logto-io
diff --git a/‎packages/experience/src/App.tsx‎
Lines changed: 7 additions & 0 deletions b/‎packages/experience/src/App.tsx‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎packages/experience/src/containers/MfaFactorList/index.tsx‎
Lines changed: 5 additions & 0 deletions b/‎packages/experience/src/containers/MfaFactorList/index.tsx‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/experience/src/pages/MfaBinding/EmailMfaBinding/index.tsx‎
Lines changed: 12 additions & 92 deletions b/‎packages/experience/src/pages/MfaBinding/EmailMfaBinding/index.tsx‎
Lines changed: 12 additions & 92 deletions
diff --git a/‎packages/experience/src/pages/MfaBinding/PhoneMfaBinding/index.tsx‎
Lines changed: 14 additions & 0 deletions b/‎packages/experience/src/pages/MfaBinding/PhoneMfaBinding/index.tsx‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎…inding/EmailMfaBinding/index.module.scss‎ ‎…ficationCodeMfaBinding/index.module.scss‎packages/experience/src/pages/MfaBinding/EmailMfaBinding/index.module.scss renamed to packages/experience/src/pages/MfaBinding/VerificationCodeMfaBinding/index.module.scss b/‎…inding/EmailMfaBinding/index.module.scss‎ ‎…ficationCodeMfaBinding/index.module.scss‎packages/experience/src/pages/MfaBinding/EmailMfaBinding/index.module.scss renamed to packages/experience/src/pages/MfaBinding/VerificationCodeMfaBinding/index.module.scss
diff --git a/‎packages/experience/src/pages/MfaBinding/VerificationCodeMfaBinding/index.tsx‎
Lines changed: 114 additions & 0 deletions b/‎packages/experience/src/pages/MfaBinding/VerificationCodeMfaBinding/index.tsx‎
Lines changed: 114 additions & 0 deletions
diff --git a/‎packages/experience/src/types/guard.ts‎
Lines changed: 1 addition & 0 deletions b/‎packages/experience/src/types/guard.ts‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎packages/integration-tests/src/tests/experience/mfa/phone/index.test.ts‎
Lines changed: 89 additions & 0 deletions b/‎packages/integration-tests/src/tests/experience/mfa/phone/index.test.ts‎
Lines changed: 89 additions & 0 deletions
diff --git a/‎packages/phrases-experience/src/locales/ar/mfa.ts‎
Lines changed: 1 addition & 0 deletions b/‎packages/phrases-experience/src/locales/ar/mfa.ts‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎packages/phrases-experience/src/locales/de/mfa.ts‎
Lines changed: 1 addition & 0 deletions b/‎packages/phrases-experience/src/locales/de/mfa.ts‎
Lines changed: 1 addition & 0 deletions
@@ -21,6 +21,7 @@ import IdentifierSignIn from './pages/IdentifierSignIn';
 import MfaBinding from './pages/MfaBinding';
 import BackupCodeBinding from './pages/MfaBinding/BackupCodeBinding';
 import EmailMfaBinding from './pages/MfaBinding/EmailMfaBinding';
+import PhoneMfaBinding from './pages/MfaBinding/PhoneMfaBinding';
 import TotpBinding from './pages/MfaBinding/TotpBinding';
 import WebAuthnBinding from './pages/MfaBinding/WebAuthnBinding';
 import MfaVerification from './pages/MfaVerification';
@@ -110,6 +111,12 @@ const App = () => {
                             element={<EmailMfaBinding />}
                           />
                         )}
+                        {isDevFeaturesEnabled && (
+                          <Route
+                            path={MfaFactor.PhoneVerificationCode}
+                            element={<PhoneMfaBinding />}
+                          />
+                        )}
                       </Route>
 
                       {/* Mfa verification */}
 
@@ -36,6 +36,11 @@ const MfaFactorList = ({ flow, flowState }: Props) => {
         return;
       }
 
+      if (factor === MfaFactor.PhoneVerificationCode && flow === UserMfaFlow.MfaBinding) {
+        navigate(`/${flow}/${factor}`, { state: flowState });
+        return;
+      }
+
       navigate(`/${flow}/${factor}`, { state: flowState });
     },
     [flow, flowState, navigate, startTotpBinding, startWebAuthnProcessing]
 
