@contentstack/cli-auth 1.5.1 → 1.6.1

package/README.md

@@ -18,7 +18,7 @@ $ npm install -g @contentstack/cli-auth
 $ csdx COMMAND
 running command...
 $ csdx (--version)
-@contentstack/cli-auth/1.5.1 linux-x64 node-v22.17.1
+@contentstack/cli-auth/1.6.1 linux-x64 node-v22.18.0
 $ csdx --help [COMMAND]
 USAGE
   $ csdx COMMAND

package/lib/commands/auth/login.js

@@ -32,7 +32,9 @@ class LoginCommand extends base_command_1.BaseCommand {
         }
         catch (error) {
             cli_utilities_1.log.debug('Login command failed', Object.assign(Object.assign({}, this.contextDetails), { error }));
-            cli_utilities_1.cliux.error('CLI_AUTH_LOGIN_FAILED');
+            if (((error === null || error === void 0 ? void 0 : error.message) && (error === null || error === void 0 ? void 0 : error.message.includes('2FA'))) || (error === null || error === void 0 ? void 0 : error.message.includes('MFA'))) {
+                error.message = `${error.message}\nFor more information about MFA, visit: https://www.contentstack.com/docs/developers/security/multi-factor-authentication`;
+            }
             (0, cli_utilities_1.handleAndLogError)(error, Object.assign({}, this.contextDetails));
             process.exit();
         }
@@ -41,7 +43,18 @@ class LoginCommand extends base_command_1.BaseCommand {
         cli_utilities_1.log.debug('Starting login process', Object.assign(Object.assign({}, this.contextDetails), { username }));
         try {
             cli_utilities_1.log.debug('Calling auth handler login', this.contextDetails);
-            const user = await utils_1.authHandler.login(username, password);
+            let tfaToken;
+            try {
+                tfaToken = await utils_1.mfaHandler.getMFACode();
+                if (tfaToken) {
+                    cli_utilities_1.log.debug('MFA token generated from stored configuration', this.contextDetails);
+                }
+            }
+            catch (error) {
+                cli_utilities_1.log.debug('Failed to generate MFA token from config', Object.assign(Object.assign({}, this.contextDetails), { error }));
+                tfaToken = undefined;
+            }
+            const user = await utils_1.authHandler.login(username, password, tfaToken);
             cli_utilities_1.log.debug('Auth handler login completed', Object.assign(Object.assign({}, this.contextDetails), { hasUser: !!user, hasAuthToken: !!(user === null || user === void 0 ? void 0 : user.authtoken), userEmail: user === null || user === void 0 ? void 0 : user.email }));
             if (typeof user !== 'object' || !user.authtoken || !user.email) {
                 cli_utilities_1.log.debug('Login failed - invalid user response', Object.assign(Object.assign({}, this.contextDetails), { user }));

package/lib/utils/auth-handler.d.ts

@@ -17,6 +17,19 @@ declare class AuthHandler {
      * @returns {Promise} Promise object returns authtoken on success
      * TBD: take out the otp implementation from login and create a new method/function to handle otp
      */
+    /**
+     * Handle the OTP flow for 2FA authentication
+     * @param tfaToken Optional pre-provided TFA token
+     * @param loginPayload Login payload containing user credentials
+     * @returns Promise<string> The TFA token to use for authentication
+     */
+    private handleOTPFlow;
+    /**
+     * Request SMS OTP for 2FA authentication
+     * @param loginPayload Login payload containing user credentials
+     * @throws CLIError if SMS request fails
+     */
+    private requestSMSOTP;
     login(email: string, password: string, tfaToken?: string): Promise<User>;
     /**
      * Logout from Contentstack

