@djangocfg/api 2.1.227 → 2.1.229

package/src/auth/hooks/useTwoFactor.ts

@@ -3,6 +3,7 @@
 import { useCallback, useState } from 'react';
 
 import { apiAccounts, apiTotp } from '../../clients';
+import { APIError } from '../../_api/generated/cfg_totp/errors';
 import { Analytics, AnalyticsCategory, AnalyticsEvent } from '../utils/analytics';
 import { authLogger } from '../utils/logger';
 import { useCfgRouter } from './useCfgRouter';
@@ -27,6 +28,8 @@ export interface UseTwoFactorReturn {
   warning: string | null;
   /** Remaining backup codes (if backup code was used) */
   remainingBackupCodes: number | null;
+  /** Remaining verification attempts before lockout */
+  attemptsRemaining: number | null;
   /** Verify TOTP code */
   verifyTOTP: (sessionId: string, code: string) => Promise<boolean>;
   /** Verify backup code */
@@ -68,6 +71,7 @@ export const useTwoFactor = (options: UseTwoFactorOptions = {}): UseTwoFactorRet
   const [error, setError] = useState<string | null>(null);
   const [warning, setWarning] = useState<string | null>(null);
   const [remainingBackupCodes, setRemainingBackupCodes] = useState<number | null>(null);
+  const [attemptsRemaining, setAttemptsRemaining] = useState<number | null>(null);
 
   const clearError = useCallback(() => {
     setError(null);
@@ -155,8 +159,13 @@ export const useTwoFactor = (options: UseTwoFactorOptions = {}): UseTwoFactorRet
       return true;
 
     } catch (err) {
-      const errorMessage = err instanceof Error ? err.message : 'Invalid verification code';
       authLogger.error('2FA TOTP verification error:', err);
+      const errorMessage = err instanceof APIError
+        ? (err.response?.error || err.response?.detail || err.response?.message || err.errorMessage)
+        : (err instanceof Error ? err.message : 'Invalid verification code');
+      if (err instanceof APIError && typeof err.response?.attempts_remaining === 'number') {
+        setAttemptsRemaining(err.response.attempts_remaining);
+      }
       setError(errorMessage);
       onError?.(errorMessage);
 
@@ -209,8 +218,13 @@ export const useTwoFactor = (options: UseTwoFactorOptions = {}): UseTwoFactorRet
       return true;
 
     } catch (err) {
-      const errorMessage = err instanceof Error ? err.message : 'Invalid backup code';
       authLogger.error('2FA backup code verification error:', err);
+      const errorMessage = err instanceof APIError
+        ? (err.response?.error || err.response?.detail || err.response?.message || err.errorMessage)
+        : (err instanceof Error ? err.message : 'Invalid backup code');
+      if (err instanceof APIError && typeof err.response?.attempts_remaining === 'number') {
+        setAttemptsRemaining(err.response.attempts_remaining);
+      }
       setError(errorMessage);
       onError?.(errorMessage);
 
@@ -231,6 +245,7 @@ export const useTwoFactor = (options: UseTwoFactorOptions = {}): UseTwoFactorRet
     error,
     warning,
     remainingBackupCodes,
+    attemptsRemaining,
     verifyTOTP,
     verifyBackupCode,
     clearError,

package/src/auth/types/form.ts

@@ -8,21 +8,29 @@
 import type { MutableRefObject } from 'react';
 
 // ─────────────────────────────────────────────────────────────────────────────
-// Channel & Step Types
+// Step Types
 // ─────────────────────────────────────────────────────────────────────────────
 
-export type AuthChannel = 'email' | 'phone';
 export type AuthStep = 'identifier' | 'otp' | '2fa' | '2fa-setup' | 'success';
 
+// ─────────────────────────────────────────────────────────────────────────────
+// OTP Result Types
+// ─────────────────────────────────────────────────────────────────────────────
+
+export interface OTPRequestResult {
+  success: boolean;
+  message: string;
+  statusCode?: number;
+  retryAfter?: number;
+}
+
 // ─────────────────────────────────────────────────────────────────────────────
 // Form State
 // ─────────────────────────────────────────────────────────────────────────────
 
 export interface AuthFormState {
-  /** Email or phone number */
+  /** Email address */
   identifier: string;
-  /** Current auth channel */
-  channel: AuthChannel;
   /** OTP code input */
   otp: string;
   /** Loading state */
@@ -41,6 +49,12 @@ export interface AuthFormState {
   twoFactorCode: string;
   /** Using backup code instead of TOTP */
   useBackupCode: boolean;
+  /** Seconds remaining until rate limit lifts (0 = not rate limited) */
+  rateLimitSeconds: number;
+  /** True when rateLimitSeconds > 0 — submit should be disabled */
+  isRateLimited: boolean;
+  /** Formatted countdown label, e.g. "19:00" or "42s" */
+  rateLimitLabel: string;
 }
 