@@ -1,94 +1,14 @@
-import { InteractionEvent, SignInIdentifier } from '@logto/schemas';
-import { conditional } from '@silverhand/essentials';
-import { useCallback, useContext, useState } from 'react';
-import { useLocation, useNavigate } from 'react-router-dom';
-import { validate } from 'superstruct';
-
-import SecondaryPageLayout from '@/Layout/SecondaryPageLayout';
-import UserInteractionContext from '@/Providers/UserInteractionContextProvider/UserInteractionContext';
-import { sendVerificationCode } from '@/apis/experience';
-import SwitchMfaFactorsLink from '@/components/SwitchMfaFactorsLink';
-import useErrorHandler from '@/hooks/use-error-handler';
-import useSkipMfa from '@/hooks/use-skip-mfa';
-import IdentifierProfileForm from '@/pages/Continue/IdentifierProfileForm';
-import ErrorPage from '@/pages/ErrorPage';
-import { UserMfaFlow } from '@/types';
-import { mfaFlowStateGuard } from '@/types/guard';
-import { codeVerificationTypeMap } from '@/utils/sign-in-experience';
-
-import styles from './index.module.scss';
-
-const EmailMfaBinding = () => {
-  const { state } = useLocation();
-  const [, mfaFlowState] = validate(state, mfaFlowStateGuard);
-  const { setVerificationId, setIdentifierInputValue } = useContext(UserInteractionContext);
-  const navigate = useNavigate();
-  const [errorMessage, setErrorMessage] = useState<string>();
-
-  const skipMfa = useSkipMfa();
-  const handleError = useErrorHandler();
-
-  const clearErrorMessage = useCallback(() => {
-    setErrorMessage('');
-  }, []);
-
-  const handleSubmit = useCallback(
-    async (_identifier: SignInIdentifier, value: string) => {
-      const identifier = { type: SignInIdentifier.Email as const, value };
-
-      try {
-        // TODO @wangsijie LOG-11874: Implement the email verification code template
-        const result = await sendVerificationCode(InteractionEvent.Register, identifier);
-
-        setVerificationId(codeVerificationTypeMap[SignInIdentifier.Email], result.verificationId);
-        setIdentifierInputValue(identifier);
-
-        navigate('/continue/verification-code', {
-          state: {
-            flow: UserMfaFlow.MfaBinding,
-            mfaFlowState,
-          },
-        });
-      } catch (error) {
-        await handleError(error, {
-          'guard.invalid_input': () => {
-            setErrorMessage('invalid_email');
-          },
-        });
-      }
-    },
-    [handleError, mfaFlowState, navigate, setIdentifierInputValue, setVerificationId]
-  );
-
-  if (!mfaFlowState) {
-    return <ErrorPage title="error.invalid_session" />;
-  }
-
-  const { skippable, availableFactors } = mfaFlowState;
-
-  return (
-    <SecondaryPageLayout
-      title="mfa.link_email_verification_code_description"
-      description="mfa.link_email_2fa_description"
-      onSkip={conditional(skippable && skipMfa)}
-    >
-      <IdentifierProfileForm
-        autoFocus
-        errorMessage={errorMessage}
-        clearErrorMessage={clearErrorMessage}
-        defaultType={SignInIdentifier.Email}
-        enabledTypes={[SignInIdentifier.Email]}
-        onSubmit={handleSubmit}
-      />
-      {availableFactors.length > 1 && (
-        <SwitchMfaFactorsLink
-          flow={UserMfaFlow.MfaBinding}
-          flowState={{ availableFactors, skippable }}
-          className={styles.switchLink}
-        />
-      )}
-    </SecondaryPageLayout>
-  );
-};
+import { SignInIdentifier } from '@logto/schemas';
+
+import VerificationCodeMfaBinding from '../VerificationCodeMfaBinding';
+
+const EmailMfaBinding = () => (
+  <VerificationCodeMfaBinding
+    identifierType={SignInIdentifier.Email}
+    titleKey="mfa.link_email_verification_code_description"
+    descriptionKey="mfa.link_email_2fa_description"
+    invalidInputErrorKey="invalid_email"
+  />
+);
 
