strapi-identity 0.3.0 → 0.4.1

package/README.md

@@ -2,12 +2,15 @@
 
 Detailed Multi-Factor Authentication (MFA) plugin for Strapi v5+. Secure your Strapi Admin panel with TOTP-based 2FA, fully integrated into the Strapi interface.
 
+![verification screen](./screenshots/login-verification.webp)
+
 ## Features
 
 - **MFA Login Interception**: Seamlessly integrates with the default Strapi login flow.
 - **TOTP Compatibility**: Works with all major authenticator apps (Google Authenticator, Authy, 1Password, etc.).
 - **Recovery Codes**: Generates secure recovery codes for emergency access.
 - **Email Passcode**: Option to receive a one-time passcode via email as an alternative MFA method.
+- **Enforced mode**: Prevent a user from accessing the CMS until 2FA is setup on their account.
 - **Native UI Integration**:
   - Matches Strapi's design system.
   - Profile integration for easy setup.
@@ -62,7 +65,7 @@ Access the global settings via the admin panel:
 | Option      | Description                                                                                |
 | ----------- | ------------------------------------------------------------------------------------------ |
 | **Enabled** | Master switch to enable or disable the MFA interception logic globally.                    |
-| **Enforce** | _(Coming Soon)_ Force all users to set up MFA before accessing the dashboard.              |
+| **Enforce** | Force all users to set up MFA before accessing the dashboard.                              |
 | **Issuer**  | The name that appears in the authenticator app (e.g., "My Project"). Defaults to "Strapi". |
 
 ### Permissions
@@ -116,4 +119,4 @@ Below is the implementation status of planned features.
 - [x] **Multi-language Support**: i18n ready.
 - [x] **Admin Reset**: Allow super-admins to reset MFA for other users who lost access.
 - [x] **Email Passcode**: Alternative MFA method via Email.
-- [ ] **Enforced Mode**: Mandatory MFA for specific roles or all users.
+- [x] **Enforced Mode**: Mandatory MFA for all users.

package/dist/admin/{AdminReset-QClQP2Il.js → AdminReset-BiWQDTRv.js}

@@ -4,8 +4,7 @@ const jsxRuntime = require("react/jsx-runtime");
 const React = require("react");
 const WarningAlert = require("./WarningAlert-DFE5euMk.js");
 const designSystem = require("@strapi/design-system");
-const index = require("./index-C9K2h5UC.js");
-const tokenHelpers = require("./tokenHelpers-B54WRTn1.js");
+const index = require("./index-B9P8S4CX.js");
 const reactIntl = require("react-intl");
 const AdminReset = ({ id }) => {
   const { formatMessage } = reactIntl.useIntl();
@@ -13,7 +12,7 @@ const AdminReset = ({ id }) => {
   const [warningOpen, setWarningOpen] = React.useState(false);
   const [loading, setLoading] = React.useState(false);
   const handleReset = async () => {
-    const token = tokenHelpers.getToken();
+    const token = index.getToken();
     setLoading(true);
     try {
       const response = await fetch(`/strapi-identity/admin/user/${id}`, {
@@ -32,7 +31,7 @@ const AdminReset = ({ id }) => {
   React.useEffect(() => {
     if (!id) return;
     const ac = new AbortController();
-    const token = tokenHelpers.getToken();
+    const token = index.getToken();
     (async () => {
       try {
         const response = await fetch(`/strapi-identity/admin/user/${id}`, {

package/dist/admin/{AdminReset-CCGgw-0k.mjs → AdminReset-DOmsyqwQ.mjs}

@@ -2,8 +2,7 @@ import { jsxs, Fragment, jsx } from "react/jsx-runtime";
 import { useState, useEffect } from "react";
 import { W as WarningAlert } from "./WarningAlert-VU011LVF.mjs";
 import { Box, Flex, Typography, Grid, Button } from "@strapi/design-system";
-import { g as getTranslation } from "./index-C_4USMnn.mjs";
-import { g as getToken } from "./tokenHelpers-CKVyT1sz.mjs";
+import { g as getToken, a as getTranslation } from "./index-DpIJdETG.mjs";
 import { useIntl } from "react-intl";
 const AdminReset = ({ id }) => {
   const { formatMessage } = useIntl();

