@djangocfg/api 2.1.59 → 2.1.60

package/dist/auth.d.cts

@@ -421,6 +421,13 @@ interface UseAuthFormOptions {
     requireTermsAcceptance?: boolean;
     /** Path to auth page for auto-OTP detection. Default: '/auth' */
     authPath?: string;
+    /**
+     * Enable 2FA setup prompt after successful authentication.
+     * When true (default), users without 2FA will see a setup prompt after login.
+     * When false, users go directly to success without 2FA setup prompt.
+     * @default true
+     */
+    enable2FASetup?: boolean;
 }
 interface AuthLayoutConfig {
     /** Support page URL */
@@ -439,6 +446,14 @@ interface AuthLayoutConfig {
     logoUrl?: string;
     /** URL to redirect after successful auth (default: /dashboard) */
     redirectUrl?: string;
+    /**
+     * Enable 2FA setup prompt after successful authentication.
+     * When true (default), users without 2FA will see a setup prompt after login.
+     * When false, users go directly to success without 2FA setup prompt.
+     * Note: This only affects the setup prompt - existing 2FA verification still works.
+     * @default true
+     */
+    enable2FASetup?: boolean;
 }
 interface AuthFormContextType extends AuthFormReturn, AuthLayoutConfig {
 }
@@ -665,6 +680,49 @@ interface UseTwoFactorSetupReturn {
  */
 declare const useTwoFactorSetup: (options?: UseTwoFactorSetupOptions) => UseTwoFactorSetupReturn;
 
+interface TwoFactorDevice {
+    id: string;
+    name: string;
+    createdAt: string;
+    lastUsedAt: string | null;
+    isPrimary: boolean;
+}
+interface UseTwoFactorStatusReturn {
+    /** Loading state */
+    isLoading: boolean;
+    /** Error message */
+    error: string | null;
+    /** Whether 2FA is enabled for user */
+    has2FAEnabled: boolean | null;
+    /** List of TOTP devices */
+    devices: TwoFactorDevice[];
+    /** Fetch 2FA status */
+    fetchStatus: () => Promise<void>;
+    /** Disable 2FA (requires TOTP code) */
+    disable2FA: (code: string) => Promise<boolean>;
+    /** Clear error */
+    clearError: () => void;
+}
+/**
+ * Hook for checking and managing 2FA status.
+ *
+ * @example
+ * ```tsx
+ * const { has2FAEnabled, devices, fetchStatus, disable2FA, isLoading } = useTwoFactorStatus();
+ *
+ * useEffect(() => {
+ *   fetchStatus();
+ * }, [fetchStatus]);
+ *
+ * if (has2FAEnabled) {
+ *   // Show disable button
+ * } else {
+ *   // Show enable button
+ * }
+ * ```
+ */
+declare const useTwoFactorStatus: () => UseTwoFactorStatusReturn;
+
 interface AuthRedirectOptions {
     fallbackUrl?: string;
     clearOnUse?: boolean;
@@ -830,4 +888,4 @@ declare const Analytics: {
     setUser(userId: string): void;
 };
 
-export { type AccountsContextValue, AccountsProvider, Analytics, AnalyticsCategory, type AnalyticsCategoryType, AnalyticsEvent, type AnalyticsEventType, type AuthChannel, type AuthConfig, type AuthContextType, type AuthFormAutoSubmit, type AuthFormContextType, type AuthFormReturn, type AuthFormState, type AuthFormStateHandlers, type AuthFormSubmitHandlers, type AuthFormValidation, type AuthHelpProps, type AuthLayoutConfig, type AuthLayoutProps, AuthProvider, type AuthProviderProps, type AuthStep, type PatchedUserProfileUpdateRequest, PatchedUserProfileUpdateRequestSchema, type ProfileCacheOptions, type TwoFactorSetupData, type UseAuthFormOptions, type UseAuthFormStateReturn, type UseAutoAuthOptions, type UseGithubAuthOptions, type UseGithubAuthReturn, type UseTwoFactorOptions, type UseTwoFactorReturn, type UseTwoFactorSetupOptions, type UseTwoFactorSetupReturn, type UserProfile, authLogger, clearProfileCache, decodeBase64, detectChannelFromIdentifier, encodeBase64, formatAuthError, getCacheMetadata, getCachedProfile, hasValidCache, logger, setCachedProfile, useAccountsContext, useAuth, useAuthForm, useAuthFormState, useAuthGuard, useAuthRedirectManager, useAuthValidation, useAutoAuth, useBase64, useGithubAuth, useLocalStorage, useSessionStorage, useTwoFactor, useTwoFactorSetup, validateEmail, validateIdentifier };
+export { type AccountsContextValue, AccountsProvider, Analytics, AnalyticsCategory, type AnalyticsCategoryType, AnalyticsEvent, type AnalyticsEventType, type AuthChannel, type AuthConfig, type AuthContextType, type AuthFormAutoSubmit, type AuthFormContextType, type AuthFormReturn, type AuthFormState, type AuthFormStateHandlers, type AuthFormSubmitHandlers, type AuthFormValidation, type AuthHelpProps, type AuthLayoutConfig, type AuthLayoutProps, AuthProvider, type AuthProviderProps, type AuthStep, type PatchedUserProfileUpdateRequest, PatchedUserProfileUpdateRequestSchema, type ProfileCacheOptions, type TwoFactorDevice, type TwoFactorSetupData, type UseAuthFormOptions, type UseAuthFormStateReturn, type UseAutoAuthOptions, type UseGithubAuthOptions, type UseGithubAuthReturn, type UseTwoFactorOptions, type UseTwoFactorReturn, type UseTwoFactorSetupOptions, type UseTwoFactorSetupReturn, type UseTwoFactorStatusReturn, type UserProfile, authLogger, clearProfileCache, decodeBase64, detectChannelFromIdentifier, encodeBase64, formatAuthError, getCacheMetadata, getCachedProfile, hasValidCache, logger, setCachedProfile, useAccountsContext, useAuth, useAuthForm, useAuthFormState, useAuthGuard, useAuthRedirectManager, useAuthValidation, useAutoAuth, useBase64, useGithubAuth, useLocalStorage, useSessionStorage, useTwoFactor, useTwoFactorSetup, useTwoFactorStatus, validateEmail, validateIdentifier };

