feat(app): add MFA and tsdocker release

2026-05-19 06:20:38 +00:00
parent ddf4861e95
commit 1e563115d0
23 changed files with 1939 additions and 211 deletions
@@ -84,17 +84,29 @@ export class LoginSessionManager {
              await user.save();
            }

+            await this.receptionRef.abuseProtectionManager.clearAttempts(
+              'passwordLogin',
+              loginIdentifier
+            );
+
+            const mfaChallenge = await this.receptionRef.mfaManager.createMfaChallengeForUser(
+              user.id,
+              'password'
+            );
+            if (mfaChallenge) {
+              return {
+                twoFaNeeded: true,
+                mfaChallengeToken: mfaChallenge.token,
+                availableMfaMethods: mfaChallenge.availableMethods,
+              };
+            }
+
            const loginSession = await LoginSession.createLoginSessionForUser(user);
            const refreshToken = await loginSession.getRefreshToken();
            if (!refreshToken) {
              throw new plugins.typedrequest.TypedResponseError('Could not create login session');
            }

-            await this.receptionRef.abuseProtectionManager.clearAttempts(
-              'passwordLogin',
-              loginIdentifier
-            );
-
            return {
              refreshToken,
              twoFaNeeded: false,
@@ -145,7 +157,7 @@ export class LoginSessionManager {
    );

    this.typedRouter.addTypedHandler(
-      new plugins.typedrequest.TypedHandler<plugins.idpInterfaces.request.IReq_LoginWithEmailAfterEmailTokenAquired>(
+      new plugins.typedrequest.TypedHandler<any>(
        'loginWithEmailAfterEmailTokenAquired',
        async (requestArg) => {
          await this.receptionRef.abuseProtectionManager.consumeAttempt(
@@ -168,6 +180,21 @@ export class LoginSessionManager {
            if (!user) {
              throw new plugins.typedrequest.TypedResponseError('User not found');
            }
+            const mfaChallenge = await this.receptionRef.mfaManager.createMfaChallengeForUser(
+              user.id,
+              'email'
+            );
+            if (mfaChallenge) {
+              await this.receptionRef.abuseProtectionManager.clearAttempts(
+                'emailLoginToken',
+                requestArg.email
+              );
+              return {
+                twoFaNeeded: true,
+                mfaChallengeToken: mfaChallenge.token,
+                availableMfaMethods: mfaChallenge.availableMethods,
+              };
+            }
            const loginSession = await LoginSession.createLoginSessionForUser(user);
            const refreshToken = await loginSession.getRefreshToken();
            if (!refreshToken) {