package/lib/utils/auth-handler.js

@@ -24,9 +24,59 @@ class AuthHandler {
      * @returns {Promise} Promise object returns authtoken on success
      * TBD: take out the otp implementation from login and create a new method/function to handle otp
      */
+    /**
+     * Handle the OTP flow for 2FA authentication
+     * @param tfaToken Optional pre-provided TFA token
+     * @param loginPayload Login payload containing user credentials
+     * @returns Promise<string> The TFA token to use for authentication
+     */
+    async handleOTPFlow(tfaToken, loginPayload) {
+        try {
+            if (tfaToken) {
+                cli_utilities_1.log.info('Using provided TFA token', { module: 'auth-handler' });
+                return tfaToken;
+            }
+            cli_utilities_1.log.debug('2FA required, requesting OTP channel', { module: 'auth-handler' });
+            const otpChannel = await (0, interactive_1.askOTPChannel)();
+            cli_utilities_1.log.debug(`OTP channel selected: ${otpChannel}`, { module: 'auth-handler' });
+            if (otpChannel === 'sms') {
+                try {
+                    await this.requestSMSOTP(loginPayload);
+                }
+                catch (error) {
+                    cli_utilities_1.log.debug('SMS OTP request failed', { module: 'auth-handler', error });
+                    cli_utilities_1.cliux.print('CLI_AUTH_SMS_OTP_FAILED', { color: 'red' });
+                    throw error;
+                }
+            }
+            cli_utilities_1.log.debug('Requesting OTP input', { module: 'auth-handler', channel: otpChannel });
+            return await (0, interactive_1.askOTP)();
+        }
+        catch (error) {
+            cli_utilities_1.log.debug('2FA flow failed', { module: 'auth-handler', error });
+            throw error;
+        }
+    }
+    /**
+     * Request SMS OTP for 2FA authentication
+     * @param loginPayload Login payload containing user credentials
+     * @throws CLIError if SMS request fails
+     */
+    async requestSMSOTP(loginPayload) {
+        cli_utilities_1.log.debug('Sending SMS OTP request', { module: 'auth-handler' });
+        try {
+            await this._client.axiosInstance.post('/user/request_token_sms', { user: loginPayload });
+            cli_utilities_1.log.debug('SMS OTP request successful', { module: 'auth-handler' });
+            cli_utilities_1.cliux.print('CLI_AUTH_LOGIN_SECURITY_CODE_SEND_SUCCESS');
+        }
+        catch (error) {
+            cli_utilities_1.log.debug('SMS OTP request failed', { module: 'auth-handler', error });
+            throw error;
+        }
+    }
     async login(email, password, tfaToken) {
-        const hasCredentials = !!password;
-        const hasTfaToken = !!tfaToken;
+        const hasCredentials = typeof password === 'string' && password.length > 0;
+        const hasTfaToken = typeof tfaToken === 'string' && tfaToken.length > 0;
         cli_utilities_1.log.debug('Starting login process', {
             module: 'auth-handler',
             email,
@@ -40,11 +90,9 @@ class AuthHandler {
                     loginPayload.tfa_token = tfaToken;
                     cli_utilities_1.log.debug('Adding TFA token to login payload', { module: 'auth-handler' });
                 }
-                const hasCredentials = !!password;
-                const hasTfaTokenPresent = !!tfaToken;
                 cli_utilities_1.log.debug('Making login API call', {
                     module: 'auth-handler',
-                    payload: { email, hasCredentials, hasTfaTokenPresent },
+                    payload: { email, hasCredentials, hasTfaToken },
                 });
                 this._client
                     .login(loginPayload)
@@ -59,46 +107,25 @@ class AuthHandler {
                         resolve(result.user);
                     }
                     else if (result.error_code === 294) {
-                        cli_utilities_1.log.debug('TFA required, requesting OTP channel', { module: 'auth-handler' });
-                        const otpChannel = await (0, interactive_1.askOTPChannel)();
-                        cli_utilities_1.log.debug(`OTP channel selected: ${otpChannel}`, { module: 'auth-handler' });
-                        // need to send sms to the mobile
-                        if (otpChannel === 'sms') {
-                            cli_utilities_1.log.debug('Sending SMS OTP request', { module: 'auth-handler' });
-                            try {
-                                await this._client.axiosInstance.post('/user/request_token_sms', { user: loginPayload });
-                                cli_utilities_1.log.debug('SMS OTP request successful', { module: 'auth-handler' });
-                                cli_utilities_1.cliux.print('CLI_AUTH_LOGIN_SECURITY_CODE_SEND_SUCCESS');
-                            }
-                            catch (error) {