 export default EmailMfaBinding;
@@ -0,0 +1,14 @@
+import { SignInIdentifier } from '@logto/schemas';
+
+import VerificationCodeMfaBinding from '../VerificationCodeMfaBinding';
+
+const PhoneMfaBinding = () => (
+  <VerificationCodeMfaBinding
+    identifierType={SignInIdentifier.Phone}
+    titleKey="mfa.link_phone_verification_code_description"
+    descriptionKey="mfa.link_phone_2fa_description"
+    invalidInputErrorKey="invalid_phone"
+  />
+);
+
+export default PhoneMfaBinding;
@@ -0,0 +1,114 @@
+import { InteractionEvent, type SignInIdentifier } from '@logto/schemas';
+import { conditional } from '@silverhand/essentials';
+import { type TFuncKey } from 'i18next';
+import { useCallback, useContext, useState } from 'react';
+import { useLocation, useNavigate } from 'react-router-dom';
+import { validate } from 'superstruct';
+
+import SecondaryPageLayout from '@/Layout/SecondaryPageLayout';
+import UserInteractionContext from '@/Providers/UserInteractionContextProvider/UserInteractionContext';
+import { sendVerificationCode } from '@/apis/experience';
+import SwitchMfaFactorsLink from '@/components/SwitchMfaFactorsLink';
+import useErrorHandler from '@/hooks/use-error-handler';
+import useSkipMfa from '@/hooks/use-skip-mfa';
+import IdentifierProfileForm from '@/pages/Continue/IdentifierProfileForm';
+import ErrorPage from '@/pages/ErrorPage';
+import { UserMfaFlow } from '@/types';
+import { mfaFlowStateGuard } from '@/types/guard';
+import { codeVerificationTypeMap } from '@/utils/sign-in-experience';
+
+import styles from './index.module.scss';
+
+type Props = {
+  readonly identifierType: SignInIdentifier.Email | SignInIdentifier.Phone;
+  readonly titleKey: TFuncKey;
+  readonly descriptionKey: TFuncKey;
+  readonly invalidInputErrorKey: string;
+};
+
+const VerificationCodeMfaBinding = ({
+  identifierType,
+  titleKey,
+  descriptionKey,
+  invalidInputErrorKey,
+}: Props) => {
+  const { state } = useLocation();
+  const [, mfaFlowState] = validate(state, mfaFlowStateGuard);
+  const { setVerificationId, setIdentifierInputValue } = useContext(UserInteractionContext);
+  const navigate = useNavigate();
+  const [errorMessage, setErrorMessage] = useState<string>();
+
+  const skipMfa = useSkipMfa();
+  const handleError = useErrorHandler();
+
+  const clearErrorMessage = useCallback(() => {
+    setErrorMessage('');
+  }, []);
+
+  const handleSubmit = useCallback(
+    async (_identifier: SignInIdentifier, value: string) => {
+      const identifier = { type: identifierType, value };
+
+      try {
+        const result = await sendVerificationCode(InteractionEvent.Register, identifier);
+
+        setVerificationId(codeVerificationTypeMap[identifierType], result.verificationId);
+        setIdentifierInputValue(identifier);
+
+        navigate('/continue/verification-code', {
+          state: {
+            flow: UserMfaFlow.MfaBinding,
+            mfaFlowState,
+          },
+        });
+      } catch (error) {
+        await handleError(error, {
+          'guard.invalid_input': () => {
+            setErrorMessage(invalidInputErrorKey);
+          },
+        });
+      }
+    },
+    [
+      handleError,
+      identifierType,
+      invalidInputErrorKey,
+      mfaFlowState,
+      navigate,
+      setIdentifierInputValue,
+      setVerificationId,
+    ]
+  );
+
+  if (!mfaFlowState) {
+    return <ErrorPage title="error.invalid_session" />;
+  }
+
+  const { skippable, availableFactors } = mfaFlowState;
+
+  return (
+    <SecondaryPageLayout
+      title={titleKey}
+      description={descriptionKey}
+      onSkip={conditional(skippable && skipMfa)}
+    >
+      <IdentifierProfileForm
+        autoFocus
+        errorMessage={errorMessage}
+        clearErrorMessage={clearErrorMessage}
+        defaultType={identifierType}
+        enabledTypes={[identifierType]}
+        onSubmit={handleSubmit}
+      />
+      {availableFactors.length > 1 && (
+        <SwitchMfaFactorsLink
+          flow={UserMfaFlow.MfaBinding}
+          flowState={{ availableFactors, skippable }}
+          className={styles.switchLink}
+        />
+      )}
+    </SecondaryPageLayout>
+  );
+};
+
+export default VerificationCodeMfaBinding;
@@ -65,6 +65,7 @@ const mfaFactorsGuard = s.array(
     s.literal(MfaFactor.WebAuthn),
     s.literal(MfaFactor.BackupCode),
     s.literal(MfaFactor.EmailVerificationCode),
+    s.literal(MfaFactor.PhoneVerificationCode),
   ])
 );
 
