@djangocfg/api 2.1.57 → 2.1.58

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@djangocfg/api",
-  "version": "2.1.57",
+  "version": "2.1.58",
   "description": "Auto-generated TypeScript API client with React hooks, SWR integration, and Zod validation for Django REST Framework backends",
   "keywords": [
     "django",
@@ -74,7 +74,7 @@
     "check": "tsc --noEmit"
   },
   "peerDependencies": {
-    "@djangocfg/ui-nextjs": "^2.1.57",
+    "@djangocfg/ui-nextjs": "^2.1.58",
     "consola": "^3.4.2",
     "next": "^14 || ^15",
     "p-retry": "^7.0.0",
@@ -85,7 +85,7 @@
   "devDependencies": {
     "@types/node": "^24.7.2",
     "@types/react": "^19.0.0",
-    "@djangocfg/typescript-config": "^2.1.57",
+    "@djangocfg/typescript-config": "^2.1.58",
     "next": "^15.0.0",
     "react": "^19.0.0",
     "tsup": "^8.5.0",

package/src/auth/context/AccountsContext.tsx

@@ -181,7 +181,14 @@ export function AccountsProvider({ children }: AccountsProviderProps) {
   const verifyOTP = async (data: OTPVerifyRequest): Promise<OTPVerifyResponse> => {
     const result = await otpVerifyMutation(data, apiAccounts);
 
-    // Automatically save tokens after successful verification
+    // Check if 2FA is required - don't save tokens yet
+    if (result.requires_2fa && result.session_id) {
+      authLogger.info('2FA required, session:', result.session_id);
+      // Return result without saving tokens - caller handles 2FA step
+      return result as OTPVerifyResponse;
+    }
+
+    // Normal flow - save tokens after successful verification
     if (result.access && result.refresh) {
       apiAccounts.setToken(result.access, result.refresh);
       // Refresh profile to load user data with new token

package/src/auth/context/AuthContext.tsx

@@ -323,7 +323,14 @@ const AuthProviderInternal: React.FC<AuthProviderProps> = ({ children, config })
   );
 
   const verifyOTP = useCallback(
-    async (identifier: string, otpCode: string, channel?: 'email' | 'phone', sourceUrl?: string, redirectUrl?: string): Promise<{ success: boolean; message: string; user?: UserProfile }> => {
+    async (identifier: string, otpCode: string, channel?: 'email' | 'phone', sourceUrl?: string, redirectUrl?: string, skipRedirect?: boolean): Promise<{
+      success: boolean;
+      message: string;
+      user?: UserProfile;
+      requires_2fa?: boolean;
+      session_id?: string | null;
+      should_prompt_2fa?: boolean;
+    }> => {
       try {
         const channelValue = channel === 'phone'
           ? Enums.OTPVerifyRequestChannel.PHONE
@@ -335,7 +342,19 @@ const AuthProviderInternal: React.FC<AuthProviderProps> = ({ children, config })
           channel: channelValue,
         });
 
-        // Verify that we got valid tokens
+        // Check if 2FA is required - return early with session info
+        if (result.requires_2fa && result.session_id) {
+          authLogger.info('2FA required, session:', result.session_id);
+          return {
+            success: true,
+            message: 'OTP verified, 2FA required',
+            requires_2fa: true,
+            session_id: result.session_id,
+            should_prompt_2fa: result.should_prompt_2fa,
+          };
+        }
+
+        // Verify that we got valid tokens (only required when 2FA is not needed)
         if (!result.access || !result.refresh) {
           authLogger.error('Verify OTP returned invalid response:', result);
           return {
@@ -367,17 +386,21 @@ const AuthProviderInternal: React.FC<AuthProviderProps> = ({ children, config })
           Analytics.setUser(String(result.user.id));
         }
 