-                                cli_utilities_1.log.debug('SMS OTP request failed', { module: 'auth-handler', error });
-                                const err = cli_utilities_1.cliErrorHandler.classifyError(error);
-                                reject(err);
-                                return;
-                            }
-                        }
-                        cli_utilities_1.log.debug('Requesting OTP input from user', { module: 'auth-handler' });
-                        const tfToken = await (0, interactive_1.askOTP)();
-                        cli_utilities_1.log.debug('OTP received, retrying login', { module: 'auth-handler' });
+                        const tfToken = await this.handleOTPFlow(tfaToken, loginPayload);
                         try {
                             resolve(await this.login(email, password, tfToken));
                         }
                         catch (error) {
                             cli_utilities_1.log.debug('Login with TFA token failed', { module: 'auth-handler', error });
-                            const err = cli_utilities_1.cliErrorHandler.classifyError(error);
-                            reject(err);
-                            return;
+                            cli_utilities_1.cliux.print('CLI_AUTH_2FA_FAILED', { color: 'red' });
+                            reject(error);
                         }
                     }
                     else {
                         cli_utilities_1.log.debug('Login failed - no user found', { module: 'auth-handler', result });
-                        reject(new cli_utilities_1.CLIError({ message: 'No user found with the credentials' }));
+                        reject(new Error(cli_utilities_1.messageHandler.parse('CLI_AUTH_LOGIN_NO_USER')));
                     }
                 })
                     .catch((error) => {
-                    cli_utilities_1.log.debug('Login API call failed', { module: 'auth-handler', error: error.message || error });
-                    const err = cli_utilities_1.cliErrorHandler.classifyError(error);
-                    reject(err);
+                    cli_utilities_1.log.debug('Login API call failed', { module: 'auth-handler', error: (error === null || error === void 0 ? void 0 : error.errorMessage) || error });
+                    cli_utilities_1.cliux.print('CLI_AUTH_LOGIN_FAILED', { color: 'yellow' });
+                    (0, cli_utilities_1.handleAndLogError)(error, { module: 'auth-handler' });
                 });
             }
             else {
@@ -109,7 +136,8 @@ class AuthHandler {
                     hasEmail,
                     hasCredentials,
                 });
-                reject(new cli_utilities_1.CLIError({ message: 'No credential found to login' }));
+                cli_utilities_1.log.debug('Login failed - missing credentials', { module: 'auth-handler', hasEmail, hasCredentials });
+                reject(new Error(cli_utilities_1.messageHandler.parse('CLI_AUTH_LOGIN_NO_CREDENTIALS')));
             }
         });
     }
@@ -131,13 +159,13 @@ class AuthHandler {
                 })
                     .catch((error) => {
                     cli_utilities_1.log.debug('Logout API call failed', { module: 'auth-handler', error: error.message });
-                    const err = cli_utilities_1.cliErrorHandler.classifyError(error);
-                    reject(err);
+                    cli_utilities_1.cliux.print('CLI_AUTH_LOGOUT_FAILED', { color: 'yellow' });
+                    reject(error);
                 });
             }
             else {
                 cli_utilities_1.log.debug('Logout failed - no auth token provided', { module: 'auth-handler' });
-                reject(new cli_utilities_1.CLIError({ message: 'No auth token found to logout' }));
+                reject(new Error(cli_utilities_1.messageHandler.parse('CLI_AUTH_LOGOUT_NO_TOKEN')));
             }
         });
     }
@@ -159,13 +187,13 @@ class AuthHandler {
                 })
                     .catch((error) => {
                     cli_utilities_1.log.debug('Token validation failed', { module: 'auth-handler', error: error.message });
-                    const err = cli_utilities_1.cliErrorHandler.classifyError(error);
-                    reject(err);
+                    cli_utilities_1.cliux.print('CLI_AUTH_TOKEN_VALIDATION_FAILED', { color: 'yellow' });
+                    (0, cli_utilities_1.handleAndLogError)(error, { module: 'auth-handler' });
                 });
             }
             else {
                 cli_utilities_1.log.debug('Token validation failed - no auth token provided', { module: 'auth-handler' });
-                reject(new cli_utilities_1.CLIError({ message: 'No auth token found to validate' }));
+                reject(new Error(cli_utilities_1.messageHandler.parse('CLI_AUTH_TOKEN_VALIDATION_NO_TOKEN')));
             }
         });
     }