 
@@ -0,0 +1,89 @@
+import { ConnectorType } from '@logto/connector-kit';
+import { SignInIdentifier } from '@logto/schemas';
+
+import { deleteUser } from '#src/api/admin-user.js';
+import { updateSignInExperience } from '#src/api/sign-in-experience.js';
+import { demoAppUrl } from '#src/constants.js';
+import { clearConnectorsByTypes, setSmsConnector } from '#src/helpers/connector.js';
+import { enableMandatoryMfaWithPhone, resetMfaSettings } from '#src/helpers/sign-in-experience.js';
+import { generateNewUser } from '#src/helpers/user.js';
+import ExpectExperience from '#src/ui-helpers/expect-experience.js';
+import {
+  devFeatureTest,
+  generatePhone,
+  generatePassword,
+  generateUsername,
+  waitFor,
+} from '#src/utils.js';
+
+devFeatureTest.describe('phone MFA binding', () => {
+  beforeAll(async () => {
+    await clearConnectorsByTypes([ConnectorType.Sms]);
+    await setSmsConnector();
+    await enableMandatoryMfaWithPhone();
+    await updateSignInExperience({
+      signUp: {
+        identifiers: [SignInIdentifier.Username],
+        password: true,
+        verify: false,
+      },
+      signIn: {
+        methods: [
+          {
+            identifier: SignInIdentifier.Username,
+            password: true,
+            verificationCode: false,
+            isPasswordPrimary: true,
+          },
+        ],
+      },
+      forgotPasswordMethods: [],
+    });
+  });
+
+  afterAll(async () => {
+    await clearConnectorsByTypes([ConnectorType.Sms]);
+    await resetMfaSettings();
+  });
+
+  it('should bind phone MFA on register', async () => {
+    const username = generateUsername();
+    const password = generatePassword();
+    const phone = generatePhone();
+    const experience = new ExpectExperience(await browser.newPage());
+    await experience.startWith(demoAppUrl, 'register');
+    await experience.toFillInput('identifier', username, { submit: true });
+    experience.toBeAt('register/password');
+    await experience.toFillNewPasswords(password);
+
+    await waitFor(500);
+    experience.toBeAt('mfa-binding/PhoneVerificationCode');
+    await experience.page.waitForSelector('input[name="identifier"]');
+    await experience.toFillInput('identifier', phone, { submit: true });
+    await experience.toCompleteVerification('continue', ConnectorType.Sms);
+    await experience.verifyThenEnd();
+  });
+
+  it('should bind phone MFA on sign in', async () => {
+    const { userProfile, user } = await generateNewUser({ username: true, password: true });
+    const phone = generatePhone();
+    const experience = new ExpectExperience(await browser.newPage());
+    await experience.startWith(demoAppUrl, 'sign-in');
+    await experience.toFillForm(
+      {
+        identifier: userProfile.username,
+        password: userProfile.password,
+      },
+      { submit: true }
+    );
+
+    await waitFor(500);
+    experience.toBeAt('mfa-binding/PhoneVerificationCode');
+    await experience.page.waitForSelector('input[name="identifier"]');
+    await experience.toFillInput('identifier', phone, { submit: true });
+    await experience.toCompleteVerification('continue', ConnectorType.Sms);
+    await experience.verifyThenEnd();
+
+    await deleteUser(user.id);
+  });
+});
@@ -10,6 +10,7 @@ const mfa = {
   link_email_verification_code_description: 'ربط عنوان بريدك الإلكتروني',
   link_email_2fa_description: 'ربط عنوان بريدك الإلكتروني للتحقق بخطوتين',
   link_phone_verification_code_description: 'ربط رقم هاتفك',
+  link_phone_2fa_description: 'ربط رقم هاتفك للتحقق بخطوتين',
   verify_totp_description: 'أدخل الرمز المرة الواحدة في التطبيق',
   verify_webauthn_description: 'تحقق من جهازك أو جهاز USB الخاص بك',
   verify_backup_code_description: 'الصق رمز النسخ الاحتياطي الذي حفظته',
 
@@ -10,6 +10,7 @@ const mfa = {
   link_email_verification_code_description: 'Verknüpfen Sie Ihre E-Mail-Adresse',
   link_email_2fa_description: 'Verknüpfen Sie Ihre E-Mail-Adresse für 2-Schritt-Verifizierung',
   link_phone_verification_code_description: 'Verknüpfen Sie Ihre Telefonnummer',
+  link_phone_2fa_description: 'Verknüpfen Sie Ihre Telefonnummer für 2-Schritt-Verifizierung',
   verify_totp_description: 'Geben Sie den Einmalcode in der App ein',
   verify_webauthn_description: 'Verifizieren Sie Ihr Gerät oder Ihre USB-Hardware',
   verify_backup_code_description: 'Fügen Sie den gespeicherten Backup-Code ein',