package/dist/admin/{ProfileToggle-H31GHNDA.js → ProfileToggle-BUqs_hxZ.js}

@@ -3,79 +3,8 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const jsxRuntime = require("react/jsx-runtime");
 const React = require("react");
 const designSystem = require("@strapi/design-system");
-const styled = require("styled-components");
-const index = require("./index-C9K2h5UC.js");
-const qrcode_react = require("qrcode.react");
+const index = require("./index-B9P8S4CX.js");
 const reactIntl = require("react-intl");
-const tokenHelpers = require("./tokenHelpers-B54WRTn1.js");
-const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
-const styled__default = /* @__PURE__ */ _interopDefault(styled);
-function ConfirmModal({
-  open,
-  onOpenChange,
-  onSubmit,
-  qrCodeUri,
-  secret,
-  passcodes
-}) {
-  const { formatMessage } = reactIntl.useIntl();
-  return /* @__PURE__ */ jsxRuntime.jsx(designSystem.Modal.Root, { open, onOpenChange, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Modal.Content, { children: /* @__PURE__ */ jsxRuntime.jsxs("form", { onSubmit, children: [
-    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Modal.Header, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Modal.Title, { children: formatMessage({
-      id: index.getTranslation("profile.setup"),
-      defaultMessage: "Set up Two-Factor Authentication"
-    }) }) }),
-    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Modal.Body, { children: passcodes ? /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { direction: "column", alignItems: "center", gap: 4, marginTop: 4, marginBottom: 4, children: [
-      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { textAlign: "center", children: formatMessage({
-        id: index.getTranslation("profile.recovery_codes"),
-        defaultMessage: "Please save the following recovery codes in a safe place. Each code can only be used once to access your account if you lose access to your authenticator app."
-      }) }),
-      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Grid.Root, { gap: 4, marginTop: 4, marginBottom: 4, children: passcodes.map((code) => /* @__PURE__ */ jsxRuntime.jsx(designSystem.Grid.Item, { col: 6, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "pi", children: code }) }, code)) }),
-      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "pi", textAlign: "center", children: formatMessage({
-        id: index.getTranslation("profile.recovery_codes_warning"),
-        defaultMessage: "If you lose both your authenticator app and your recovery codes, you will need to contact an administrator to regain access to your account."
-      }) })
-    ] }) : /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { direction: "column", children: [
-      /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { direction: "column", alignItems: "center", gap: 4, marginTop: 4, marginBottom: 4, children: [
-        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { children: formatMessage({
-          id: index.getTranslation("profile.scan_qr"),
-          defaultMessage: "You will need an authenticator app to scan the QR code below."
-        }) }),
-        qrCodeUri && /* @__PURE__ */ jsxRuntime.jsx(qrcode_react.QRCodeCanvas, { value: qrCodeUri, size: 256 }),
-        secret && /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "pi", children: secret || "" })
-      ] }),
-      /* @__PURE__ */ jsxRuntime.jsx(Rule, {}),
-      /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { direction: "column", alignItems: "center", gap: 4, marginTop: 4, marginBottom: 4, children: [
-        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { children: formatMessage({
-          id: index.getTranslation("profile.enter_otp"),
-          defaultMessage: "Enter the 6-digit code from your authenticator app to confirm."
-        }) }),
-        /* @__PURE__ */ jsxRuntime.jsxs(index.InputOTP, { maxLength: 6, name: "otp", id: "otp", autoFocus: true, children: [
-          /* @__PURE__ */ jsxRuntime.jsxs(index.InputOTPGroup, { children: [
-            /* @__PURE__ */ jsxRuntime.jsx(index.InputOTPSlot, { index: 0 }),
-            /* @__PURE__ */ jsxRuntime.jsx(index.InputOTPSlot, { index: 1 }),
-            /* @__PURE__ */ jsxRuntime.jsx(index.InputOTPSlot, { index: 2 })
-          ] }),
-          /* @__PURE__ */ jsxRuntime.jsx(index.InputOTPSeparator, {}),
-          /* @__PURE__ */ jsxRuntime.jsxs(index.InputOTPGroup, { children: [
-            /* @__PURE__ */ jsxRuntime.jsx(index.InputOTPSlot, { index: 3 }),
-            /* @__PURE__ */ jsxRuntime.jsx(index.InputOTPSlot, { index: 4 }),
-            /* @__PURE__ */ jsxRuntime.jsx(index.InputOTPSlot, { index: 5 })
-          ] })
-        ] })
-      ] })
-    ] }) }),
-    /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Modal.Footer, { children: [
-      passcodes && /* @__PURE__ */ jsxRuntime.jsx("span", {}),
-      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Modal.Close, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Button, { variant: passcodes ? void 0 : "tertiary", children: passcodes ? formatMessage({ id: "global.close", defaultMessage: "Close" }) : formatMessage({ id: "app.components.Button.cancel", defaultMessage: "Cancel" }) }) }),
