mirror of
https://github.com/danny-avila/LibreChat.git
synced 2025-12-20 10:20:15 +01:00
f0f09138bd
* 🔒 feat: add Two-Factor Authentication (2FA) with backup codes & QR support (#5684) * working version for generating TOTP and authenticate. * better looking UI * refactored + better TOTP logic * fixed issue with UI * fixed issue: remove initial setup when closing window before completion. * added: onKeyDown for verify and disable * refactored some code and cleaned it up a bit. * refactored some code and cleaned it up a bit. * refactored some code and cleaned it up a bit. * refactored some code and cleaned it up a bit. * fixed issue after updating to new main branch * updated example * refactored controllers * removed `passport-totp` not used. * update the generateBackupCodes function to generate 10 codes by default: * update the backup codes to an object. * fixed issue with backup codes not working * be able to disable 2FA with backup codes. * removed new env. replaced with JWT_SECRET * ✨ style: improved a11y and style for TwoFactorAuthentication * 🔒 fix: small types checks * ✨ feat: improve 2FA UI components * fix: remove unnecessary console log * add option to disable 2FA with backup codes * - add option to refresh backup codes - (optional) maybe show the user which backup codes have already been used? * removed text to be able to merge the main. * removed eng tx to be able to merge * fix: migrated lang to new format. * feat: rewrote whole 2FA UI + refactored 2FA backend * chore: resolving conflicts * chore: resolving conflicts * fix: missing packages, because of resolving conflicts. * fix: UI issue and improved a11y * fix: 2FA backup code not working * fix: update localization keys for UI consistency * fix: update button label to use localized text * fix: refactor backup codes regeneration and update localization keys * fix: remove outdated translation for shared links management * fix: remove outdated 2FA code prompts from translation.json * fix: add cursor styles for backup codes item based on usage state * fix: resolve conflict issue * fix: resolve conflict issue * fix: resolve conflict issue * fix: missing packages in package-lock.json * fix: add disabled opacity to the verify button in TwoFactorScreen * ⚙ fix: update 2FA logic to rely on backup codes instead of TOTP status * ⚙️ fix: Simplify user retrieval in 2FA logic by removing unnecessary TOTP secret query * ⚙️ test: Add unit tests for TwoFactorAuthController and twoFactorControllers * ⚙️ fix: Ensure backup codes are validated as an array before usage in 2FA components * ⚙️ fix: Update module path mappings in tests to use relative paths * ⚙️ fix: Update moduleNameMapper in jest.config.js to remove the caret from path mapping * ⚙️ refactor: Simplify import paths in TwoFactorAuthController and twoFactorControllers test files * ⚙️ test: Mock twoFactorService methods in twoFactorControllers tests * ⚙️ refactor: Comment out unused imports and mock setups in test files for two-factor authentication * ⚙️ refactor: removed files * refactor: Exclude totpSecret from user data retrieval in AuthController, LoginController, and jwtStrategy * refactor: Consolidate backup code verification to apply DRY and remove default array in user schema * refactor: Enhance two-factor authentication ux/flow with improved error handling and loading state management, prevent redirect to /login --------- Co-authored-by: Marco Beretta <81851188+berry-13@users.noreply.github.com> Co-authored-by: Danny Avila <danny@librechat.ai>
99 lines
3.1 KiB
TypeScript
99 lines
3.1 KiB
TypeScript
import { TranslationKeys, useLocalize } from '~/hooks';
|
|
import { BlinkAnimation } from './BlinkAnimation';
|
|
import { TStartupConfig } from 'librechat-data-provider';
|
|
import SocialLoginRender from './SocialLoginRender';
|
|
import { ThemeSelector } from '~/components/ui';
|
|
import { Banner } from '../Banners';
|
|
import Footer from './Footer';
|
|
|
|
const ErrorRender = ({ children }: { children: React.ReactNode }) => (
|
|
<div className="mt-16 flex justify-center">
|
|
<div
|
|
role="alert"
|
|
aria-live="assertive"
|
|
className="rounded-md border border-red-500 bg-red-500/10 px-3 py-2 text-sm text-gray-600 dark:text-gray-200"
|
|
>
|
|
{children}
|
|
</div>
|
|
</div>
|
|
);
|
|
|
|
function AuthLayout({
|
|
children,
|
|
header,
|
|
isFetching,
|
|
startupConfig,
|
|
startupConfigError,
|
|
pathname,
|
|
error,
|
|
}: {
|
|
children: React.ReactNode;
|
|
header: React.ReactNode;
|
|
isFetching: boolean;
|
|
startupConfig: TStartupConfig | null | undefined;
|
|
startupConfigError: unknown | null | undefined;
|
|
pathname: string;
|
|
error: TranslationKeys | null;
|
|
}) {
|
|
const localize = useLocalize();
|
|
|
|
const hasStartupConfigError = startupConfigError !== null && startupConfigError !== undefined;
|
|
const DisplayError = () => {
|
|
if (hasStartupConfigError) {
|
|
return <ErrorRender>{localize('com_auth_error_login_server')}</ErrorRender>;
|
|
} else if (error === 'com_auth_error_invalid_reset_token') {
|
|
return (
|
|
<ErrorRender>
|
|
{localize('com_auth_error_invalid_reset_token')}{' '}
|
|
<a className="font-semibold text-green-600 hover:underline" href="/forgot-password">
|
|
{localize('com_auth_click_here')}
|
|
</a>{' '}
|
|
{localize('com_auth_to_try_again')}
|
|
</ErrorRender>
|
|
);
|
|
} else if (error != null && error) {
|
|
return <ErrorRender>{localize(error)}</ErrorRender>;
|
|
}
|
|
return null;
|
|
};
|
|
|
|
return (
|
|
<div className="relative flex min-h-screen flex-col bg-white dark:bg-gray-900">
|
|
<Banner />
|
|
<BlinkAnimation active={isFetching}>
|
|
<div className="mt-6 h-10 w-full bg-cover">
|
|
<img
|
|
src="/assets/logo.svg"
|
|
className="h-full w-full object-contain"
|
|
alt={localize('com_ui_logo', { 0: startupConfig?.appTitle ?? 'LibreChat' })}
|
|
/>
|
|
</div>
|
|
</BlinkAnimation>
|
|
<DisplayError />
|
|
<div className="absolute bottom-0 left-0 md:m-4">
|
|
<ThemeSelector />
|
|
</div>
|
|
|
|
<div className="flex flex-grow items-center justify-center">
|
|
<div className="w-authPageWidth overflow-hidden bg-white px-6 py-4 dark:bg-gray-900 sm:max-w-md sm:rounded-lg">
|
|
{!hasStartupConfigError && !isFetching && (
|
|
<h1
|
|
className="mb-4 text-center text-3xl font-semibold text-black dark:text-white"
|
|
style={{ userSelect: 'none' }}
|
|
>
|
|
{header}
|
|
</h1>
|
|
)}
|
|
{children}
|
|
{!pathname.includes('2fa') &&
|
|
(pathname.includes('login') || pathname.includes('register')) && (
|
|
<SocialLoginRender startupConfig={startupConfig} />
|
|
)}
|
|
</div>
|
|
</div>
|
|
<Footer startupConfig={startupConfig} />
|
|
</div>
|
|
);
|
|
}
|
|
|
|
export default AuthLayout;
|