GaloyMoney · siddhart1o1 · Jan 19, 2024 · Jan 19, 2024 · Jan 19, 2024 · Jan 19, 2024
diff --git a/src/app/operations/auth.rs b/src/app/operations/auth.rs
@@ -3,15 +3,53 @@ use anyhow::{Context, Result};
 use crate::app::{file_manager, App};
 
 impl App {
-    pub async fn user_login(&self, phone: Option<String>, code: String, email: bool) -> Result<()> {
+    pub async fn user_login(
+        &self,
+        phone: Option<String>,
+        code: String,
+        email: bool,
+        two_fa_code: Option<String>,
+    ) -> Result<()> {
         if let Some(phone) = phone {
             let result = self
                 .client
                 .user_login_phone(phone.clone(), code.clone())
                 .await
                 .context("Failed to log in")?;
 
-            file_manager::save_data(file_manager::TOKEN_FILE_NAME, &result)
+            let auth_token = result.auth_token;
+            let totp_required = result.totp_required;
+
+            if totp_required {
+                let mut is_valid_2fa = false;
+                let mut final_two_fa_code = two_fa_code;
+
+                while !is_valid_2fa {
+                    if final_two_fa_code.is_none() {
+                        println!("Your account requires two-factor authentication. Please enter your TFA code:");
+                        let mut input = String::new();
+                        std::io::stdin()
+                            .read_line(&mut input)
+                            .expect("Failed to read line");
+                        final_two_fa_code = Some(input.trim().to_string());
+                    }
+
+                    is_valid_2fa = self
+                        .client
+                        .validate_totp_code(auth_token.clone(), final_two_fa_code.clone().unwrap())
+                        .await
+                        .context("something went wrong")?;
+
+                    if !is_valid_2fa {
+                        println!(
+                            "The entered 2FA code is incorrect. Please enter the correct TFA code:"
+                        );
+                        final_two_fa_code = None;
+                    }
+                }
+            }
+
+            file_manager::save_data(file_manager::TOKEN_FILE_NAME, &auth_token)
                 .context("Failed to save token")?;
 
             println!("User logged in successfully!");
@@ -25,7 +63,39 @@ impl App {
                 .await
                 .context("Failed to log in")?;
 
-            file_manager::save_data(file_manager::TOKEN_FILE_NAME, &result)
+            let auth_token = result.auth_token;
+            let totp_required = result.totp_required;
+
+            if totp_required {
+                let mut is_valid_2fa = false;
+                let mut final_two_fa_code = two_fa_code;
+
+                while !is_valid_2fa {
+                    if final_two_fa_code.is_none() {
+                        println!("Your account requires two-factor authentication. Please enter your TFA code:");
+                        let mut input = String::new();
+                        std::io::stdin()
+                            .read_line(&mut input)
+                            .expect("Failed to read line");
+                        final_two_fa_code = Some(input.trim().to_string());
+                    }
+
+                    is_valid_2fa = self
+                        .client
+                        .validate_totp_code(auth_token.clone(), final_two_fa_code.clone().unwrap())
+                        .await
+                        .context("something went wrong")?;
+
+                    if !is_valid_2fa {
+                        println!(
+                            "The entered 2FA code is incorrect. Please enter the correct TFA code:"
+                        );
+                        final_two_fa_code = None;
+                    }
+                }
+            }
+
+            file_manager::save_data(file_manager::TOKEN_FILE_NAME, &auth_token)
                 .context("Failed to save token")?;
 
             println!("User logged in successfully!");

diff --git a/src/cli/commands.rs b/src/cli/commands.rs
@@ -34,6 +34,8 @@ pub enum Command {
         email: bool,
         #[clap(short, long)]
         code: String,
+        #[clap(short = 't', long = "two-fa-code", value_parser)]
+        two_fa_code: Option<String>,
     },
     /// Logout the current user by removing the auth token
     Logout,

diff --git a/src/cli/runner.rs b/src/cli/runner.rs
@@ -11,8 +11,13 @@ pub async fn run() -> anyhow::Result<()> {
         Command::Globals => {
             app.globals().await?;
         }
-        Command::Login { phone, code, email } => {
-            app.user_login(phone, code, email).await?;
+        Command::Login {
+            phone,
+            code,
+            email,
+            two_fa_code,
+        } => {
+            app.user_login(phone, code, email, two_fa_code).await?;
         }
         Command::Logout => {
             app.user_logout().await?;

diff --git a/src/client/gql/mutations/user_login.gql b/src/client/gql/mutations/user_login.gql
@@ -5,5 +5,6 @@ mutation UserLogin($input: UserLoginInput!) {
       message
     }
     authToken
+    totpRequired
   }
 }
diff --git a/src/client/requests/auth.rs b/src/client/requests/auth.rs
@@ -1,5 +1,5 @@
 use graphql_client::reqwest::post_graphql;
-use reqwest::Client;
+use reqwest::{Client, StatusCode};
 use serde_json::{json, Value};
 
 use crate::client::{
@@ -11,12 +11,17 @@ use crate::client::{
     GaloyClient,
 };
 