package/lib/utils/index.d.ts

@@ -1,3 +1,4 @@
 export { default as authHandler } from './auth-handler';
+export { default as mfaHandler } from './mfa-handler';
 export * as interactive from './interactive';
 export * as tokenValidation from './tokens-validation';

package/lib/utils/index.js

@@ -1,7 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.tokenValidation = exports.interactive = exports.authHandler = void 0;
+exports.tokenValidation = exports.interactive = exports.mfaHandler = exports.authHandler = void 0;
 var auth_handler_1 = require("./auth-handler");
 Object.defineProperty(exports, "authHandler", { enumerable: true, get: function () { return auth_handler_1.default; } });
+var mfa_handler_1 = require("./mfa-handler");
+Object.defineProperty(exports, "mfaHandler", { enumerable: true, get: function () { return mfa_handler_1.default; } });
 exports.interactive = require("./interactive");
 exports.tokenValidation = require("./tokens-validation");

package/lib/utils/interactive.js

@@ -19,7 +19,7 @@ const askOTPChannel = async () => {
         name: 'otpChannel',
         message: 'CLI_AUTH_LOGIN_ASK_CHANNEL_FOR_OTP',
         choices: [
-            { name: 'Authy App', value: 'authy' },
+            { name: 'Authenticator App', value: 'authenticator_app' },
             { name: 'SMS', value: 'sms' },
         ],
     });
@@ -49,7 +49,7 @@ const askTokenType = async () => {
         choices: [
             { name: 'Management Token', value: 'management' },
             { name: 'Delivery Token', value: 'delivery' },
-        ]
+        ],
     });
 };
 exports.askTokenType = askTokenType;

package/lib/utils/mfa-handler.d.ts

@@ -0,0 +1,41 @@
+/**
+ * @class
+ * MFA handler for managing multi-factor authentication
+ */
+declare class MFAHandler {
+    private readonly encrypter;
+    constructor();
+    /**
+     * Validates if a string is a valid base32 secret
+     * @param secret The secret to validate
+     * @returns true if valid, false otherwise
+     */
+    private isValidBase32;
+    /**
+     * Generates an MFA code from a provided secret
+     * @param secret The MFA secret to use
+     * @returns string The generated MFA code
+     * @throws Error if the secret is invalid or code generation fails
+     */
+    generateMFACode(secret: string): string;
+    /**
+     * Gets MFA code from stored configuration
+     * @returns Promise<string> The MFA code
+     * @throws Error if MFA code generation fails
+     */
+    getMFACode(): Promise<string>;
+    /**
+     * Gets MFA code through manual user input
+     * @returns Promise<string> The MFA code
+     * @throws Error if code format is invalid
+     */
+    getManualMFACode(): Promise<string>;
+    /**
+     * Validates an MFA code format
+     * @param code The MFA code to validate
+     * @returns boolean True if valid, false otherwise
+     */
+    isValidMFACode(code: string): boolean;
+}
+declare const _default: MFAHandler;
+export default _default;