package/dist/auth.d.ts

@@ -421,6 +421,13 @@ interface UseAuthFormOptions {
     requireTermsAcceptance?: boolean;
     /** Path to auth page for auto-OTP detection. Default: '/auth' */
     authPath?: string;
+    /**
+     * Enable 2FA setup prompt after successful authentication.
+     * When true (default), users without 2FA will see a setup prompt after login.
+     * When false, users go directly to success without 2FA setup prompt.
+     * @default true
+     */
+    enable2FASetup?: boolean;
 }
 interface AuthLayoutConfig {
     /** Support page URL */
@@ -439,6 +446,14 @@ interface AuthLayoutConfig {
     logoUrl?: string;
     /** URL to redirect after successful auth (default: /dashboard) */
     redirectUrl?: string;
+    /**
+     * Enable 2FA setup prompt after successful authentication.
+     * When true (default), users without 2FA will see a setup prompt after login.
+     * When false, users go directly to success without 2FA setup prompt.
+     * Note: This only affects the setup prompt - existing 2FA verification still works.
+     * @default true
+     */
+    enable2FASetup?: boolean;
 }
 interface AuthFormContextType extends AuthFormReturn, AuthLayoutConfig {
 }
@@ -665,6 +680,49 @@ interface UseTwoFactorSetupReturn {
  */
 declare const useTwoFactorSetup: (options?: UseTwoFactorSetupOptions) => UseTwoFactorSetupReturn;
 
+interface TwoFactorDevice {
+    id: string;
+    name: string;
+    createdAt: string;
+    lastUsedAt: string | null;
+    isPrimary: boolean;
+}
+interface UseTwoFactorStatusReturn {
+    /** Loading state */
+    isLoading: boolean;
+    /** Error message */
+    error: string | null;
+    /** Whether 2FA is enabled for user */
+    has2FAEnabled: boolean | null;
+    /** List of TOTP devices */
+    devices: TwoFactorDevice[];
+    /** Fetch 2FA status */
+    fetchStatus: () => Promise<void>;
+    /** Disable 2FA (requires TOTP code) */
+    disable2FA: (code: string) => Promise<boolean>;
+    /** Clear error */
+    clearError: () => void;
+}
+/**
+ * Hook for checking and managing 2FA status.
+ *
+ * @example
+ * ```tsx
+ * const { has2FAEnabled, devices, fetchStatus, disable2FA, isLoading } = useTwoFactorStatus();
+ *
+ * useEffect(() => {
+ *   fetchStatus();
+ * }, [fetchStatus]);
+ *
+ * if (has2FAEnabled) {
+ *   // Show disable button
+ * } else {
+ *   // Show enable button
+ * }
+ * ```
+ */
+declare const useTwoFactorStatus: () => UseTwoFactorStatusReturn;
+
 interface AuthRedirectOptions {
     fallbackUrl?: string;
     clearOnUse?: boolean;
@@ -830,4 +888,4 @@ declare const Analytics: {
     setUser(userId: string): void;
 };
 
