("If this was <b>not</b> you, please <b>change your password immediately.</b>") }}
+  {{ render_text('Thanks, <br />SimpleLogin Team.') }}
+{% endblock %}
+

templates/emails/transactional/invalid-totp-login.txt

@@ -0,0 +1,7 @@
+There has been an unsuccessful login on your SimpleLogin account.
+An invalid TOTP code was provided. The email and password were provided correctly.
+
+If this was not you, please <b>change your password immediately.
+
+Thanks,
+SimpleLogin Team.