+pub struct LoginResponse {
+    pub auth_token: String,
+    pub totp_required: bool,
+}
+
 impl GaloyClient {
     pub async fn user_login_phone(
         &self,
         phone: String,
         code: String,
-    ) -> Result<String, ClientError> {
+    ) -> Result<LoginResponse, ClientError> {
         let input = UserLoginInput { phone, code };
 
         let variables = user_login::Variables { input };
@@ -28,28 +33,34 @@ impl GaloyClient {
 
         let response_data = response_body.data.ok_or(ApiError::IssueParsingResponse)?;
 
-        if let Some(auth_token) = response_data.user_login.auth_token {
-            Ok(auth_token)
+        let login_result = response_data.user_login;
+
+        if let (Some(auth_token), Some(totp_required)) =
+            (login_result.auth_token, login_result.totp_required)
+        {
+            Ok(LoginResponse {
+                auth_token,
+                totp_required,
+            })
         } else {
-            let error_string: String = response_data
-                .user_login
+            let error_string: String = login_result
                 .errors
                 .iter()
                 .map(|error| format!("{:?}", error))
                 .collect::<Vec<String>>()
                 .join(", ");
 
-            return Err(ClientError::ApiError(ApiError::RequestFailedWithError(
+            Err(ClientError::ApiError(ApiError::RequestFailedWithError(
                 error_string,
-            )));
+            )))
         }
     }
 
     pub async fn user_login_email(
         &self,
         email_login_id: String,
         code: String,
-    ) -> Result<String, ClientError> {
+    ) -> Result<LoginResponse, ClientError> {
         let endpoint = self.api.trim_end_matches("/graphql");
         let url = format!("{}/auth/email/login", endpoint);
         let request_body = json!({ "code": code, "emailLoginId": email_login_id });
@@ -71,7 +82,14 @@ impl GaloyClient {
             .ok_or(ApiError::IssueParsingResponse)?
             .to_string();
 
-        Ok(auth_token)
+        let totp_required = response_json["result"]["totpRequired"]
+            .as_bool()
+            .ok_or(ApiError::IssueParsingResponse)?;
+
+        Ok(LoginResponse {
+            auth_token,
+            totp_required,
+        })
     }
 
     pub async fn create_captcha_challenge(&self) -> Result<CaptchaChallenge, ClientError> {
@@ -110,4 +128,49 @@ impl GaloyClient {
             .ok_or(ApiError::IssueParsingResponse)?;
         Ok(email_login_id.to_string())
     }
+
+    pub async fn validate_totp_code(
+        &self,
+        auth_token: String,
+        totp_code: String,
+    ) -> Result<bool, ClientError> {
+        let endpoint = self.api.trim_end_matches("/graphql");
+        let url = format!("{}/auth/totp/validate", endpoint);
+        let request_body = json!({ "totpCode": totp_code, "authToken": auth_token });
+
+        let response = Client::new().post(&url).json(&request_body).send().await;
+
+        // TODO status code coming from backend are not appropriate need, will update this when correct status codes are added.
+        match response {
+            Ok(resp) => match resp.status() {
+                StatusCode::OK => Ok(true),
+                StatusCode::UNPROCESSABLE_ENTITY => Ok(false),
+                StatusCode::INTERNAL_SERVER_ERROR => {
+                    let error_details = resp
+                        .text()
+                        .await
+                        .unwrap_or_else(|_| "Unknown error".to_string());
+                    if error_details.contains("Request failed with status code 400") {
+                        Ok(false)
+                    } else {
+                        Err(ClientError::ApiError(ApiError::RequestFailedWithError(
+                            error_details,
+                        )))
+                    }
+                }
+                _ => {
+                    let status = resp.status();
+                    Err(ClientError::ApiError(ApiError::RequestFailedWithError(
+                        format!("Unexpected status code: {}", status),
+                    )))
+                }
+            },
+            Err(e) => {
+                eprintln!("Network or other error: {}", e);
+                Err(ClientError::ApiError(ApiError::IssueGettingResponse(
+                    anyhow::Error::new(e),
+                )))
+            }
+        }
+    }
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,5 +5,6 @@ mutation UserLogin($input: UserLoginInput!) { @@
           message
         }
         authToken
+        totpRequired
       }
     }