[5.4] MSTR-350: Close OTP dialog after submit on login retry (#1357)

guillegr123 · web-flow · commit 7774bfe36dab · 2026-03-10T10:01:31.000-06:00
diff --git a/src/apps/auth/app.js b/src/apps/auth/app.js
@@ -1283,7 +1283,7 @@ define(function(require) {
 				},
 				error: function(errorPayload, data, globalHandler) {
 					if (data.status === 401 && errorPayload.data.hasOwnProperty('multi_factor_request')) {
-						self.handleMultiFactor(errorPayload.data, dataRecovery, function(augmentedDataRecovery) {
+						self.handleMultiFactor(errorPayload.data, dataRecovery, null, function(augmentedDataRecovery) {
 							self.recoveryWithResetId(augmentedDataRecovery, success, error);
 						}, function() {
 							monster.util.logoutAndReload();
@@ -1389,18 +1389,21 @@ define(function(require) {
 							// If it's a 401 that is about requesting additional login information via MFA, we need to know if it comes from a reconnect attempt
 							// If it comes from a reconnect attempt, then we show a popup to ask them if they want to reconnect.
 							// If we don't do that and the system automatically reconnected, then the User would see a popup asking him to re-authenticate Duo without any context.
-							var handleMultifactor = function() {
-								self.handleMultiFactor(errorPayload.data, loginData, function(augmentedLoginData) {
-									self.putAuth(augmentedLoginData, callback, wrongCredsCallback, pUpdateLayout, additionalArgs);
-								}, wrongCredsCallback);
-							};
-
-							if (additionalArgs && additionalArgs.hasOwnProperty('isRetryLoginRequest') && additionalArgs.isRetryLoginRequest === true) {
-								monster.ui.confirm(self.i18n.active().retryLoginConfirmText, function() {
-									handleMultifactor();
-								}, function() {
-									monster.util.logoutAndReload();
-								});
+							var handleMultifactor = function(cancelCallback) {
+									self.handleMultiFactor(errorPayload.data, loginData, additionalArgs, function(augmentedLoginData) {
+										self.putAuth(augmentedLoginData, callback, wrongCredsCallback, pUpdateLayout, additionalArgs);
+									}, wrongCredsCallback, cancelCallback);
+								},
+								showReconnectDialog = function() {
+									monster.ui.confirm(self.i18n.active().retryLoginConfirmText, function() {
+										handleMultifactor(showReconnectDialog);
+									}, function() {
+										monster.util.logoutAndReload();
+									});
+								};
+
+							if (_.get(additionalArgs, 'isRetryLoginRequest', false) === true) {
+								showReconnectDialog();
 							} else {
 								handleMultifactor();
 							}
@@ -1414,9 +1417,10 @@ define(function(require) {
 			});
 		},
 
-		handleMultiFactor: function(data, loginData, success, error) {
+		handleMultiFactor: function(data, loginData, additionalArgs, success, error, cancel) {
 			var self = this,
-				mfaProvider = data.multi_factor_request.provider_name;
+				mfaProvider = data.multi_factor_request.provider_name,
+				isRetryLoginRequest = _.get(additionalArgs, 'isRetryLoginRequest', false);
 
