@vivinkv28/strapi-2fa-admin-plugin 0.1.10 → 0.1.13

package/dist/server/index.js

@@ -74,6 +74,16 @@ const runtimeRequire = createRequire(__filename);
 var strapiSessionAuth = runtimeRequire(resolveSessionAuthPath());
 const sessionAuth$1 = strapiSessionAuth;
 const getService = () => strapi.plugin("admin-2fa").service("auth");
+const APPLICATION_ERROR_STATUS = {
+  ApplicationError: 400,
+  ValidationError: 400,
+  UnauthorizedError: 401,
+  ForbiddenError: 403,
+  NotFoundError: 404,
+  PayloadTooLargeError: 413,
+  RateLimitError: 429,
+  NotImplementedError: 501
+};
 const setRefreshCookie = (ctx, refreshToken, cookieOptions) => {
   ctx.cookies.set(sessionAuth$1.REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
 };
@@ -87,32 +97,69 @@ const getClientIp = (ctx) => {
   }
   return String(ctx.request.ip ?? ctx.ip ?? "").trim();
 };
+const sendApplicationError = (ctx, error2) => {
+  const derivedStatus = typeof error2?.status === "number" && error2.status >= 400 && error2.status < 500 ? error2.status : APPLICATION_ERROR_STATUS[error2?.name] ?? 400;
+  ctx.status = derivedStatus;
+  ctx.body = {
+    data: null,
+    error: {
+      status: derivedStatus,
+      name: error2?.name ?? "ApplicationError",
+      message: error2?.message ?? "Request failed",
+      details: error2?.details ?? {}
+    }
+  };
+};
 var auth$3 = {
   async login(ctx) {
-    const result = await getService().createChallenge(ctx.request.body ?? {}, {
-      clientIp: getClientIp(ctx)
-    });
-    ctx.body = { data: result };
+    try {
+      const result = await getService().createChallenge(ctx.request.body ?? {}, {
+        clientIp: getClientIp(ctx)
+      });
+      ctx.body = { data: result };
+    } catch (error2) {
+      if (error2?.name && APPLICATION_ERROR_STATUS[error2.name]) {
+        sendApplicationError(ctx, error2);
+        return;
+      }
+      throw error2;
+    }
   },
   async resend(ctx) {
-    const result = await getService().resendChallenge(ctx.request.body ?? {}, {
-      clientIp: getClientIp(ctx)
-    });
-    ctx.body = { data: result };
+    try {
+      const result = await getService().resendChallenge(ctx.request.body ?? {}, {
+        clientIp: getClientIp(ctx)
+      });
+      ctx.body = { data: result };
+    } catch (error2) {
+      if (error2?.name && APPLICATION_ERROR_STATUS[error2.name]) {
+        sendApplicationError(ctx, error2);
+        return;
+      }
+      throw error2;
+    }
   },
   async verify(ctx) {
-    const result = await getService().verifyChallenge(ctx.request.body ?? {}, {
-      secureRequest: ctx.request.secure,
-      clientIp: getClientIp(ctx)
-    });
-    setRefreshCookie(ctx, result.refreshToken, result.cookieOptions);
-    ctx.body = {
-      data: {
-        token: result.accessToken,
-        accessToken: result.accessToken,
-        user: result.user
+    try {
+      const result = await getService().verifyChallenge(ctx.request.body ?? {}, {
+        secureRequest: ctx.request.secure,
+        clientIp: getClientIp(ctx)
+      });
+      setRefreshCookie(ctx, result.refreshToken, result.cookieOptions);
+      ctx.body = {
+        data: {
+          token: result.accessToken,
+          accessToken: result.accessToken,
+          user: result.user
+        }
+      };
+    } catch (error2) {
+      if (error2?.name && APPLICATION_ERROR_STATUS[error2.name]) {
+        sendApplicationError(ctx, error2);
+        return;
       }
-    };
+      throw error2;
+    }
   }
 };
 const auth$2 = auth$3;
@@ -19149,21 +19196,21 @@ class ForbiddenError extends ApplicationError$1 {
     this.message = message;
   }
 }
-class UnauthorizedError extends ApplicationError$1 {
+let UnauthorizedError$1 = class UnauthorizedError extends ApplicationError$1 {
   constructor(message = "Unauthorized", details) {
     super(message, details);
     this.name = "UnauthorizedError";
     this.message = message;
   }
-}
-class RateLimitError extends ApplicationError$1 {
+};
+let RateLimitError$1 = class RateLimitError extends ApplicationError$1 {
   constructor(message = "Too many requests, please try again later.", details) {
     super(message, details);
     this.name = "RateLimitError";
     this.message = message;
     this.details = details || {};
   }
-}
+};
 class PayloadTooLargeError extends ApplicationError$1 {
   constructor(message = "Entity too large", details) {