-        // Handle redirect logic - priority: provided redirectUrl > saved redirect > config default
-        // Use hardPush for full page reload - ensures all React contexts reinitialize
-        const savedRedirect = redirectManager.useAndClearRedirect();
-        const finalRedirectUrl = redirectUrl || savedRedirect || config?.routes?.defaultCallback || defaultRoutes.defaultCallback;
-        authLogger.info('Redirecting after auth to:', finalRedirectUrl);
-        router.hardPush(finalRedirectUrl);
+        // Handle redirect logic (unless skipRedirect is true)
+        if (!skipRedirect) {
+          // Priority: provided redirectUrl > saved redirect > config default
+          // Use hardPush for full page reload - ensures all React contexts reinitialize
+          const savedRedirect = redirectManager.useAndClearRedirect();
+          const finalRedirectUrl = redirectUrl || savedRedirect || config?.routes?.defaultCallback || defaultRoutes.defaultCallback;
+          authLogger.info('Redirecting after auth to:', finalRedirectUrl);
+          router.hardPush(finalRedirectUrl);
+        }
 
         return {
           success: true,
           message: 'Login successful',
           user: result.user as UserProfile,
+          should_prompt_2fa: result.should_prompt_2fa,
         };
       } catch (error) {
         authLogger.error('Verify OTP error:', error);

package/src/auth/context/types.ts

@@ -48,7 +48,14 @@ export interface AuthContextType {
 
   // OTP Methods - Multi-channel support
   requestOTP: (identifier: string, channel?: 'email' | 'phone', sourceUrl?: string) => Promise<{ success: boolean; message: string }>;
-  verifyOTP: (identifier: string, otpCode: string, channel?: 'email' | 'phone', sourceUrl?: string, redirectUrl?: string) => Promise<{ success: boolean; message: string; user?: UserProfile }>;
+  verifyOTP: (identifier: string, otpCode: string, channel?: 'email' | 'phone', sourceUrl?: string, redirectUrl?: string, skipRedirect?: boolean) => Promise<{
+    success: boolean;
+    message: string;
+    user?: UserProfile;
+    requires_2fa?: boolean;
+    session_id?: string | null;
+    should_prompt_2fa?: boolean;
+  }>;
   refreshToken: () => Promise<{ success: boolean; message: string }>;
   logout: () => Promise<void>;
 

package/src/auth/hooks/index.ts

@@ -1,18 +1,42 @@
 'use client';
 
+// Core form hooks (decomposed)
+export { useAuthFormState, type UseAuthFormStateReturn } from './useAuthFormState';
+export { useAuthValidation, detectChannelFromIdentifier, validateIdentifier } from './useAuthValidation';
+
+// Complete form hook (composes the above)
+export { useAuthForm, type AuthFormReturn, type UseAuthFormOptions } from './useAuthForm';
+
+// Auto-auth from URL
+export { useAutoAuth, type UseAutoAuthOptions } from './useAutoAuth';
+
+// OAuth
+export { useGithubAuth, type UseGithubAuthOptions, type UseGithubAuthReturn } from './useGithubAuth';
+
+// 2FA hooks
+export { useTwoFactor, type UseTwoFactorOptions, type UseTwoFactorReturn } from './useTwoFactor';
+export {
+  useTwoFactorSetup,
+  type UseTwoFactorSetupOptions,
+  type UseTwoFactorSetupReturn,
+  type TwoFactorSetupData,
+} from './useTwoFactorSetup';
+
+// Auth guards and redirects
 export { useAuthRedirectManager } from './useAuthRedirect';
 export { useAuthGuard } from './useAuthGuard';
+
+// Storage hooks
 export { useSessionStorage } from './useSessionStorage';
 export { useLocalStorage } from './useLocalStorage';
-export { useAuthForm } from './useAuthForm';
-export { useAutoAuth } from './useAutoAuth';
-export { useGithubAuth, type UseGithubAuthOptions, type UseGithubAuthReturn } from './useGithubAuth';
+export { useBase64, encodeBase64, decodeBase64 } from './useBase64';
+
+// Profile cache
 export {
   getCachedProfile,
   setCachedProfile,
   clearProfileCache,
   hasValidCache,
   getCacheMetadata,
-  type ProfileCacheOptions
+  type ProfileCacheOptions,
 } from './useProfileCache';
-export { useBase64, encodeBase64, decodeBase64 } from './useBase64';