feat(rest-example): add new mfa otp process (#1050)

Author: pradel

examples/accounts-boost/package.json

@@ -20,7 +20,7 @@
     "apollo-server": "2.16.1",
     "graphql": "14.7.0",
     "graphql-tools": "5.0.0",
-    "lodash": "4.17.19",
+    "lodash": "4.17.20",
     "node-fetch": "2.6.0",
     "tslib": "2.0.1"
   },

examples/graphql-server-typescript/package.json

@@ -20,7 +20,7 @@
     "@graphql-tools/merge": "6.0.16",
     "apollo-server": "2.16.1",
     "graphql": "14.7.0",
-    "lodash": "4.17.19",
+    "lodash": "4.17.20",
     "mongoose": "5.9.28",
     "tslib": "2.0.1"
   },

examples/react-rest-typescript/src/Login.tsx

@@ -16,8 +16,9 @@ import { useFormik, FormikErrors } from 'formik';
 import { SnackBarContentError } from './components/SnackBarContentError';
 import { useAuth } from './components/AuthContext';
 import { UnauthenticatedContainer } from './components/UnauthenticatedContainer';
+import { LoginMfa } from './LoginMfa';
 
-const useStyles = makeStyles(theme => ({
+const useStyles = makeStyles((theme) => ({
   cardContent: {
     padding: theme.spacing(3),
   },
@@ -41,20 +42,19 @@ const ResetPasswordLink = React.forwardRef<RouterLink, any>((props, ref) => (
 interface LoginValues {
   email: string;
   password: string;
-  code: string;
 }
 
 const Login = ({ history }: RouteComponentProps<{}>) => {
   const classes = useStyles();
   const { loginWithService } = useAuth();
   const [error, setError] = useState<string | undefined>();
+  const [mfaToken, setMfaToken] = useState<string | undefined>();
   const formik = useFormik<LoginValues>({
     initialValues: {
       email: '',
       password: '',
-      code: '',
     },
-    validate: values => {
+    validate: (values) => {
       const errors: FormikErrors<LoginValues> = {};
       if (!values.email) {
         errors.email = 'Required';
@@ -66,13 +66,17 @@ const Login = ({ history }: RouteComponentProps<{}>) => {
     },
     onSubmit: async (values, { setSubmitting }) => {
       try {
-        await loginWithService('password', {
+        const loginResponse = await loginWithService('password', {
           user: {
             email: values.email,
           },
           password: values.password,
-          code: values.code,
         });
+        if ('mfaToken' in loginResponse) {
+          setMfaToken(loginResponse.mfaToken);
+          return;
+        }
+        // No MFA is set so we can continue to dashboard
         history.push('/');
       } catch (error) {
         setError(error.message);
@@ -81,6 +85,10 @@ const Login = ({ history }: RouteComponentProps<{}>) => {
     },
   });
 
+  if (mfaToken) {
+    return <LoginMfa mfaToken={mfaToken} />;
+  }
+
   return (
     <UnauthenticatedContainer>
       <Snackbar
@@ -130,18 +138,6 @@ const Login = ({ history }: RouteComponentProps<{}>) => {
                   helperText={formik.touched.password && formik.errors.password}
                 />
               </Grid>
-              <Grid item xs={12}>
-                <TextField
-                  label="2fa code if enabled"
-                  variant="outlined"
-                  fullWidth={true}
-                  id="code"
-                  value={formik.values.code}
-                  onChange={formik.handleChange}
-                  error={Boolean(formik.errors.code && formik.touched.code)}
-                  helperText={formik.touched.code && formik.errors.code}
-                />
-              </Grid>
               <Grid item xs={12} md={6}>
                 <Button
                   variant="contained"