     super(message, details);
@@ -19196,8 +19243,8 @@ const errors$1 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProp
   PaginationError,
   PayloadTooLargeError,
   PolicyError,
-  RateLimitError,
-  UnauthorizedError,
+  RateLimitError: RateLimitError$1,
+  UnauthorizedError: UnauthorizedError$1,
   ValidationError: ValidationError$1,
   YupValidationError
 }, Symbol.toStringTag, { value: "Module" }));
@@ -43795,7 +43842,7 @@ const require$$1 = /* @__PURE__ */ getAugmentedNamespace(dist);
 const crypto = require$$1__default$1.default;
 const { errors } = require$$1;
 const sessionAuth = strapiSessionAuth;
-const { ApplicationError: ApplicationError2, ValidationError: ValidationError3 } = errors;
+const { ApplicationError: ApplicationError2, RateLimitError: RateLimitError2, UnauthorizedError: UnauthorizedError2, ValidationError: ValidationError3 } = errors;
 const STORE_NAME = "admin-otp-login";
 const STORE_KEY_PREFIX = "challenge:";
 const RATE_LIMIT_KEY_PREFIX = "rate-limit:";
@@ -43914,11 +43961,11 @@ const deleteChallenge = async (store, challengeId) => {
 const getChallenge = async (store, challengeId) => {
   const challenge = await store.get({ key: getStoreKey(challengeId) });
   if (!challenge) {
-    throw new ApplicationError2("OTP session not found. Please log in again.");
+    throw new UnauthorizedError2("OTP session not found. Please log in again.");
   }
   if (new Date(challenge.expiresAt).getTime() <= Date.now()) {
     await deleteChallenge(store, challengeId);
-    throw new ApplicationError2("OTP expired. Please log in again.");
+    throw new UnauthorizedError2("OTP expired. Please log in again.");
   }
   return challenge;
 };
@@ -43941,7 +43988,7 @@ const registerRateLimitHit = async (store, config2, action, scope, identifier) =
     return;
   }
   if (existing.count >= limit) {
-    throw new ApplicationError2("Too many authentication attempts. Please wait a few minutes and try again.");
+    throw new RateLimitError2("Too many authentication attempts. Please wait a few minutes and try again.");
   }
   await store.set({
     key,
@@ -44020,7 +44067,7 @@ var auth$1 = () => ({
     });
     logDuration(config2, "checkCredentials", credentialsStartedAt);
     if (!user) {
-      throw new ApplicationError2(info?.message ?? "Invalid credentials");
+      throw new UnauthorizedError2(info?.message ?? "Invalid credentials");
     }
     const challengeId = crypto.randomUUID();
     const code = createOtpCode(config2.otpDigits);
@@ -44069,7 +44116,7 @@ var auth$1 = () => ({
     await registerRateLimitHit(store, config2, "resend", "email", current.email);
     if (current.resendCount >= config2.maxResends) {
       await deleteChallenge(store, challengeId);
-      throw new ApplicationError2("Maximum OTP resend attempts exceeded. Please log in again.");
+      throw new RateLimitError2("Maximum OTP resend attempts exceeded. Please log in again.");
     }
     const code = createOtpCode(config2.otpDigits);
     const salt = crypto.randomBytes(16).toString("hex");
@@ -44112,7 +44159,7 @@ var auth$1 = () => ({
     await registerRateLimitHit(store, config2, "verify", "email", challenge.email);
     if (challenge.attempts >= config2.maxAttempts) {
       await deleteChallenge(store, challengeId);
-      throw new ApplicationError2("Maximum OTP attempts exceeded. Please log in again.");
+      throw new RateLimitError2("Maximum OTP attempts exceeded. Please log in again.");
     }
     const hashStartedAt = now();
     const computedHash = await createOtpHash(challengeId, code, challenge.salt);
@@ -44125,7 +44172,7 @@ var auth$1 = () => ({
       const nextAttempts = challenge.attempts + 1;
       if (nextAttempts >= config2.maxAttempts) {
         await deleteChallenge(store, challengeId);
-        throw new ApplicationError2("Maximum OTP attempts exceeded. Please log in again.");
+        throw new RateLimitError2("Maximum OTP attempts exceeded. Please log in again.");
       }
       const storeStartedAt = now();
       await store.set({
@@ -44139,7 +44186,7 @@ var auth$1 = () => ({
         challengeId,
         attempts: nextAttempts
       });
-      throw new ApplicationError2("Invalid OTP code");
+      throw new UnauthorizedError2("Invalid OTP code");
     }
     const deleteStartedAt = now();
     await deleteChallenge(store, challengeId);

