LibreChat/client/src/components/Auth/TwoFactorScreen.tsx

import React, { useState, useCallback } from 'react';
import { useSearchParams } from 'react-router-dom';
import { useForm, Controller } from 'react-hook-form';
import { REGEXP_ONLY_DIGITS, REGEXP_ONLY_DIGITS_AND_CHARS } from 'input-otp';
import { InputOTP, InputOTPGroup, InputOTPSeparator, InputOTPSlot, Label } from '~/components';
import { useVerifyTwoFactorTempMutation } from '~/data-provider';
import { useToastContext } from '~/Providers';
import { useLocalize } from '~/hooks';

interface VerifyPayload {
  tempToken: string;
  token?: string;
  backupCode?: string;
}

type TwoFactorFormInputs = {
  token?: string;
  backupCode?: string;
};

const TwoFactorScreen: React.FC = React.memo(() => {
  const [searchParams] = useSearchParams();
  const tempTokenRaw = searchParams.get('tempToken');
  const tempToken = tempTokenRaw !== null && tempTokenRaw !== '' ? tempTokenRaw : '';

  const {
    control,
    handleSubmit,
    formState: { errors },
  } = useForm<TwoFactorFormInputs>();
  const localize = useLocalize();
  const { showToast } = useToastContext();
  const [useBackup, setUseBackup] = useState<boolean>(false);
  const [isLoading, setIsLoading] = useState<boolean>(false);
  const { mutate: verifyTempMutate } = useVerifyTwoFactorTempMutation({
    onSuccess: (result) => {
      if (result.token != null && result.token !== '') {
        window.location.href = '/';
      }
    },
    onMutate: () => {
      setIsLoading(true);
    },
    onError: (error: unknown) => {
      setIsLoading(false);
      const err = error as { response?: { data?: { message?: unknown } } };
      const errorMsg =
        typeof err.response?.data?.message === 'string'
          ? err.response.data.message
          : 'Error verifying 2FA';
      showToast({ message: errorMsg, status: 'error' });
    },
  });

  const onSubmit = useCallback(
    (data: TwoFactorFormInputs) => {
      const payload: VerifyPayload = { tempToken };
      if (useBackup && data.backupCode != null && data.backupCode !== '') {
        payload.backupCode = data.backupCode;
      } else if (data.token != null && data.token !== '') {
        payload.token = data.token;
      }
      verifyTempMutate(payload);
    },
    [tempToken, useBackup, verifyTempMutate],
  );

  const toggleBackupOn = useCallback(() => {
    setUseBackup(true);
  }, []);

  const toggleBackupOff = useCallback(() => {
    setUseBackup(false);
  }, []);