 			switch (mfaProvider) {
 				case 'duo_universal':
@@ -1427,8 +1431,10 @@ define(function(require) {
 					break;
 				case 'otp':
 					self.showOtpVerificationDialog({
+						isRetryLoginRequest: isRetryLoginRequest,
 						loginData: loginData,
-						success: success
+						success: success,
+						cancel: cancel
 					});
 					break;
 				default:
@@ -1460,24 +1466,34 @@ define(function(require) {
 		/**
 		 * Shows the OTP verification dialog.
 		 * @param {Object}   args
+		 * @param {Boolean}  [args.isRetryLoginRequest]  Whether or not is a login retry request
 		 * @param {Object}   args.loginData  Login data
 		 * @param {String}   args.loginData.credentials  Hashed credentials
 		 * @param {String}   args.loginData.accout_name  Account name
 		 * @param {Function} args.success  Login success callback
+		 * @param {Function} args.cancel  Cancel callback
 		 */
 		showOtpVerificationDialog: function(args) {
 			var self = this,
 				$template = $(self.getTemplate({
-					name: 'mfa-otpVerificationDialog'
+					name: 'mfa-otpVerificationDialog',
+					data: {
+						isRetryLoginRequest: !!args.isRetryLoginRequest
+					}
 				})),
 				$dialog = monster.ui.dialog($template, {
 					title: self.i18n.active().multiFactor.verification.title
 				}),
-				bindArgs = _.assign({
-					$dialog: $dialog
-				}, args);
+				bindArgs = _.chain(args)
+					.pick(['loginData', 'success', 'cancel'])
+					.assign({
+						$dialog: $dialog
+					})
+					.value();
 
 			self.bindOtpVerificationDialogEvents(bindArgs);
+
+			$template.find('#mfa_code').focus();
 		},
 
 		/**
@@ -1488,13 +1504,15 @@ define(function(require) {
 		 * @param {String}   args.loginData.credentials  Hashed credentials
 		 * @param {String}   args.loginData.accout_name  Account name
 		 * @param {Function} args.success  Login success callback
+		 * @param {Function} args.cancel  Cancel callback
 		 */
 		bindOtpVerificationDialogEvents: function(args) {
 			var self = this,
 				$dialog = args.$dialog,
 				loginData = args.loginData,
 				validator = args.validator,
 				successCallback = args.success,
+				cancelCallback = args.cancel,
 				$form = $dialog.find('form'),
 				validator = monster.ui.validate($form, {
 					rules: {
@@ -1505,7 +1523,8 @@ define(function(require) {
 				}),
 				$mfaCode = $form.find('#mfa_code'),
 				$btnVerify = $dialog.find('#btn_mfa_verify'),
-				isCodeLengthInvalid = true;
+				isCodeLengthInvalid = true,
+				isSubmitted = false;
 
 			monster.ui.mask($mfaCode, '000000', {
 				placeholder: '______'
@@ -1528,7 +1547,8 @@ define(function(require) {
 				$dialog.dialog('close');
 				self.showOtpSetupDialog({
 					loginData: loginData,
-					success: successCallback
+					success: successCallback,
+					cancel: cancelCallback
 				});
 			});
 
@@ -1576,11 +1596,23 @@ define(function(require) {
 						return;
 					}
 
+					isSubmitted = true;
+
+					$dialog.dialog('close');
+
 					successCallback(_.assign({
 						multi_factor_response: code
 					}, loginData));
 				});
 			});
+
+			$dialog.on('dialogclose', function() {
+				if (isSubmitted) {
+					return;
+				}
+
+				cancelCallback && cancelCallback();
+			});
 		},
 
 		/**
@@ -1594,7 +1626,6 @@ define(function(require) {
 		showOtpSetupDialog: function(args) {
 			var self = this,
 				loginData = args.loginData,
-				successCallback = args.success,
 				$template = $(self.getTemplate({
 					name: 'mfa-otpSetupDialog'
 				})),
@@ -1611,11 +1642,11 @@ define(function(require) {
 
 			monster.parallel({
 				bindEvents: function bindEvents(next) {
-					self.bindOtpSetupDialogEvents({
-						$dialog: $dialog,
-						loginData: loginData,
-						success: successCallback
-					});
+					var bindArgs = _.assign({
+						$dialog: $dialog
+					}, args);
+
+					self.bindOtpSetupDialogEvents(bindArgs);
 
 					next();
 				},
@@ -1748,16 +1779,12 @@ define(function(require) {
 		bindOtpSetupDialogEvents: function(args) {
 			var self = this,
 				$dialog = args.$dialog,
-				loginData = args.loginData,
-				successCallback = args.success;
+				showOtpVerificationDialogArgs = _.pick(args, ['loginData', 'success', 'cancel']);
 