package/dist/server/index.mjs

@@ -60,6 +60,16 @@ const runtimeRequire = createRequire(__filename);
 var strapiSessionAuth = runtimeRequire(resolveSessionAuthPath());
 const sessionAuth$1 = strapiSessionAuth;
 const getService = () => strapi.plugin("admin-2fa").service("auth");
+const APPLICATION_ERROR_STATUS = {
+  ApplicationError: 400,
+  ValidationError: 400,
+  UnauthorizedError: 401,
+  ForbiddenError: 403,
+  NotFoundError: 404,
+  PayloadTooLargeError: 413,
+  RateLimitError: 429,
+  NotImplementedError: 501
+};
 const setRefreshCookie = (ctx, refreshToken, cookieOptions) => {
   ctx.cookies.set(sessionAuth$1.REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
 };
@@ -73,32 +83,69 @@ const getClientIp = (ctx) => {
   }
   return String(ctx.request.ip ?? ctx.ip ?? "").trim();
 };
+const sendApplicationError = (ctx, error2) => {
+  const derivedStatus = typeof error2?.status === "number" && error2.status >= 400 && error2.status < 500 ? error2.status : APPLICATION_ERROR_STATUS[error2?.name] ?? 400;
+  ctx.status = derivedStatus;
+  ctx.body = {
+    data: null,
+    error: {
+      status: derivedStatus,
+      name: error2?.name ?? "ApplicationError",
+      message: error2?.message ?? "Request failed",
+      details: error2?.details ?? {}
+    }
+  };
+};
 var auth$3 = {
   async login(ctx) {
-    const result = await getService().createChallenge(ctx.request.body ?? {}, {
-      clientIp: getClientIp(ctx)
-    });
-    ctx.body = { data: result };
+    try {
+      const result = await getService().createChallenge(ctx.request.body ?? {}, {
+        clientIp: getClientIp(ctx)
+      });
+      ctx.body = { data: result };
+    } catch (error2) {
+      if (error2?.name && APPLICATION_ERROR_STATUS[error2.name]) {
+        sendApplicationError(ctx, error2);
+        return;
+      }
+      throw error2;
+    }
   },
   async resend(ctx) {
-    const result = await getService().resendChallenge(ctx.request.body ?? {}, {
-      clientIp: getClientIp(ctx)
-    });
-    ctx.body = { data: result };
+    try {
+      const result = await getService().resendChallenge(ctx.request.body ?? {}, {
+        clientIp: getClientIp(ctx)
+      });
+      ctx.body = { data: result };
+    } catch (error2) {
+      if (error2?.name && APPLICATION_ERROR_STATUS[error2.name]) {
+        sendApplicationError(ctx, error2);
+        return;
+      }
+      throw error2;
+    }
   },
   async verify(ctx) {
-    const result = await getService().verifyChallenge(ctx.request.body ?? {}, {
-      secureRequest: ctx.request.secure,
-      clientIp: getClientIp(ctx)
-    });
-    setRefreshCookie(ctx, result.refreshToken, result.cookieOptions);
-    ctx.body = {
-      data: {
-        token: result.accessToken,
-        accessToken: result.accessToken,
-        user: result.user
+    try {
+      const result = await getService().verifyChallenge(ctx.request.body ?? {}, {
+        secureRequest: ctx.request.secure,
+        clientIp: getClientIp(ctx)
+      });
+      setRefreshCookie(ctx, result.refreshToken, result.cookieOptions);
+      ctx.body = {
+        data: {
+          token: result.accessToken,
+          accessToken: result.accessToken,
+          user: result.user
+        }
+      };
+    } catch (error2) {
+      if (error2?.name && APPLICATION_ERROR_STATUS[error2.name]) {
+        sendApplicationError(ctx, error2);
+        return;
       }
-    };
+      throw error2;
+    }
   }
 };
 const auth$2 = auth$3;
@@ -19135,21 +19182,21 @@ class ForbiddenError extends ApplicationError$1 {
     this.message = message;
   }
 }
-class UnauthorizedError extends ApplicationError$1 {
+let UnauthorizedError$1 = class UnauthorizedError extends ApplicationError$1 {
   constructor(message = "Unauthorized", details) {
     super(message, details);
     this.name = "UnauthorizedError";
     this.message = message;
   }
-}
-class RateLimitError extends ApplicationError$1 {
+};
+let RateLimitError$1 = class RateLimitError extends ApplicationError$1 {
   constructor(message = "Too many requests, please try again later.", details) {
     super(message, details);
     this.name = "RateLimitError";
     this.message = message;
     this.details = details || {};
   }
-}
+};
 class PayloadTooLargeError extends ApplicationError$1 {
   constructor(message = "Entity too large", details) {