  return (
    <div className="mt-4">
      <form onSubmit={handleSubmit(onSubmit)}>
        <Label className="flex justify-center break-keep text-center text-sm text-text-primary">
          {localize('com_auth_two_factor')}
        </Label>
        {!useBackup && (
          <div className="my-4 flex justify-center text-text-primary">
            <Controller
              name="token"
              control={control}
              render={({ field: { onChange, value } }) => (
                <InputOTP
                  maxLength={6}
                  value={value != null ? value : ''}
                  onChange={onChange}
                  pattern={REGEXP_ONLY_DIGITS}
                >
                  <InputOTPGroup>
                    <InputOTPSlot index={0} />
                    <InputOTPSlot index={1} />
                    <InputOTPSlot index={2} />
                  </InputOTPGroup>
                  <InputOTPSeparator />
                  <InputOTPGroup>
                    <InputOTPSlot index={3} />
                    <InputOTPSlot index={4} />
                    <InputOTPSlot index={5} />
                  </InputOTPGroup>
                </InputOTP>
              )}
            />
            {errors.token && <span className="text-sm text-red-500">{errors.token.message}</span>}
          </div>
        )}
        {useBackup && (
          <div className="my-4 flex justify-center text-text-primary">
            <Controller
              name="backupCode"
              control={control}
              render={({ field: { onChange, value } }) => (
                <InputOTP
                  maxLength={8}
                  value={value != null ? value : ''}
                  onChange={onChange}
                  pattern={REGEXP_ONLY_DIGITS_AND_CHARS}
                >
                  <InputOTPGroup>
                    <InputOTPSlot index={0} />
                    <InputOTPSlot index={1} />
                    <InputOTPSlot index={2} />
                    <InputOTPSlot index={3} />
                    <InputOTPSlot index={4} />
                    <InputOTPSlot index={5} />
                    <InputOTPSlot index={6} />
                    <InputOTPSlot index={7} />
                  </InputOTPGroup>
                </InputOTP>
              )}
            />
            {errors.backupCode && (
              <span className="text-sm text-red-500">{errors.backupCode.message}</span>
            )}
          </div>
        )}
        <div className="flex items-center justify-between">
          <button
            type="submit"
            aria-label={localize('com_auth_continue')}
            data-testid="login-button"
            disabled={isLoading}
            className="w-full rounded-2xl bg-green-600 px-4 py-3 text-sm font-medium text-white transition-colors hover:bg-green-700 disabled:opacity-80 dark:bg-green-600 dark:hover:bg-green-700"
          >
            {isLoading ? localize('com_auth_email_verifying_ellipsis') : localize('com_ui_verify')}
          </button>
        </div>
        <div className="mt-4 flex justify-center">
          {!useBackup ? (
            <button
              type="button"
              onClick={toggleBackupOn}
              className="inline-flex p-1 text-sm font-medium text-green-600 transition-colors hover:text-green-700 dark:text-green-400 dark:hover:text-green-300"
            >
              {localize('com_ui_use_backup_code')}
            </button>
          ) : (
            <button
              type="button"
              onClick={toggleBackupOff}
              className="inline-flex p-1 text-sm font-medium text-green-600 transition-colors hover:text-green-700 dark:text-green-400 dark:hover:text-green-300"
            >
              {localize('com_ui_use_2fa_code')}
            </button>
          )}
        </div>
      </form>
    </div>
  );
});

export default TwoFactorScreen;
🔒 feat: Two-Factor Authentication with Backup Codes & QR support (#5685) * 🔒 feat: add Two-Factor Authentication (2FA) with backup codes & QR support (#5684) * working version for generating TOTP and authenticate. * better looking UI * refactored + better TOTP logic * fixed issue with UI * fixed issue: remove initial setup when closing window before completion. * added: onKeyDown for verify and disable * refactored some code and cleaned it up a bit. * refactored some code and cleaned it up a bit. * refactored some code and cleaned it up a bit. * refactored some code and cleaned it up a bit. * fixed issue after updating to new main branch * updated example * refactored controllers * removed `passport-totp` not used. * update the generateBackupCodes function to generate 10 codes by default: * update the backup codes to an object. * fixed issue with backup codes not working * be able to disable 2FA with backup codes. * removed new env. replaced with JWT_SECRET * ✨ style: improved a11y and style for TwoFactorAuthentication * 🔒 fix: small types checks * ✨ feat: improve 2FA UI components * fix: remove unnecessary console log * add option to disable 2FA with backup codes * - add option to refresh backup codes - (optional) maybe show the user which backup codes have already been used? * removed text to be able to merge the main. * removed eng tx to be able to merge * fix: migrated lang to new format. * feat: rewrote whole 2FA UI + refactored 2FA backend * chore: resolving conflicts * chore: resolving conflicts * fix: missing packages, because of resolving conflicts. * fix: UI issue and improved a11y * fix: 2FA backup code not working * fix: update localization keys for UI consistency * fix: update button label to use localized text * fix: refactor backup codes regeneration and update localization keys * fix: remove outdated translation for shared links management * fix: remove outdated 2FA code prompts from translation.json * fix: add cursor styles for backup codes item based on usage state * fix: resolve conflict issue * fix: resolve conflict issue * fix: resolve conflict issue * fix: missing packages in package-lock.json * fix: add disabled opacity to the verify button in TwoFactorScreen * ⚙ fix: update 2FA logic to rely on backup codes instead of TOTP status * ⚙️ fix: Simplify user retrieval in 2FA logic by removing unnecessary TOTP secret query * ⚙️ test: Add unit tests for TwoFactorAuthController and twoFactorControllers * ⚙️ fix: Ensure backup codes are validated as an array before usage in 2FA components * ⚙️ fix: Update module path mappings in tests to use relative paths * ⚙️ fix: Update moduleNameMapper in jest.config.js to remove the caret from path mapping * ⚙️ refactor: Simplify import paths in TwoFactorAuthController and twoFactorControllers test files * ⚙️ test: Mock twoFactorService methods in twoFactorControllers tests * ⚙️ refactor: Comment out unused imports and mock setups in test files for two-factor authentication * ⚙️ refactor: removed files * refactor: Exclude totpSecret from user data retrieval in AuthController, LoginController, and jwtStrategy * refactor: Consolidate backup code verification to apply DRY and remove default array in user schema * refactor: Enhance two-factor authentication ux/flow with improved error handling and loading state management, prevent redirect to /login --------- Co-authored-by: Marco Beretta <81851188+berry-13@users.noreply.github.com> Co-authored-by: Danny Avila <danny@librechat.ai> 2025-02-18 01:09:36 +01:00			`import React, { useState, useCallback } from 'react';`
			`import { useSearchParams } from 'react-router-dom';`
			`import { useForm, Controller } from 'react-hook-form';`
			`import { REGEXP_ONLY_DIGITS, REGEXP_ONLY_DIGITS_AND_CHARS } from 'input-otp';`
			`import { InputOTP, InputOTPGroup, InputOTPSeparator, InputOTPSlot, Label } from '~/components';`
			`import { useVerifyTwoFactorTempMutation } from '~/data-provider';`
			`import { useToastContext } from '~/Providers';`
			`import { useLocalize } from '~/hooks';`

