I have a server api written by Nodejs
In the login process, I have two functions. The first takes the username and password from the user and sends them to the second function, which in turn examines the user data and returns the result to the first function.
I added two-factor authentication to my app
When the user does not activate two-factor authentication in his account, there is no problem
But when he activated two-factor authentication, I did not know how to arrange things. It seems that I have a problem with logic
I set a condition in the authService.loginUser function. If the user has enabled two-factor authentication, the result is returned to the login function, and the frontend is notified of that.
My question is as follows
After informing the frontend user that the user has activated the protection, it will be transferred to the code verification process
After the success of the process, how do I return to the login function in order to restore the user data after the successful login
this login
const login = async (req, res) => {
try {
let { username, password } = req.body;
if (!username || !password) {
return res.badRequest({
message:
"Insufficient request parameters! username and password is required.",
});
}
let roleAccess = false;
if (req.body.includeRoleAccess) {
roleAccess = req.body.includeRoleAccess;
}
let result = await authService.loginUser(
username,
password,
authConstant.PLATFORM.CLIENT,
roleAccess
);
if (result.flag) {
return res.badRequest({ message: result.data });
}
/*
Here, the user has re-activated the feature
Then I informed the Front End of that
On the opposite side, the user will be transferred to the verification process
How do I get it back here exactly so that its data is sent after entering
*/
if(result.twoFactorAuthEnabled){
return res.send({
twoFactorAuthEnabled: true,
});
}
return res.success({
data: result.data,
message: "Login Successful",
});
} catch (error) {
return res.internalServerError({ data: error.message });
}
};
this VerifyOTP
const VerifyOTP = async (req, res) => {
try {
let loginUser = { _id: req.user.id };
let foundUserLogin = await dbService.findOne(User, loginUser);
const user_id = foundUserLogin.id;
const token = req.body.token;
//check user find
if (!foundUserLogin) {
return res.badRequest({
message: "not user",
});
}
const verified = speakeasy.totp.verify({
secret: foundUserLogin.otp_base32,
encoding: "base32",
token: token,
window: 1
});
if (!verified) {
return res.badRequest({
message: "! code",
});
}
res.status(200).json({
//how to back to login function for restore the user data ????
});
} catch (error){
return res.internalServerError({ message:error.message });
}};