Disable Verify button on first landing to the tfa form

Adding this patch version to get it used in the project for now -

Would a better solution be to just send the verification code when the TFA activation form is first displayed?

Seems counter-intuitive to have to click 'Send' first when you typically get the code sent automatically.

In a situation where there are multiple TFA methods enabled, the user might want to switch to another TFA method rather than Email. I think it is good not to send a TFA Email to user by default until the user explicitly click the 'Send' button.

Thanks @Nadim Hossain for the patch. Is it possible to have functional tests for the new feature?

Change to 'Need work' as functional tests for the new feature required.

@mingsong I am not sure I entirely agree with this.

The 'send' button is only rendered if email is setup as otp anyway (even with application code as well), so surely there's a way to trigger the automatic email if 'only' email otp is enabled. This is not only a user experience improvement but also a pretty standard practice.

At the very minimum, adding in some messaging on the page to indicate the user must first click 'send' to receive the code should be considered as receiving the code automatically via email is a pretty standard practice in TFA, and without some messaging indicating users need to click it to even receive the first code isn't very use friendly.

If it could automatically send the email when the form loads, that seems like what I'd expect. It doesn't have to be the only method enabled for the user.

But an explicit Send initially would be fine too. If the Send/Resend action was done with a link, always displaying the Verify button would be OK. If Send is a form button, it should be the only one at first. It could even be in a different form above the current one, since you want Verify to be first to be the default.