-      !passcodes && /* @__PURE__ */ jsxRuntime.jsx(designSystem.Button, { type: "submit", children: formatMessage({ id: "app.components.Button.confirm", defaultMessage: "Confirm" }) })
-    ] })
-  ] }) }) });
-}
-const Rule = styled__default.default.hr`
-  height: 1px;
-  border: 0;
-  background-color: #e5e5e5;
-`;
 function RemoveModal({ open, onOpenChange, onSubmit }) {
   const { formatMessage } = reactIntl.useIntl();
   const [showRecovery, setShowRecovery] = React.useState(false);
@@ -124,145 +53,6 @@ function RemoveModal({ open, onOpenChange, onSubmit }) {
     ] })
   ] }) }) });
 }
-function EmailOTPModal({
-  mode,
-  open,
-  email,
-  onOpenChange,
-  onSuccess
-}) {
-  const { formatMessage } = reactIntl.useIntl();
-  const [step, setStep] = React.useState("send");
-  const [loading, setLoading] = React.useState(false);
-  const [error, setError] = React.useState(null);
-  const handleOpenChange = (nextOpen) => {
-    if (!nextOpen) {
-      setStep("send");
-      setError(null);
-    }
-    onOpenChange(nextOpen);
-  };
-  const handleSend = async () => {
-    const token = tokenHelpers.getToken();
-    setLoading(true);
-    setError(null);
-    try {
-      const endpoint = mode === "setup" ? "/strapi-identity/enable-email" : "/strapi-identity/disable-email/request";
-      const response = await fetch(endpoint, {
-        method: "POST",
-        headers: { "Content-Type": "application/json", authorization: `Bearer ${token}` }
-      });
-      const body = await response.json();
-      if (!response.ok) {
-        throw new Error(body.error || "Failed to send verification email");
-      }
-      setStep("confirm");
-    } catch (err) {
-      setError(err.message);
-    } finally {
-      setLoading(false);
-    }
-  };
-  const handleConfirm = async (e) => {
-    e.preventDefault();
-    const token = tokenHelpers.getToken();
-    const formData = new FormData(e.target);
-    const code = formData.get("otp");
-    setLoading(true);
-    setError(null);
-    try {
-      const endpoint = mode === "setup" ? "/strapi-identity/setup-email" : "/strapi-identity/disable";
-      const response = await fetch(endpoint, {
-        method: "POST",
-        headers: { "Content-Type": "application/json", authorization: `Bearer ${token}` },
-        body: JSON.stringify({ code })
-      });
-      const body = await response.json();
-      if (!response.ok) {
-        throw new Error(body.error || "Invalid or expired code");
-      }
-      handleOpenChange(false);
-      onSuccess();
-    } catch (err) {
-      setError(err.message);
-    } finally {
-      setLoading(false);
-    }
-  };
-  const title = mode === "setup" ? formatMessage({
-    id: index.getTranslation("email_otp.setup_title"),
-    defaultMessage: "Enable Email OTP"
-  }) : formatMessage({
-    id: index.getTranslation("email_otp.disable_title"),
-    defaultMessage: "Disable Email OTP"
-  });
-  return /* @__PURE__ */ jsxRuntime.jsx(designSystem.Modal.Root, { open, onOpenChange: handleOpenChange, children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Modal.Content, { children: [
-    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Modal.Header, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Modal.Title, { children: title }) }),
-    step === "send" ? /* @__PURE__ */ jsxRuntime.jsxs(jsxRuntime.Fragment, { children: [
-      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Modal.Body, { children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { direction: "column", alignItems: "center", gap: 4, marginTop: 4, marginBottom: 4, children: [
-        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { textAlign: "center", children: mode === "setup" ? formatMessage(
-          {
-            id: index.getTranslation("email_otp.setup_description"),
-            defaultMessage: "We'll send a 6-digit verification code to {email}. Enter it to enable Email OTP."
-          },
-          { email: /* @__PURE__ */ jsxRuntime.jsx("strong", { children: email }) }
-        ) : formatMessage(
-          {
-            id: index.getTranslation("email_otp.disable_description"),
-            defaultMessage: "We'll send a 6-digit verification code to {email}. Enter it to disable Email OTP."
-          },
-          { email: /* @__PURE__ */ jsxRuntime.jsx("strong", { children: email }) }
-        ) }),
-        error ? /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { role: "alert", textColor: "danger600", textAlign: "center", children: error }) : null
-      ] }) }),
-      /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Modal.Footer, { children: [
-        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Modal.Close, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Button, { variant: "tertiary", children: formatMessage({ id: "app.components.Button.cancel", defaultMessage: "Cancel" }) }) }),
-        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Button, { onClick: handleSend, loading, children: formatMessage({
