Add MFA Verification UI during login

Implements MFA verification dialog for login flow: MFA Verification Features: - MFAVerificationDialog component for code entry - TOTP code input (6-digit authenticator app code) - Email code input with auto-send on dialog open - Backup code support mentioned in help text - Resend email code functionality - Auto-focus on code input field - Large, centered code input for easy entry - Real-time validation (6-digit code required) Login Flow Integration: - Detect MFA requirement from login API error - Show MFA dialog when MFA is enabled for user - Handle MFA verification success with token storage - Allow cancellation to retry login - Seamless transition after successful verification User Experience: - Email codes sent automatically - Visual feedback for code sending/verification - Error alerts for invalid codes - Loading states for all async operations - Clean, focused dialog design - Tip about backup codes Implementation Details: - Integrated with existing login page - Error handling for MFA-required responses - Token storage after MFA verification - Navigation after successful MFA - Support for both TOTP and Email MFA methods 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-01 21:09:42 +00:00
parent e1842f5c1a
commit 48f45f1b04
2 changed files with 236 additions and 1 deletions
--- a/maternal-web/components/auth/MFAVerificationDialog.tsx
+++ b/maternal-web/components/auth/MFAVerificationDialog.tsx
@@ -0,0 +1,199 @@
+'use client';
+
+import { useState, useEffect } from 'react';
+import {
+  Dialog,
+  DialogTitle,
+  DialogContent,
+  DialogActions,
+  Button,
+  TextField,
+  Typography,
+  Alert,
+  CircularProgress,
+  Box,
+  Link as MuiLink,
+} from '@mui/material';
+import { Security } from '@mui/icons-material';
+import axios from 'axios';
+
+const API_BASE_URL = process.env.NEXT_PUBLIC_API_URL || 'http://localhost:3020';
+
+interface MFAVerificationDialogProps {
+  open: boolean;
+  userId: string;
+  mfaMethod: 'totp' | 'email';
+  onVerified: (tokens: { accessToken: string; refreshToken: string }, user: any) => void;
+  onCancel: () => void;
+}
+
+export function MFAVerificationDialog({
+  open,
+  userId,
+  mfaMethod,
+  onVerified,
+  onCancel,
+}: MFAVerificationDialogProps) {
+  const [verificationCode, setVerificationCode] = useState('');
+  const [error, setError] = useState<string | null>(null);
+  const [isVerifying, setIsVerifying] = useState(false);
+  const [isSendingCode, setIsSendingCode] = useState(false);
+  const [codeSent, setCodeSent] = useState(false);
+
+  // Auto-send email code when dialog opens
+  useEffect(() => {
+    if (open && mfaMethod === 'email' && !codeSent) {
+      sendEmailCode();
+    }
+  }, [open, mfaMethod, codeSent]);
+
+  const sendEmailCode = async () => {
+    try {
+      setIsSendingCode(true);
+      setError(null);
+      await axios.post(`${API_BASE_URL}/api/v1/auth/mfa/email/send-code`, {
+        userId,
+      });
+      setCodeSent(true);
+    } catch (err: any) {
+      console.error('Failed to send email code:', err);
+      setError(err.response?.data?.message || 'Failed to send verification code');
+    } finally {
+      setIsSendingCode(false);
+    }
+  };
+
+  const handleVerify = async () => {
+    if (!verificationCode || verificationCode.length < 6) {
+      setError('Please enter a valid verification code');
+      return;
+    }
+
+    try {
+      setIsVerifying(true);
+      setError(null);
+
+      const response = await axios.post(`${API_BASE_URL}/api/v1/auth/mfa/verify`, {
+        userId,
+        code: verificationCode,
+      });
+
+      if (response.data.success) {
+        // Get tokens after successful MFA verification
+        // Note: Backend should return tokens after MFA verification
+        // For now, we'll assume success and let the parent handle it
+        onVerified(response.data.tokens, response.data.user);
+      }
+    } catch (err: any) {
+      console.error('Failed to verify MFA code:', err);
+      setError(err.response?.data?.message || 'Invalid verification code');
+    } finally {
+      setIsVerifying(false);
+    }
+  };
+
+  const handleResendCode = async () => {
+    setCodeSent(false);
+    setVerificationCode('');
+    setError(null);
+    await sendEmailCode();
+  };
+
+  const handleCancel = () => {
+    setVerificationCode('');
+    setError(null);
+    setCodeSent(false);
+    onCancel();
+  };
+
+  return (
+    <Dialog open={open} onClose={handleCancel} maxWidth="sm" fullWidth>
+      <DialogTitle>
+        <Box sx={{ display: 'flex', alignItems: 'center', gap: 1 }}>
+          <Security color="primary" />
+          <Typography variant="h6">Two-Factor Authentication</Typography>
+        </Box>
+      </DialogTitle>
+      <DialogContent>
+        {mfaMethod === 'totp' ? (
+          <>
+            <Typography variant="body2" color="text.secondary" sx={{ mb: 3 }}>
+              Enter the 6-digit code from your authenticator app to continue.
+            </Typography>
+          </>
+        ) : (
+          <>
+            <Typography variant="body2" color="text.secondary" sx={{ mb: 3 }}>
+              {codeSent
+                ? 'A 6-digit verification code has been sent to your email.'
+                : 'Sending verification code to your email...'}
+            </Typography>
+            {isSendingCode && (
+              <Box sx={{ display: 'flex', justifyContent: 'center', mb: 2 }}>
+                <CircularProgress size={24} />
+              </Box>
+            )}
+          </>
+        )}
+
+        {error && (
+          <Alert severity="error" sx={{ mb: 3 }}>
+            {error}
+          </Alert>
+        )}
+
+        <TextField
+          fullWidth
+          label="Verification Code"
+          placeholder={mfaMethod === 'totp' ? '000000' : '123456'}
+          value={verificationCode}
+          onChange={(e) =>
+            setVerificationCode(e.target.value.replace(/\D/g, '').slice(0, mfaMethod === 'totp' ? 6 : 6))
+          }
+          disabled={isVerifying || isSendingCode}
+          autoFocus
+          inputProps={{
+            style: { textAlign: 'center', fontSize: '1.5rem', letterSpacing: '0.5rem' },
+            maxLength: 6,
+          }}
+        />
+
+        {mfaMethod === 'email' && codeSent && (
+          <Box sx={{ mt: 2, textAlign: 'center' }}>
+            <Typography variant="body2" color="text.secondary">
+              Didn't receive the code?{' '}
+              <MuiLink
+                component="button"
+                variant="body2"
+                onClick={handleResendCode}
+                disabled={isSendingCode}
+                sx={{ cursor: 'pointer' }}
+              >
+                Resend
+              </MuiLink>
+            </Typography>
+          </Box>
+        )}
+
+        <Alert severity="info" sx={{ mt: 3 }}>
+          <Typography variant="body2">
+            <strong>Tip:</strong> You can also use a backup code if you don't have access to your{' '}
+            {mfaMethod === 'totp' ? 'authenticator app' : 'email'}.
+          </Typography>
+        </Alert>
+      </DialogContent>
+      <DialogActions>
+        <Button onClick={handleCancel} disabled={isVerifying}>
+          Cancel
+        </Button>
+        <Button
+          onClick={handleVerify}
+          variant="contained"
+          disabled={isVerifying || verificationCode.length !== 6}
+        >
+          {isVerifying ? <CircularProgress size={20} /> : 'Verify'}
+        </Button>
+      </DialogActions>
+    </Dialog>
+  );
+}