			`interface VerifyPayload {`
			`tempToken: string;`
			`token?: string;`
			`backupCode?: string;`
			`}`

			`type TwoFactorFormInputs = {`
			`token?: string;`
			`backupCode?: string;`
			`};`

			`const TwoFactorScreen: React.FC = React.memo(() => {`
			`const [searchParams] = useSearchParams();`
			`const tempTokenRaw = searchParams.get('tempToken');`
			`const tempToken = tempTokenRaw !== null && tempTokenRaw !== '' ? tempTokenRaw : '';`

			`const {`
			`control,`
			`handleSubmit,`
			`formState: { errors },`
			`} = useForm<TwoFactorFormInputs>();`
			`const localize = useLocalize();`
			`const { showToast } = useToastContext();`
			`const [useBackup, setUseBackup] = useState<boolean>(false);`
			`const [isLoading, setIsLoading] = useState<boolean>(false);`
			`const { mutate: verifyTempMutate } = useVerifyTwoFactorTempMutation({`
			`onSuccess: (result) => {`
			`if (result.token != null && result.token !== '') {`
			`window.location.href = '/';`
			`}`
			`},`
			`onMutate: () => {`
			`setIsLoading(true);`
			`},`
			`onError: (error: unknown) => {`
			`setIsLoading(false);`
			`const err = error as { response?: { data?: { message?: unknown } } };`
			`const errorMsg =`
			`typeof err.response?.data?.message === 'string'`
			`? err.response.data.message`
			`: 'Error verifying 2FA';`
			`showToast({ message: errorMsg, status: 'error' });`
			`},`
			`});`

			`const onSubmit = useCallback(`
			`(data: TwoFactorFormInputs) => {`
			`const payload: VerifyPayload = { tempToken };`
			`if (useBackup && data.backupCode != null && data.backupCode !== '') {`
			`payload.backupCode = data.backupCode;`
			`} else if (data.token != null && data.token !== '') {`
			`payload.token = data.token;`
			`}`
			`verifyTempMutate(payload);`
			`},`
			`[tempToken, useBackup, verifyTempMutate],`
			`);`