examples/react-rest-typescript/src/LoginMfa.tsx

@@ -0,0 +1,139 @@
+import React, { useState, useEffect } from 'react';
+import { useHistory } from 'react-router-dom';
+import {
+  Button,
+  Typography,
+  makeStyles,
+  Card,
+  CardContent,
+  TextField,
+  Grid,
+  Snackbar,
+} from '@material-ui/core';
+import { useFormik, FormikErrors } from 'formik';
+import { SnackBarContentError } from './components/SnackBarContentError';
+import { useAuth } from './components/AuthContext';
+import { UnauthenticatedContainer } from './components/UnauthenticatedContainer';
+import { accountsClient } from './accounts';
+
+const useStyles = makeStyles((theme) => ({
+  cardContent: {
+    padding: theme.spacing(3),
+  },
+  divider: {
+    marginTop: theme.spacing(2),
+    marginBottom: theme.spacing(2),
+  },
+  logo: {
+    maxWidth: '100%',
+    width: 250,
+  },
+}));
+
+interface LoginMfaProps {
+  mfaToken: string;
+}
+
+interface LoginMfaValues {
+  code: string;
+}
+
+export const LoginMfa = ({ mfaToken }: LoginMfaProps) => {
+  const classes = useStyles();
+  const history = useHistory();
+  const { loginWithService } = useAuth();
+  const [error, setError] = useState<string | undefined>();
+  const formik = useFormik<LoginMfaValues>({
+    initialValues: {
+      code: '',
+    },
+    validate: (values) => {
+      const errors: FormikErrors<LoginMfaValues> = {};
+      if (!values.code) {
+        errors.code = 'Required';
+      }
+      return errors;
+    },
+    onSubmit: async (values, { setSubmitting }) => {
+      try {
+        await loginWithService('mfa', {
+          mfaToken,
+          code: values.code,
+        });
+        history.push('/');
+      } catch (error) {
+        setError(error.message);
+        setSubmitting(false);
+      }
+    },
+  });
+
+  useEffect(() => {
+    const fetchAuthenticators = async () => {
+      // TODO try catch
+      const data = await accountsClient.authenticatorsByMfaToken(mfaToken);
+      const authenticator = data[0];
+      await accountsClient.mfaChallenge(mfaToken, authenticator.id);
+    };
+
+    fetchAuthenticators();
+  }, [mfaToken]);
+
+  return (
+    <UnauthenticatedContainer>
+      <Snackbar
+        anchorOrigin={{
+          vertical: 'top',
+          horizontal: 'center',
+        }}
+        open={!!error}
+        onClose={() => setError(undefined)}
+      >
+        <SnackBarContentError message={error} />
+      </Snackbar>
+
+      <Card>
+        <CardContent className={classes.cardContent}>
+          <form onSubmit={formik.handleSubmit}>
+            <Grid container spacing={3}>
+              <Grid item xs={12}>
+                <img src="/logo.png" alt="Logo" className={classes.logo} />
+              </Grid>
+              <Grid item xs={12}>
+                <Typography variant="h5">Two-factor authentication</Typography>
+              </Grid>
+              <Grid item xs={12}>
+                <Typography variant="body2" color="textSecondary">
+                  Your account is protected by two-factor authentication. To verify your identity
+                  you need to provide the access code from your authenticator app.
+                </Typography>
+              </Grid>
+              <Grid item xs={12}>
+                <TextField
+                  label="Authenticator code"
+                  variant="outlined"
+                  fullWidth={true}
+                  id="code"
+                  value={formik.values.code}
+                  onChange={formik.handleChange}
+                  error={Boolean(formik.errors.code && formik.touched.code)}
+                  helperText={formik.touched.code && formik.errors.code}
+                />
+              </Grid>
+              <Grid item xs={12} md={6}>
+                <Button
+                  variant="contained"
+                  color="primary"
+                  type="submit"
+                  disabled={formik.isSubmitting}
+                >
+                  Sign in
+                </Button>
+              </Grid>
+            </Grid>
+          </form>
+        </CardContent>
+      </Card>
+    </UnauthenticatedContainer>
+  );
+};