-export { type AccountsContextValue, AccountsProvider, Analytics, AnalyticsCategory, type AnalyticsCategoryType, AnalyticsEvent, type AnalyticsEventType, type AuthChannel, type AuthConfig, type AuthContextType, type AuthFormAutoSubmit, type AuthFormContextType, type AuthFormReturn, type AuthFormState, type AuthFormStateHandlers, type AuthFormSubmitHandlers, type AuthFormValidation, type AuthHelpProps, type AuthLayoutConfig, type AuthLayoutProps, AuthProvider, type AuthProviderProps, type AuthStep, type PatchedUserProfileUpdateRequest, PatchedUserProfileUpdateRequestSchema, type ProfileCacheOptions, type TwoFactorSetupData, type UseAuthFormOptions, type UseAuthFormStateReturn, type UseAutoAuthOptions, type UseGithubAuthOptions, type UseGithubAuthReturn, type UseTwoFactorOptions, type UseTwoFactorReturn, type UseTwoFactorSetupOptions, type UseTwoFactorSetupReturn, type UserProfile, authLogger, clearProfileCache, decodeBase64, detectChannelFromIdentifier, encodeBase64, formatAuthError, getCacheMetadata, getCachedProfile, hasValidCache, logger, setCachedProfile, useAccountsContext, useAuth, useAuthForm, useAuthFormState, useAuthGuard, useAuthRedirectManager, useAuthValidation, useAutoAuth, useBase64, useGithubAuth, useLocalStorage, useSessionStorage, useTwoFactor, useTwoFactorSetup, validateEmail, validateIdentifier };
+export { type AccountsContextValue, AccountsProvider, Analytics, AnalyticsCategory, type AnalyticsCategoryType, AnalyticsEvent, type AnalyticsEventType, type AuthChannel, type AuthConfig, type AuthContextType, type AuthFormAutoSubmit, type AuthFormContextType, type AuthFormReturn, type AuthFormState, type AuthFormStateHandlers, type AuthFormSubmitHandlers, type AuthFormValidation, type AuthHelpProps, type AuthLayoutConfig, type AuthLayoutProps, AuthProvider, type AuthProviderProps, type AuthStep, type PatchedUserProfileUpdateRequest, PatchedUserProfileUpdateRequestSchema, type ProfileCacheOptions, type TwoFactorDevice, type TwoFactorSetupData, type UseAuthFormOptions, type UseAuthFormStateReturn, type UseAutoAuthOptions, type UseGithubAuthOptions, type UseGithubAuthReturn, type UseTwoFactorOptions, type UseTwoFactorReturn, type UseTwoFactorSetupOptions, type UseTwoFactorSetupReturn, type UseTwoFactorStatusReturn, type UserProfile, authLogger, clearProfileCache, decodeBase64, detectChannelFromIdentifier, encodeBase64, formatAuthError, getCacheMetadata, getCachedProfile, hasValidCache, logger, setCachedProfile, useAccountsContext, useAuth, useAuthForm, useAuthFormState, useAuthGuard, useAuthRedirectManager, useAuthValidation, useAutoAuth, useBase64, useGithubAuth, useLocalStorage, useSessionStorage, useTwoFactor, useTwoFactorSetup, useTwoFactorStatus, validateEmail, validateIdentifier };

package/dist/auth.mjs

@@ -5840,7 +5840,8 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
     sourceUrl,
     redirectUrl,
     requireTermsAcceptance = false,
-    authPath = "/auth"
+    authPath = "/auth",
+    enable2FASetup = true
   } = options;
   const formState = useAuthFormState();
   const validation = useAuthValidation();
@@ -5995,14 +5996,18 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
       }
       if (result.success) {
         saveIdentifierToStorage(submitIdentifier, submitChannel);
-        if (result.should_prompt_2fa) {
+        if (result.should_prompt_2fa && enable2FASetup) {
           authLogger.info("OTP verification successful, prompting 2FA setup");
           setShouldPrompt2FA(true);
           setStep("2fa-setup");
           onOTPSuccess?.();
           return true;
         }
-        authLogger.info("OTP verification successful, showing success screen");
+        if (result.should_prompt_2fa && !enable2FASetup) {
+          authLogger.info("OTP verification successful, skipping 2FA setup prompt (disabled)");
+        } else {
+          authLogger.info("OTP verification successful, showing success screen");
+        }
         setStep("success");
         onOTPSuccess?.();
         return true;
@@ -6019,7 +6024,7 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
     } finally {
       setIsLoading(false);
     }
-  }, [verifyOTP, saveIdentifierToStorage, setError, setIsLoading, clearError, onOTPSuccess, onError, sourceUrl, redirectUrl, setTwoFactorSessionId, setShouldPrompt2FA, setStep]);
+  }, [verifyOTP, saveIdentifierToStorage, setError, setIsLoading, clearError, onOTPSuccess, onError, sourceUrl, redirectUrl, setTwoFactorSessionId, setShouldPrompt2FA, setStep, enable2FASetup]);
   const handleOTPSubmit = useCallback6(async (e) => {
     e.preventDefault();
     await submitOTP(identifier, otp, channel);
@@ -6345,14 +6350,83 @@ var useTwoFactorSetup = /* @__PURE__ */ __name((options = {}) => {
   };
 }, "useTwoFactorSetup");
 