     super(message, details);
@@ -19182,8 +19229,8 @@ const errors$1 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProp
   PaginationError,
   PayloadTooLargeError,
   PolicyError,
-  RateLimitError,
-  UnauthorizedError,
+  RateLimitError: RateLimitError$1,
+  UnauthorizedError: UnauthorizedError$1,
   ValidationError: ValidationError$1,
   YupValidationError
 }, Symbol.toStringTag, { value: "Module" }));
@@ -43781,7 +43828,7 @@ const require$$1 = /* @__PURE__ */ getAugmentedNamespace(dist);
 const crypto = require$$1$2;
 const { errors } = require$$1;
 const sessionAuth = strapiSessionAuth;
-const { ApplicationError: ApplicationError2, ValidationError: ValidationError3 } = errors;
+const { ApplicationError: ApplicationError2, RateLimitError: RateLimitError2, UnauthorizedError: UnauthorizedError2, ValidationError: ValidationError3 } = errors;
 const STORE_NAME = "admin-otp-login";
 const STORE_KEY_PREFIX = "challenge:";
 const RATE_LIMIT_KEY_PREFIX = "rate-limit:";
@@ -43900,11 +43947,11 @@ const deleteChallenge = async (store, challengeId) => {
 const getChallenge = async (store, challengeId) => {
   const challenge = await store.get({ key: getStoreKey(challengeId) });
   if (!challenge) {
-    throw new ApplicationError2("OTP session not found. Please log in again.");
+    throw new UnauthorizedError2("OTP session not found. Please log in again.");
   }
   if (new Date(challenge.expiresAt).getTime() <= Date.now()) {
     await deleteChallenge(store, challengeId);
-    throw new ApplicationError2("OTP expired. Please log in again.");
+    throw new UnauthorizedError2("OTP expired. Please log in again.");
   }
   return challenge;
 };
@@ -43927,7 +43974,7 @@ const registerRateLimitHit = async (store, config2, action, scope, identifier) =
     return;
   }
   if (existing.count >= limit) {
-    throw new ApplicationError2("Too many authentication attempts. Please wait a few minutes and try again.");
+    throw new RateLimitError2("Too many authentication attempts. Please wait a few minutes and try again.");
   }
   await store.set({
     key,
@@ -44006,7 +44053,7 @@ var auth$1 = () => ({
     });
     logDuration(config2, "checkCredentials", credentialsStartedAt);
     if (!user) {
-      throw new ApplicationError2(info?.message ?? "Invalid credentials");
+      throw new UnauthorizedError2(info?.message ?? "Invalid credentials");
     }
     const challengeId = crypto.randomUUID();
     const code = createOtpCode(config2.otpDigits);
@@ -44055,7 +44102,7 @@ var auth$1 = () => ({
     await registerRateLimitHit(store, config2, "resend", "email", current.email);
     if (current.resendCount >= config2.maxResends) {
       await deleteChallenge(store, challengeId);
-      throw new ApplicationError2("Maximum OTP resend attempts exceeded. Please log in again.");
+      throw new RateLimitError2("Maximum OTP resend attempts exceeded. Please log in again.");
     }
     const code = createOtpCode(config2.otpDigits);
     const salt = crypto.randomBytes(16).toString("hex");
@@ -44098,7 +44145,7 @@ var auth$1 = () => ({
     await registerRateLimitHit(store, config2, "verify", "email", challenge.email);
     if (challenge.attempts >= config2.maxAttempts) {
       await deleteChallenge(store, challengeId);
-      throw new ApplicationError2("Maximum OTP attempts exceeded. Please log in again.");
+      throw new RateLimitError2("Maximum OTP attempts exceeded. Please log in again.");
     }
     const hashStartedAt = now();
     const computedHash = await createOtpHash(challengeId, code, challenge.salt);
@@ -44111,7 +44158,7 @@ var auth$1 = () => ({
       const nextAttempts = challenge.attempts + 1;
       if (nextAttempts >= config2.maxAttempts) {
         await deleteChallenge(store, challengeId);
-        throw new ApplicationError2("Maximum OTP attempts exceeded. Please log in again.");
+        throw new RateLimitError2("Maximum OTP attempts exceeded. Please log in again.");
       }
       const storeStartedAt = now();
       await store.set({
@@ -44125,7 +44172,7 @@ var auth$1 = () => ({
         challengeId,
         attempts: nextAttempts
       });
-      throw new ApplicationError2("Invalid OTP code");
+      throw new UnauthorizedError2("Invalid OTP code");
     }
     const deleteStartedAt = now();
     await deleteChallenge(store, challengeId);