-          id: index.getTranslation("email_otp.send_code"),
-          defaultMessage: "Send verification email"
-        }) })
-      ] })
-    ] }) : /* @__PURE__ */ jsxRuntime.jsxs("form", { onSubmit: handleConfirm, children: [
-      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Modal.Body, { children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { direction: "column", alignItems: "center", gap: 4, marginTop: 4, marginBottom: 4, children: [
-        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { textAlign: "center", children: formatMessage(
-          {
-            id: index.getTranslation("email_otp.confirm_description"),
-            defaultMessage: "Enter the 6-digit code sent to {email}."
-          },
-          { email: /* @__PURE__ */ jsxRuntime.jsx("strong", { children: email }) }
-        ) }),
-        /* @__PURE__ */ jsxRuntime.jsxs(index.InputOTP, { maxLength: 6, name: "otp", id: "otp", autoFocus: true, children: [
-          /* @__PURE__ */ jsxRuntime.jsxs(index.InputOTPGroup, { children: [
-            /* @__PURE__ */ jsxRuntime.jsx(index.InputOTPSlot, { index: 0 }),
-            /* @__PURE__ */ jsxRuntime.jsx(index.InputOTPSlot, { index: 1 }),
-            /* @__PURE__ */ jsxRuntime.jsx(index.InputOTPSlot, { index: 2 })
-          ] }),
-          /* @__PURE__ */ jsxRuntime.jsx(index.InputOTPSeparator, {}),
-          /* @__PURE__ */ jsxRuntime.jsxs(index.InputOTPGroup, { children: [
-            /* @__PURE__ */ jsxRuntime.jsx(index.InputOTPSlot, { index: 3 }),
-            /* @__PURE__ */ jsxRuntime.jsx(index.InputOTPSlot, { index: 4 }),
-            /* @__PURE__ */ jsxRuntime.jsx(index.InputOTPSlot, { index: 5 })
-          ] })
-        ] }),
-        error ? /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { role: "alert", textColor: "danger600", textAlign: "center", children: error }) : null,
-        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Button, { variant: "ghost", type: "button", onClick: () => handleSend(), children: formatMessage({
-          id: index.getTranslation("email_otp.resend_code"),
-          defaultMessage: "Resend code"
-        }) })
-      ] }) }),
-      /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Modal.Footer, { children: [
-        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Modal.Close, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Button, { variant: "tertiary", children: formatMessage({
-          id: "app.components.Button.cancel",
-          defaultMessage: "Cancel"
-        }) }) }),
-        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Button, { type: "submit", loading, children: formatMessage({
-          id: "app.components.Button.confirm",
-          defaultMessage: "Confirm"
-        }) })
-      ] })
-    ] })
-  ] }) });
-}
 const ProfileToggle = () => {
   const { formatMessage } = reactIntl.useIntl();
   const [enabled, setEnabled] = React.useState(null);
@@ -278,7 +68,7 @@ const ProfileToggle = () => {
   const [secret, setSecret] = React.useState(null);
   const [passcodes, setPasscodes] = React.useState(null);
   const handleToggle = async ({ target }) => {
-    const token = tokenHelpers.getToken();
+    const token = index.getToken();
     const enable = target?.checked || false;
     if (!enable && enabled === "full") {
       setDisableDialogOpen(true);
@@ -329,7 +119,7 @@ const ProfileToggle = () => {
     const form = e.target;
     const formData = new FormData(form);
     const code = formData.get("otp");
-    const token = tokenHelpers.getToken();
+    const token = index.getToken();
     try {
       const response = await fetch("/strapi-identity/setup", {
         method: "POST",
@@ -365,7 +155,7 @@ const ProfileToggle = () => {
     const form = e.target;
     const formData = new FormData(form);
     const code = formData.get("otp");
-    const token = tokenHelpers.getToken();
+    const token = index.getToken();
     try {
       const response = await fetch("/strapi-identity/disable", {
         method: "POST",
@@ -388,7 +178,7 @@ const ProfileToggle = () => {
   React.useEffect(() => {
     const ac = new AbortController();
     (async () => {
-      const token = tokenHelpers.getToken();
+      const token = index.getToken();
       try {
         const [statusRes, enabledRes, meRes] = await Promise.all([
           fetch("/strapi-identity/status", {
@@ -541,7 +331,7 @@ const ProfileToggle = () => {
       }
     ),
     /* @__PURE__ */ jsxRuntime.jsx(
-      ConfirmModal,
+      index.ConfirmModal,
       {
         open: modalOpen,
         onOpenChange: handleClose,
@@ -560,7 +350,7 @@ const ProfileToggle = () => {
       }
     ),
     /* @__PURE__ */ jsxRuntime.jsx(
-      EmailOTPModal,
+      index.EmailOTPModal,
       {
         mode: "setup",
         open: emailSetupOpen,
@@ -576,7 +366,7 @@ const ProfileToggle = () => {
       }
     ),
     /* @__PURE__ */ jsxRuntime.jsx(
-      EmailOTPModal,
+      index.EmailOTPModal,
       {
         mode: "disable",
         open: emailDisableOpen,