examples/react-rest-typescript/src/MfaAuthenticator.tsx

@@ -0,0 +1,47 @@
+import React from 'react';
+import { makeStyles, Typography, Divider, Card, CardHeader, CardContent } from '@material-ui/core';
+import { AuthenticatedContainer } from './components/AuthenticatedContainer';
+
+const useStyles = makeStyles((theme) => ({
+  divider: {
+    marginTop: theme.spacing(2),
+  },
+  card: {
+    marginTop: theme.spacing(3),
+  },
+  cardHeader: {
+    paddingLeft: theme.spacing(3),
+    paddingRight: theme.spacing(3),
+  },
+  cardContent: {
+    padding: theme.spacing(3),
+  },
+  authenticatorDescription: {
+    marginTop: theme.spacing(1),
+  },
+}));
+
+export const MfaAuthenticator = () => {
+  const classes = useStyles();
+
+  return (
+    <AuthenticatedContainer>
+      <Typography variant="h5">Authenticator Details</Typography>
+      <Divider className={classes.divider} />
+      <Card className={classes.card}>
+        {/* TODO title and content based on the type */}
+        <CardHeader subheader="Authenticator app" className={classes.cardHeader} />
+        <Divider />
+        <CardContent className={classes.cardContent}>
+          TODO
+          <Typography className={classes.authenticatorDescription}>
+            An authenticator application that supports TOTP (like Google Authenticator or 1Password)
+            can be used to conveniently secure your account. A new token is generated every 30
+            seconds.
+          </Typography>
+        </CardContent>
+        <Divider />
+      </Card>
+    </AuthenticatedContainer>
+  );
+};

examples/react-rest-typescript/src/Router.tsx

@@ -1,5 +1,5 @@
 import React from 'react';
-import { BrowserRouter, Route, Redirect } from 'react-router-dom';
+import { BrowserRouter, Route, Redirect, Switch } from 'react-router-dom';
 import { CssBaseline } from '@material-ui/core';
 import { AuthProvider, useAuth } from './components/AuthContext';
 import Signup from './Signup';
@@ -9,6 +9,8 @@ import ResetPassword from './ResetPassword';
 import VerifyEmail from './VerifyEmail';
 import { Email } from './Email';
 import { Security } from './Security';
+import { TwoFactorOtp } from './TwoFactorOtp';
+import { MfaAuthenticator } from './MfaAuthenticator';
 
 // A wrapper for <Route> that redirects to the login
 // screen if you're not yet authenticated.
@@ -39,23 +41,31 @@ const Router = () => {
       <AuthProvider>
         <CssBaseline />
 
-        {/* Authenticated routes */}
-        <PrivateRoute exact path="/">
-          <Home />
-        </PrivateRoute>
-        <PrivateRoute path="/emails">
-          <Email />
-        </PrivateRoute>
-        <PrivateRoute path="/security">
-          <Security />
-        </PrivateRoute>
+        <Switch>
+          {/* Authenticated routes */}
+          <PrivateRoute exact path="/">
+            <Home />
+          </PrivateRoute>
+          <PrivateRoute path="/emails">
+            <Email />
+          </PrivateRoute>
+          <PrivateRoute exact path="/security">
+            <Security />
+          </PrivateRoute>
+          <PrivateRoute exact path="/security/mfa/otp">
+            <TwoFactorOtp />
+          </PrivateRoute>
+          <PrivateRoute path="/security/mfa/:authenticatorId">
+            <MfaAuthenticator />
+          </PrivateRoute>
 
-        {/* Unauthenticated routes */}
-        <Route path="/signup" component={Signup} />
-        <Route path="/login" component={Login} />
-        <Route exact path="/reset-password" component={ResetPassword} />
-        <Route path="/reset-password/:token" component={ResetPassword} />
-        <Route path="/verify-email/:token" component={VerifyEmail} />
+          {/* Unauthenticated routes */}
+          <Route path="/signup" component={Signup} />
+          <Route path="/login" component={Login} />
+          <Route exact path="/reset-password" component={ResetPassword} />
+          <Route path="/reset-password/:token" component={ResetPassword} />
+          <Route path="/verify-email/:token" component={VerifyEmail} />
+        </Switch>
       </AuthProvider>
     </BrowserRouter>
   );