package/host-patch/strapi-admin-2fa-patch/pages/Auth/components/Login.js

@@ -35,8 +35,23 @@ function _interopNamespaceDefault(e) {
   return Object.freeze(n);
 }
 
-var React__namespace = /*#__PURE__*/_interopNamespaceDefault(React);
-var yup__namespace = /*#__PURE__*/_interopNamespaceDefault(yup);
+var React__namespace = /*#__PURE__*/_interopNamespaceDefault(React);
+var yup__namespace = /*#__PURE__*/_interopNamespaceDefault(yup);
+
+const getApiErrorMessage = (error, fallback = 'Something went wrong')=>{
+    if (!error || typeof error !== 'object') {
+        return fallback;
+    }
+    const candidates = [
+        error?.data?.error?.message,
+        error?.data?.message,
+        error?.error?.message,
+        error?.message,
+        typeof error?.error === 'string' ? error.error : undefined
+    ];
+    const message = candidates.find((value)=>typeof value === 'string' && value.trim().length > 0);
+    return message ?? fallback;
+};
 
 const OTP_LENGTH = 6;
 const OTP_DIGIT_INPUT_STYLE = {
@@ -240,18 +255,18 @@ const Login = ({ children })=>{
     React__namespace.useEffect(()=>{
         document.title = 'Admin Dashboard';
     }, []);
-    const handleLogin = async (body)=>{
-        setApiError(undefined);
-        const res = await adminLoginWithOtp({
-            ...body,
-            deviceId: deviceId.getOrCreateDeviceId()
-        });
-        if ('error' in res) {
-            const message = res.error.message ?? 'Something went wrong';
-            if (camelCase(message).toLowerCase() === 'usernotactive') {
-                navigate('/auth/oops');
-                return;
-            }
+    const handleLogin = async (body)=>{
+        setApiError(undefined);
+        const res = await adminLoginWithOtp({
+            ...body,
+            deviceId: deviceId.getOrCreateDeviceId()
+        });
+        if ('error' in res) {
+            const message = getApiErrorMessage(res.error);
+            if (camelCase(message).toLowerCase() === 'usernotactive') {
+                navigate('/auth/oops');
+                return;
+            }
             setApiError(message);
         } else {
             setOtpStep({
@@ -267,15 +282,15 @@ const Login = ({ children })=>{
             return;
         }
         setApiError(undefined);
-        const res = await verifyAdminLoginOtp({
-            challengeId: otpStep.challengeId,
-            code
-        });
-        if ('error' in res) {
-            setApiError(res.error.message ?? 'Something went wrong');
-        } else {
-            toggleNotification({
-                type: 'success',
+        const res = await verifyAdminLoginOtp({
+            challengeId: otpStep.challengeId,
+            code
+        });
+        if ('error' in res) {
+            setApiError(getApiErrorMessage(res.error));
+        } else {
+            toggleNotification({
+                type: 'success',
                 title: formatMessage({
                     id: 'Auth.notification.authenticated.title',
                     defaultMessage: 'Successfully authenticated'
@@ -295,14 +310,14 @@ const Login = ({ children })=>{
             return;
         }
         setApiError(undefined);
-        const res = await resendAdminLoginOtp({
-            challengeId: otpStep.challengeId
-        });
-        if ('error' in res) {
-            setApiError(res.error.message ?? 'Something went wrong');
-        } else {
-            setOtpStep({
-                ...otpStep,
+        const res = await resendAdminLoginOtp({
+            challengeId: otpStep.challengeId
+        });
+        if ('error' in res) {
+            setApiError(getApiErrorMessage(res.error));
+        } else {
+            setOtpStep({
+                ...otpStep,
                 expiresAt: res.data.expiresAt,
                 maskedEmail: res.data.maskedEmail
             });