+// src/auth/hooks/useTwoFactorStatus.ts
+import { useCallback as useCallback9, useState as useState8 } from "react";
+var useTwoFactorStatus = /* @__PURE__ */ __name(() => {
+  const [isLoading, setIsLoading] = useState8(false);
+  const [error, setError] = useState8(null);
+  const [has2FAEnabled, setHas2FAEnabled] = useState8(null);
+  const [devices, setDevices] = useState8([]);
+  const clearError = useCallback9(() => {
+    setError(null);
+  }, []);
+  const fetchStatus = useCallback9(async () => {
+    setIsLoading(true);
+    setError(null);
+    try {
+      authLogger.info("Fetching 2FA status...");
+      const response = await apiTotp.totp_management.totpDevicesList();
+      const mappedDevices = (response.results || []).map((device) => ({
+        id: device.id,
+        name: device.name,
+        createdAt: device.created_at,
+        lastUsedAt: device.last_used_at ?? null,
+        isPrimary: device.is_primary
+      }));
+      setDevices(mappedDevices);
+      const enabled = mappedDevices.length > 0;
+      setHas2FAEnabled(enabled);
+      authLogger.info("2FA status:", enabled ? "enabled" : "disabled");
+    } catch (err) {
+      const errorMessage = err instanceof Error ? err.message : "Failed to fetch 2FA status";
+      authLogger.error("Failed to fetch 2FA status:", err);
+      setError(errorMessage);
+    } finally {
+      setIsLoading(false);
+    }
+  }, []);
+  const disable2FA = useCallback9(async (code) => {
+    if (!code || code.length !== 6) {
+      setError("Please enter a 6-digit code");
+      return false;
+    }
+    setIsLoading(true);
+    setError(null);
+    try {
+      authLogger.info("Disabling 2FA...");
+      await apiTotp.totp_management.totpDisableCreate({ code });
+      setHas2FAEnabled(false);
+      setDevices([]);
+      authLogger.info("2FA disabled successfully");
+      return true;
+    } catch (err) {
+      const errorMessage = err instanceof Error ? err.message : "Invalid verification code";
+      authLogger.error("Failed to disable 2FA:", err);
+      setError(errorMessage);
+      return false;
+    } finally {
+      setIsLoading(false);
+    }
+  }, []);
+  return {
+    isLoading,
+    error,
+    has2FAEnabled,
+    devices,
+    fetchStatus,
+    disable2FA,
+    clearError
+  };
+}, "useTwoFactorStatus");
+
 // src/auth/hooks/useAuthGuard.ts
-import { useEffect as useEffect5, useState as useState8 } from "react";
+import { useEffect as useEffect5, useState as useState9 } from "react";
 import { useCfgRouter as useCfgRouter5 } from "@djangocfg/ui-nextjs/hooks";
 var useAuthGuard = /* @__PURE__ */ __name((options = {}) => {
   const { redirectTo = "/auth", requireAuth = true, saveRedirectUrl: shouldSaveUrl = true } = options;
   const { isAuthenticated, isLoading, saveRedirectUrl } = useAuth();
   const router = useCfgRouter5();
-  const [isRedirecting, setIsRedirecting] = useState8(false);
+  const [isRedirecting, setIsRedirecting] = useState9(false);
   useEffect5(() => {
     if (!isLoading && requireAuth && !isAuthenticated && !isRedirecting) {
       if (shouldSaveUrl && typeof window !== "undefined") {
@@ -6367,9 +6441,9 @@ var useAuthGuard = /* @__PURE__ */ __name((options = {}) => {
 }, "useAuthGuard");
 
 // src/auth/hooks/useLocalStorage.ts
-import { useState as useState9 } from "react";
+import { useState as useState10 } from "react";
 function useLocalStorage2(key, initialValue) {
-  const [storedValue, setStoredValue] = useState9(() => {
+  const [storedValue, setStoredValue] = useState10(() => {
     if (typeof window === "undefined") {
       return initialValue;
     }
@@ -6580,6 +6654,7 @@ export {
   useSessionStorage,
   useTwoFactor,
   useTwoFactorSetup,
+  useTwoFactorStatus,
   validateEmail,
   validateIdentifier
 };