pokemon/nuzlocke-tracker
1
1
Fork 0
Code Issues Pull Requests 10 Actions Packages Projects Releases Wiki Activity

feat: add optional TOTP MFA for email/password accounts
All checks were successful
CI / backend-tests (pull_request) Successful in 26s
Details
CI / frontend-tests (pull_request) Successful in 28s
Details

Browse Source 
- Add MFA enrollment UI in new Settings page with QR code and backup secret
- Add TOTP challenge step to login flow for enrolled users
- Check AAL after login and show TOTP input when aal2 required
- Add disable MFA option with TOTP re-verification
- Only show MFA options for email/password users (not OAuth)
- Add Settings link to user dropdown menu

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Julian Tabel
2026-03-21 13:56:48 +01:00
parent a12958ae32
commit 7a828d7215
7 changed files with 610 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
frontend/src/pages/Login.tsx
View File

@@ -7,9 +7,11 @@ const isLocalDev = import.meta.env['VITE_SUPABASE_URL']?.includes('localhost') ?
export function Login() {
const [email, setEmail] = useState('')
const [password, setPassword] = useState('')
const [totpCode, setTotpCode] = useState('')
const [error, setError] = useState<string | null>(null)
const [loading, setLoading] = useState(false)
const { signInWithEmail, signInWithGoogle, signInWithDiscord } = useAuth()
const [showMfaChallenge, setShowMfaChallenge] = useState(false)
const { signInWithEmail, signInWithGoogle, signInWithDiscord, verifyMfa } = useAuth()
const navigate = useNavigate()
const location = useLocation()
@@ -20,11 +22,29 @@ export function Login() {
setError(null)
setLoading(true)
const { error } = await signInWithEmail(email, password)
const { error, requiresMfa } = await signInWithEmail(email, password)
setLoading(false)
if (error) {
setError(error.message)
} else if (requiresMfa) {
setShowMfaChallenge(true)
} else {
navigate(from, { replace: true })
}
}
async function handleMfaSubmit(e: React.FormEvent) {
e.preventDefault()
setError(null)
setLoading(true)
const { error } = await verifyMfa(totpCode)
setLoading(false)
if (error) {
setError(error.message)
setTotpCode('')
} else {
navigate(from, { replace: true })
}
@@ -42,6 +62,68 @@ export function Login() {
if (error) setError(error.message)
}
if (showMfaChallenge) {
return (
<div className="min-h-[80vh] flex items-center justify-center px-4">
<div className="w-full max-w-sm space-y-6">
<div className="text-center">
<h1 className="text-2xl font-bold">Two-Factor Authentication</h1>
<p className="text-text-secondary mt-1">Enter the code from your authenticator app</p>
</div>
{error && (
<div className="bg-red-500/10 border border-red-500/20 text-red-400 px-4 py-3 rounded-lg text-sm">
{error}
</div>
)}
<form onSubmit={handleMfaSubmit} className="space-y-4">
<div>
<label
htmlFor="totp-code"
className="block text-sm font-medium text-text-secondary mb-1"
>
Authentication code
</label>
<input
id="totp-code"
type="text"
inputMode="numeric"
pattern="[0-9]*"
maxLength={6}
value={totpCode}
onChange={(e) => setTotpCode(e.target.value.replace(/\D/g, ''))}
autoFocus
className="w-full px-3 py-2 bg-surface-2 border border-border-default rounded-lg focus:outline-none focus:ring-2 focus:ring-accent-500 text-center text-lg tracking-widest font-mono"
autoComplete="one-time-code"
/>
</div>
<button
type="submit"
disabled={totpCode.length !== 6 || loading}
className="w-full py-2 px-4 bg-accent-600 hover:bg-accent-700 disabled:opacity-50 disabled:cursor-not-allowed text-white font-medium rounded-lg transition-colors"
>
{loading ? 'Verifying...' : 'Verify'}
</button>
</form>
<button
type="button"
onClick={() => {
setShowMfaChallenge(false)
setTotpCode('')
setError(null)
}}
className="w-full text-center text-sm text-text-secondary hover:text-text-primary"
>
Back to login
</button>
</div>
</div>
)
}
return (
<div className="min-h-[80vh] flex items-center justify-center px-4">
<div className="w-full max-w-sm space-y-6">