package/lib/utils/mfa-handler.js

@@ -0,0 +1,133 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const cli_utilities_1 = require("@contentstack/cli-utilities");
+const otplib_1 = require("otplib");
+const interactive_1 = require("./interactive");
+/**
+ * @class
+ * MFA handler for managing multi-factor authentication
+ */
+class MFAHandler {
+    constructor() {
+        this.encrypter = new cli_utilities_1.NodeCrypto();
+    }
+    /**
+     * Validates if a string is a valid base32 secret
+     * @param secret The secret to validate
+     * @returns true if valid, false otherwise
+     */
+    isValidBase32(secret) {
+        // Base32 string must:
+        // 1. Contain only uppercase letters A-Z and digits 2-7
+        // 2. Be at least 16 characters long (before padding)
+        // 3. Have valid padding (no single = character)
+        const base32Regex = /^[A-Z2-7]+(?:={2,6})?$/;
+        const nonPaddedLength = secret.replace(/=+$/, '').length;
+        return base32Regex.test(secret) && nonPaddedLength >= 16;
+    }
+    /**
+     * Generates an MFA code from a provided secret
+     * @param secret The MFA secret to use
+     * @returns string The generated MFA code
+     * @throws Error if the secret is invalid or code generation fails
+     */
+    generateMFACode(secret) {
+        cli_utilities_1.log.debug('Generating MFA code from provided secret', { module: 'mfa-handler' });
+        try {
+            // Validate and normalize secret
+            const normalizedSecret = secret.toUpperCase();
+            if (!this.isValidBase32(normalizedSecret)) {
+                cli_utilities_1.log.debug('Invalid MFA secret format', { module: 'mfa-handler' });
+                cli_utilities_1.cliux.print('CLI_AUTH_MFA_INVALID_SECRET', { color: 'yellow' });
+                cli_utilities_1.cliux.print('For more information about MFA, visit: https://www.contentstack.com/docs/developers/security/multi-factor-authentication', { color: 'yellow' });
+                process.exit(1);
+            }
+            // Generate MFA code
+            const code = otplib_1.authenticator.generate(normalizedSecret);
+            cli_utilities_1.log.debug('Generated MFA code successfully', { module: 'mfa-handler' });
+            return code;
+        }
+        catch (error) {
+            cli_utilities_1.log.debug('Failed to generate MFA code', { module: 'mfa-handler', error });
+            cli_utilities_1.cliux.print('CLI_AUTH_MFA_GENERATION_FAILED', { color: 'yellow' });
+            throw error;
+        }
+    }
+    /**
+     * Gets MFA code from stored configuration
+     * @returns Promise<string> The MFA code
+     * @throws Error if MFA code generation fails
+     */
+    async getMFACode() {
+        cli_utilities_1.log.debug('Getting MFA code', { module: 'mfa-handler' });
+        let secret;
+        let source;
+        const envSecret = process.env.CONTENTSTACK_MFA_SECRET;
+        if (envSecret) {
+            cli_utilities_1.log.debug('Found MFA secret in environment variable', { module: 'mfa-handler' });
+            if (!this.isValidBase32(envSecret.toUpperCase())) {
+                cli_utilities_1.log.debug('Invalid MFA secret format from environment variable', { module: 'mfa-handler' });
+                cli_utilities_1.cliux.print('CLI_AUTH_MFA_INVALID_SECRET', { color: 'yellow' });
+                cli_utilities_1.cliux.print('For more information about MFA, visit: https://www.contentstack.com/docs/developers/security/multi-factor-authentication', { color: 'yellow' });
+            }
+            else {
+                secret = envSecret;
+                source = 'environment variable';
+            }
+        }
+        if (!secret) {
+            cli_utilities_1.log.debug('Checking stored MFA secret', { module: 'mfa-handler' });
+            const mfaConfig = cli_utilities_1.configHandler.get('mfa');
+            if (mfaConfig === null || mfaConfig === void 0 ? void 0 : mfaConfig.secret) {
+                try {
+                    secret = this.encrypter.decrypt(mfaConfig.secret);
+                    source = 'stored configuration';
+                }
+                catch (error) {
+                    cli_utilities_1.log.debug('Failed to decrypt stored MFA secret', { module: 'mfa-handler', error });
+                    (0, cli_utilities_1.handleAndLogError)(error, { module: 'mfa-handler' }, cli_utilities_1.messageHandler.parse('CLI_AUTH_MFA_DECRYPT_FAILED'));
+                }
+            }
+        }
+        if (secret) {
+            try {
+                const code = this.generateMFACode(secret);
+                cli_utilities_1.log.debug('Generated MFA code', { module: 'mfa-handler', source });
+                return code;
+            }
+            catch (error) {
+                cli_utilities_1.log.debug('Failed to generate MFA code', { module: 'mfa-handler', error, source });
+                cli_utilities_1.cliux.print('CLI_AUTH_MFA_GENERATION_FAILED', { color: 'yellow' });
+                cli_utilities_1.cliux.print('CLI_AUTH_MFA_RECONFIGURE_HINT');
+                cli_utilities_1.cliux.print('For more information about MFA, visit: https://www.contentstack.com/docs/developers/security/multi-factor-authentication', { color: 'yellow' });
+            }
+        }
+    }
+    /**
+     * Gets MFA code through manual user input
+     * @returns Promise<string> The MFA code
+     * @throws Error if code format is invalid
+     */
+    async getManualMFACode() {
+        try {
+            const code = await (0, interactive_1.askOTP)();
+            if (!/^\d{6}$/.test(code)) {
+                throw new Error(cli_utilities_1.messageHandler.parse('CLI_AUTH_MFA_INVALID_CODE'));
+            }
+            return code;
+        }
+        catch (error) {
+            cli_utilities_1.log.debug('Failed to get MFA code', { module: 'mfa-handler', error });
+            throw error;
+        }
+    }
+    /**
+     * Validates an MFA code format
+     * @param code The MFA code to validate
+     * @returns boolean True if valid, false otherwise
+     */
+    isValidMFACode(code) {
+        return /^\d{6}$/.test(code);
+    }
+}
+exports.default = new MFAHandler();