package/host-patch/strapi-admin-2fa-patch/pages/Auth/components/Login.mjs

@@ -13,8 +13,23 @@ import { useTypedDispatch } from '../../../core/store/hooks.mjs';
 import { useNotification } from '../../../features/Notifications.mjs';
 import { login as loginAction } from '../../../reducer.mjs';
 import { useAdminLoginWithOtpMutation, useVerifyAdminLoginOtpMutation, useResendAdminLoginOtpMutation } from '../../../services/auth.mjs';
-import { getOrCreateDeviceId } from '../../../utils/deviceId.mjs';
-import { translatedErrors as errorsTrads } from '../../../utils/translatedErrors.mjs';
+import { getOrCreateDeviceId } from '../../../utils/deviceId.mjs';
+import { translatedErrors as errorsTrads } from '../../../utils/translatedErrors.mjs';
+
+const getApiErrorMessage = (error, fallback = 'Something went wrong')=>{
+    if (!error || typeof error !== 'object') {
+        return fallback;
+    }
+    const candidates = [
+        error?.data?.error?.message,
+        error?.data?.message,
+        error?.error?.message,
+        error?.message,
+        typeof error?.error === 'string' ? error.error : undefined
+    ];
+    const message = candidates.find((value)=>typeof value === 'string' && value.trim().length > 0);
+    return message ?? fallback;
+};
 
 const OTP_LENGTH = 6;
 const OTP_DIGIT_INPUT_STYLE = {
@@ -218,18 +233,18 @@ const Login = ({ children })=>{
     React.useEffect(()=>{
         document.title = 'Admin Dashboard';
     }, []);
-    const handleLogin = async (body)=>{
-        setApiError(undefined);
-        const res = await adminLoginWithOtp({
-            ...body,
-            deviceId: getOrCreateDeviceId()
-        });
-        if ('error' in res) {
-            const message = res.error.message ?? 'Something went wrong';
-            if (camelCase(message).toLowerCase() === 'usernotactive') {
-                navigate('/auth/oops');
-                return;
-            }
+    const handleLogin = async (body)=>{
+        setApiError(undefined);
+        const res = await adminLoginWithOtp({
+            ...body,
+            deviceId: getOrCreateDeviceId()
+        });
+        if ('error' in res) {
+            const message = getApiErrorMessage(res.error);
+            if (camelCase(message).toLowerCase() === 'usernotactive') {
+                navigate('/auth/oops');
+                return;
+            }
             setApiError(message);
         } else {
             setOtpStep({
@@ -245,15 +260,15 @@ const Login = ({ children })=>{
             return;
         }
         setApiError(undefined);
-        const res = await verifyAdminLoginOtp({
-            challengeId: otpStep.challengeId,
-            code
-        });
-        if ('error' in res) {
-            setApiError(res.error.message ?? 'Something went wrong');
-        } else {
-            toggleNotification({
-                type: 'success',
+        const res = await verifyAdminLoginOtp({
+            challengeId: otpStep.challengeId,
+            code
+        });
+        if ('error' in res) {
+            setApiError(getApiErrorMessage(res.error));
+        } else {
+            toggleNotification({
+                type: 'success',
                 title: formatMessage({
                     id: 'Auth.notification.authenticated.title',
                     defaultMessage: 'Successfully authenticated'
@@ -273,14 +288,14 @@ const Login = ({ children })=>{
             return;
         }
         setApiError(undefined);
-        const res = await resendAdminLoginOtp({
-            challengeId: otpStep.challengeId
-        });
-        if ('error' in res) {
-            setApiError(res.error.message ?? 'Something went wrong');
-        } else {
-            setOtpStep({
-                ...otpStep,
+        const res = await resendAdminLoginOtp({
+            challengeId: otpStep.challengeId
+        });
+        if ('error' in res) {
+            setApiError(getApiErrorMessage(res.error));
+        } else {
+            setOtpStep({
+                ...otpStep,
                 expiresAt: res.data.expiresAt,
                 maskedEmail: res.data.maskedEmail
             });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vivinkv28/strapi-2fa-admin-plugin",
-  "version": "0.1.10",
+  "version": "0.1.13",
   "description": "Reusable Strapi admin 2FA plugin",
   "type": "commonjs",
   "keywords": [