 			$dialog.find('#btn_mfa_enter_code').on('click', function(e) {
 				e.preventDefault();
 				$dialog.dialog('close');
-				self.showOtpVerificationDialog({
-					loginData: loginData,
-					success: successCallback
-				});
+				self.showOtpVerificationDialog(showOtpVerificationDialogArgs);
 			});
 		},
 
diff --git a/src/apps/auth/views/mfa-otpVerificationDialog.html b/src/apps/auth/views/mfa-otpVerificationDialog.html
@@ -15,13 +15,15 @@
 			<button class="btn-submit monster-button monster-button-primary" id="btn_mfa_verify" type="submit" disabled="true">
 				{{ i18n.multiFactor.verification.verifyButton }}
 			</button>
+		{{#unless isRetryLoginRequest}}
 			<hr />
 			<p class="form-footer">
 				{{ i18n.multiFactor.verification.setupDesciption }}
 				<a href="javascript:void(0);" id="btn_mfa_setup" class="form-toggle medium-link">
 					{{ i18n.multiFactor.verification.setupButton }}
 				</a>
 			</p>
+		{{/unless}}
 		</div>
 	</form>
 </div>
diff --git a/src/js/lib/monster.js b/src/js/lib/monster.js
@@ -889,6 +889,14 @@ define(function(require) {
 		var error = args.error;
 		var errorMessage = _.get(args, 'errorMessage', monster.apps.core.i18n.active().invalidCredentialsMessage);
 		var options = args.options;
+		var retryRequest = function() {
+			requestHandler(_.assign({}, options, {
+				// Used to feed the updated token to the SDK (when requestHandler() references monster.kazooSdk.request())
+				authToken: monster.util.getAuthToken(),
+				// We setup the flag to false this time, so that if it errors out again, we properly log out of the UI
+				preventCallbackError: false
+			}));
+		};
 
 		// If we have a 401 after being logged in, it means our session expired, or that it's a MFA denial of the relogin attempt
 		// We don't want to show the normal error box for 401s, but still want to check the payload if they happen, via the error tool.
@@ -903,9 +911,7 @@ define(function(require) {
 		// If it's a retryLoginRequest, we don't want to prevent the callback as it could be a MFA denial
 		} else if (!_.get(options, 'isRetryLoginRequest', false)) {
 			if (_privateFlags.lockRetryAttempt) {
-				_privateFlags.addRetryFunction(function() {
-					requestHandler(options);
-				});
+				_privateFlags.addRetryFunction(retryRequest);
 			} else {
 				// We added a new locking mechanism. Basically if your module use a parallel request, you could have 5 requests ending in a 401. We don't want to automatically re-login 5 times, so we lock the system
 				// Once the re-login is effective, we'll unlock it.
@@ -920,12 +926,7 @@ define(function(require) {
 						isRetryLoginRequest: true
 					},
 					success: function() {
-						requestHandler($.extend(true, {}, options, {
-							// Used to feed the updated token to the SDK (when requestHandler() references monster.kazooSdk.request())
-							authToken: monster.util.getAuthToken(),
-							// We setup the flag to false this time, so that if it errors out again, we properly log out of the UI
-							preventCallbackError: false
-						}));
+						retryRequest();
 						_privateFlags.unlockRetryFunctions();
 					},
 					error: function() {
diff --git a/src/js/lib/monster.socket.js b/src/js/lib/monster.socket.js
@@ -389,6 +389,9 @@ define(function(require) {
 				wsc.logger.log('attempting to reauthenticate...');
 
 				monster.pub('auth.retryLogin', {
+					additionalArgs: {
+						isRetryLoginRequest: true
+					},
 					success: function() {
 						wsc.logger.log('reauthentication successful');
 						wsc.bind(params);