 // ─────────────────────────────────────────────────────────────────────────────
@@ -49,7 +63,6 @@ export interface AuthFormState {
 
 export interface AuthFormStateHandlers {
   setIdentifier: (identifier: string) => void;
-  setChannel: (channel: AuthChannel) => void;
   setOtp: (otp: string) => void;
   setAcceptedTerms: (accepted: boolean) => void;
   setError: (error: string) => void;
@@ -60,6 +73,8 @@ export interface AuthFormStateHandlers {
   setShouldPrompt2FA: (prompt: boolean) => void;
   setTwoFactorCode: (code: string) => void;
   setUseBackupCode: (useBackup: boolean) => void;
+  /** Start a countdown timer that disables submit for `seconds` seconds */
+  startRateLimitCountdown: (seconds: number) => void;
 }
 
 export interface AuthFormSubmitHandlers {
@@ -81,10 +96,8 @@ export interface AuthFormSubmitHandlers {
 // ─────────────────────────────────────────────────────────────────────────────
 
 export interface AuthFormValidation {
-  /** Detect channel from identifier string */
-  detectChannelFromIdentifier: (identifier: string) => AuthChannel | null;
   /** Validate identifier format */
-  validateIdentifier: (identifier: string, channel?: AuthChannel) => boolean;
+  validateIdentifier: (identifier: string) => boolean;
 }
 
 // ─────────────────────────────────────────────────────────────────────────────
@@ -105,6 +118,8 @@ export interface AuthForm2FAState {
   is2FALoading: boolean;
   /** Warning message from 2FA (e.g., low backup codes) */
   twoFactorWarning: string | null;
+  /** Remaining attempts before 2FA lockout (null = unknown) */
+  twoFactorAttemptsRemaining: number | null;
 }
 
 // ─────────────────────────────────────────────────────────────────────────────
@@ -125,7 +140,7 @@ export interface AuthFormReturn extends
 
 export interface UseAuthFormOptions {
   /** Callback when identifier step succeeds */
-  onIdentifierSuccess?: (identifier: string, channel: AuthChannel) => void;
+  onIdentifierSuccess?: (identifier: string) => void;
   /** Callback when OTP verification succeeds */
   onOTPSuccess?: () => void;
   /** Callback on any error */
@@ -147,63 +162,3 @@ export interface UseAuthFormOptions {
   enable2FASetup?: boolean;
 }
 
-// ─────────────────────────────────────────────────────────────────────────────
-// Layout Context (UI-specific additions)
-// ─────────────────────────────────────────────────────────────────────────────
-
-export interface AuthLayoutConfig {
-  /** Support page URL */
-  supportUrl?: string;
-  /** Terms of service URL */
-  termsUrl?: string;
-  /** Privacy policy URL */
-  privacyUrl?: string;
-  /** Source URL for tracking */
-  sourceUrl: string;
-  /** Enable phone authentication tab */
-  enablePhoneAuth?: boolean;
-  /** Enable GitHub OAuth button */
-  enableGithubAuth?: boolean;
-  /** Logo URL for success screen (SVG recommended) */
-  logoUrl?: string;
-  /** URL to redirect after successful auth (default: /dashboard) */
-  redirectUrl?: string;
-  /**
-   * Enable 2FA setup prompt after successful authentication.
-   * When true (default), users without 2FA will see a setup prompt after login.
-   * When false, users go directly to success without 2FA setup prompt.
-   * Note: This only affects the setup prompt - existing 2FA verification still works.
-   * @default true
-   */
-  enable2FASetup?: boolean;
-}
-
-export interface AuthFormContextType extends AuthFormReturn, AuthLayoutConfig {}
-
-// ─────────────────────────────────────────────────────────────────────────────
-// Layout Props
-// ─────────────────────────────────────────────────────────────────────────────
-
-export interface AuthLayoutProps extends AuthLayoutConfig {
-  children?: React.ReactNode;
-  className?: string;
-  /** URL to redirect after successful auth (default: /dashboard) */
-  redirectUrl?: string;
-  /** Callback when identifier step succeeds */
-  onIdentifierSuccess?: (identifier: string, channel: AuthChannel) => void;
-  /** Callback when OTP verification succeeds */
-  onOTPSuccess?: () => void;
-  /** Callback when OAuth succeeds */
-  onOAuthSuccess?: (user: any, isNewUser: boolean, provider: string) => void;
-  /** Callback on any error */
-  onError?: (message: string) => void;
-}
-
-// ─────────────────────────────────────────────────────────────────────────────
-// Help Component Props
-// ─────────────────────────────────────────────────────────────────────────────
-
-export interface AuthHelpProps {
-  className?: string;
-  variant?: 'default' | 'compact';
-}

package/src/auth/types/index.ts

@@ -2,9 +2,8 @@
  * Auth Types - Single source of truth
  */
 
-// Form types (for auth forms and layouts)
+// Form types (auth logic only)
 export type {
-  AuthChannel,
   AuthStep,
   AuthFormState,
   AuthFormStateHandlers,
@@ -13,10 +12,7 @@ export type {
   AuthFormAutoSubmit,
   AuthFormReturn,
   UseAuthFormOptions,
-  AuthLayoutConfig,
-  AuthFormContextType,
-  AuthLayoutProps,
-  AuthHelpProps,
+  OTPRequestResult,
 } from './form';
 
 // Re-export context types