package/messages/index.json

@@ -49,5 +49,16 @@
   "CLI_AUTH_TOKENS_VALIDATION_INVALID_API_KEY": "Invalid api key",
   "CLI_AUTH_EXIT_PROCESS": "Exiting the process...",
   "CLI_SELECT_TOKEN_TYPE": "Select the type of token to add",
-  "CLI_AUTH_ENTER_BRANCH": "Enter branch name"
+  "CLI_AUTH_MFA_INVALID_SECRET": "Invalid MFA secret format. Verify your authentication setup.",
+  "CLI_AUTH_MFA_GENERATION_FAILED": "Failed to generate MFA code. Switching to manual MFA code entry.",
+  "CLI_AUTH_MFA_DECRYPT_FAILED": "Failed to decrypt stored MFA secret. Try Resetting the MFA secret. Proceeding for Manual MFA code input.",
+  "CLI_AUTH_MFA_INVALID_CODE": "Invalid authentication code format.",
+  "CLI_AUTH_MFA_RECONFIGURE_HINT": "Consider reconfiguring MFA using config:mfa:add",
+  "CLI_AUTH_SMS_OTP_FAILED": "Failed to send SMS OTP. Try again or use a different two-factor authentication method.",
+  "CLI_AUTH_2FA_FAILED": "Two-factor authentication failed! Try again.",
+  "CLI_AUTH_LOGIN_NO_USER": "No user found with the provided credentials!",
+  "CLI_AUTH_LOGIN_NO_CREDENTIALS": "No credentials provided. Enter your email and password to log in.",
+  "CLI_AUTH_LOGOUT_NO_TOKEN": "No auth token found. Log in before logging out.",
+  "CLI_AUTH_TOKEN_VALIDATION_FAILED": "Token validation failed. Log in again.",
+  "CLI_AUTH_TOKEN_VALIDATION_NO_TOKEN": "No auth token found. Log in to continue.."
 }

package/oclif.manifest.json

@@ -387,5 +387,5 @@
       ]
     }
   },
-  "version": "1.5.1"
+  "version": "1.6.1"
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@contentstack/cli-auth",
   "description": "Contentstack CLI plugin for authentication activities",
-  "version": "1.5.1",
+  "version": "1.6.1",
   "author": "Contentstack",
   "bugs": "https://github.com/contentstack/cli/issues",
   "scripts": {
@@ -22,10 +22,11 @@
     "test:unit:report": "nyc --extension .ts mocha --forbid-only \"test/unit/**/*.test.ts\""
   },
   "dependencies": {
-    "@contentstack/cli-command": "~1.6.0",
-    "@contentstack/cli-utilities": "~1.13.1",
+    "@contentstack/cli-command": "~1.6.1",
+    "@contentstack/cli-utilities": "~1.14.0",
     "@oclif/core": "^4.3.0",
-    "@oclif/plugin-help": "^6.2.28"
+    "@oclif/plugin-help": "^6.2.28",
+    "otplib": "^12.0.1"
   },
   "devDependencies": {
     "@fancy-test/nock": "^0.1.1",
@@ -69,16 +70,6 @@
     "bin": "csdx",
     "repositoryPrefix": "<%- repo %>/blob/main/packages/contentstack-auth/<%- commandPath %>"
   },
-  "csdxConfig": {
-    "shortCommandName": {
-      "auth:login": "LIN",
-      "auth:logout": "LOT",
-      "auth:whoami": "WHO",
-      "auth:tokens": "LSTKN",
-      "auth:tokens:add": "ADTKN",
-      "auth:tokens:remove": "RMTKN"
-    }
-  },
   "csdxConfig": {
     "shortCommandName": {
       "auth:login": "LOGIN",