updates

2025-11-19 12:27:01 +02:00
parent 2043ac897c
commit 34b4c969d4
469 changed files with 26870 additions and 8329 deletions
--- a/Backend/src/services/auth_service.py
+++ b/Backend/src/services/auth_service.py
@@ -144,8 +144,8 @@ class AuthService:
            "refreshToken": tokens["refreshToken"]
        }

-    async def login(self, db: Session, email: str, password: str, remember_me: bool = False) -> dict:
-        """Login user"""
+    async def login(self, db: Session, email: str, password: str, remember_me: bool = False, mfa_token: str = None) -> dict:
+        """Login user with optional MFA verification"""
        # Find user with role and password
        user = db.query(User).filter(User.email == email).first()
        if not user:
@@ -158,6 +158,21 @@ class AuthService:
        if not self.verify_password(password, user.password):
            raise ValueError("Invalid email or password")

+        # Check if MFA is enabled
+        if user.mfa_enabled:
+            if not mfa_token:
+                # Return special response indicating MFA is required
+                return {
+                    "requires_mfa": True,
+                    "user_id": user.id
+                }
+            
+            # Verify MFA token
+            from ..services.mfa_service import mfa_service
+            is_backup_code = len(mfa_token) == 8  # Backup codes are 8 characters
+            if not mfa_service.verify_mfa(db, user.id, mfa_token, is_backup_code):
+                raise ValueError("Invalid MFA token")
+
        # Generate tokens
        tokens = self.generate_tokens(user.id)