			`const toggleBackupOn = useCallback(() => {`
			`setUseBackup(true);`
			`}, []);`

			`const toggleBackupOff = useCallback(() => {`
			`setUseBackup(false);`
			`}, []);`

			`return (`
			`<div className="mt-4">`
			`<form onSubmit={handleSubmit(onSubmit)}>`
			`<Label className="flex justify-center break-keep text-center text-sm text-text-primary">`
			`{localize('com_auth_two_factor')}`
			`</Label>`
			`{!useBackup && (`
			`<div className="my-4 flex justify-center text-text-primary">`
			`<Controller`
			`name="token"`
			`control={control}`
			`render={({ field: { onChange, value } }) => (`
			`<InputOTP`
			`maxLength={6}`
			`value={value != null ? value : ''}`
			`onChange={onChange}`
			`pattern={REGEXP_ONLY_DIGITS}`
			`>`
			`<InputOTPGroup>`
			`<InputOTPSlot index={0} />`
			`<InputOTPSlot index={1} />`
			`<InputOTPSlot index={2} />`
			`</InputOTPGroup>`
			`<InputOTPSeparator />`
			`<InputOTPGroup>`
			`<InputOTPSlot index={3} />`
			`<InputOTPSlot index={4} />`
			`<InputOTPSlot index={5} />`
			`</InputOTPGroup>`
			`</InputOTP>`
			`)}`
			`/>`
			`{errors.token && <span className="text-sm text-red-500">{errors.token.message}</span>}`
			`</div>`
			`)}`
			`{useBackup && (`
			`<div className="my-4 flex justify-center text-text-primary">`
			`<Controller`
			`name="backupCode"`
			`control={control}`
			`render={({ field: { onChange, value } }) => (`
			`<InputOTP`
			`maxLength={8}`
			`value={value != null ? value : ''}`
			`onChange={onChange}`
			`pattern={REGEXP_ONLY_DIGITS_AND_CHARS}`
			`>`
			`<InputOTPGroup>`
			`<InputOTPSlot index={0} />`
			`<InputOTPSlot index={1} />`
			`<InputOTPSlot index={2} />`
			`<InputOTPSlot index={3} />`
			`<InputOTPSlot index={4} />`
			`<InputOTPSlot index={5} />`
			`<InputOTPSlot index={6} />`
			`<InputOTPSlot index={7} />`
			`</InputOTPGroup>`
			`</InputOTP>`
			`)}`
			`/>`
			`{errors.backupCode && (`
			`<span className="text-sm text-red-500">{errors.backupCode.message}</span>`
			`)}`
			`</div>`
			`)}`
			`<div className="flex items-center justify-between">`
			`<button`
			`type="submit"`
			`aria-label={localize('com_auth_continue')}`
			`data-testid="login-button"`
			`disabled={isLoading}`
			`className="w-full rounded-2xl bg-green-600 px-4 py-3 text-sm font-medium text-white transition-colors hover:bg-green-700 disabled:opacity-80 dark:bg-green-600 dark:hover:bg-green-700"`
			`>`
			`{isLoading ? localize('com_auth_email_verifying_ellipsis') : localize('com_ui_verify')}`
			`</button>`
			`</div>`
			`<div className="mt-4 flex justify-center">`
			`{!useBackup ? (`
			`<button`
			`type="button"`
			`onClick={toggleBackupOn}`
			`className="inline-flex p-1 text-sm font-medium text-green-600 transition-colors hover:text-green-700 dark:text-green-400 dark:hover:text-green-300"`
			`>`
			`{localize('com_ui_use_backup_code')}`
			`</button>`
			`) : (`
			`<button`
			`type="button"`
			`onClick={toggleBackupOff}`
			`className="inline-flex p-1 text-sm font-medium text-green-600 transition-colors hover:text-green-700 dark:text-green-400 dark:hover:text-green-300"`
			`>`
			`{localize('com_ui_use_2fa_code')}`
			`</button>`
			`)}`
			`</div>`
			`</form>`
			`</div>`
			`);`
			`});`

			`export default TwoFactorScreen;`