package/dist/admin/{ProfileToggle-gPuH6dGP.mjs → ProfileToggle-k0d-caPC.mjs}

@@ -1,77 +1,8 @@
 import { jsx, jsxs, Fragment } from "react/jsx-runtime";
 import { useState, useEffect } from "react";
-import { Modal, Flex, Typography, Grid, Button, TextInput, Box, Field, Toggle } from "@strapi/design-system";
-import styled from "styled-components";
-import { g as getTranslation, I as InputOTP, a as InputOTPGroup, b as InputOTPSlot, c as InputOTPSeparator } from "./index-C_4USMnn.mjs";
-import { QRCodeCanvas } from "qrcode.react";
+import { Modal, Flex, Typography, TextInput, Button, Box, Grid, Field, Toggle } from "@strapi/design-system";
+import { a as getTranslation, I as InputOTP, b as InputOTPGroup, c as InputOTPSlot, d as InputOTPSeparator, g as getToken, C as ConfirmModal, E as EmailOTPModal } from "./index-DpIJdETG.mjs";
 import { useIntl } from "react-intl";
-import { g as getToken } from "./tokenHelpers-CKVyT1sz.mjs";
-function ConfirmModal({
-  open,
-  onOpenChange,
-  onSubmit,
-  qrCodeUri,
-  secret,
-  passcodes
-}) {
-  const { formatMessage } = useIntl();
-  return /* @__PURE__ */ jsx(Modal.Root, { open, onOpenChange, children: /* @__PURE__ */ jsx(Modal.Content, { children: /* @__PURE__ */ jsxs("form", { onSubmit, children: [
-    /* @__PURE__ */ jsx(Modal.Header, { children: /* @__PURE__ */ jsx(Modal.Title, { children: formatMessage({
-      id: getTranslation("profile.setup"),
-      defaultMessage: "Set up Two-Factor Authentication"
-    }) }) }),
-    /* @__PURE__ */ jsx(Modal.Body, { children: passcodes ? /* @__PURE__ */ jsxs(Flex, { direction: "column", alignItems: "center", gap: 4, marginTop: 4, marginBottom: 4, children: [
-      /* @__PURE__ */ jsx(Typography, { textAlign: "center", children: formatMessage({
-        id: getTranslation("profile.recovery_codes"),
-        defaultMessage: "Please save the following recovery codes in a safe place. Each code can only be used once to access your account if you lose access to your authenticator app."
-      }) }),
-      /* @__PURE__ */ jsx(Grid.Root, { gap: 4, marginTop: 4, marginBottom: 4, children: passcodes.map((code) => /* @__PURE__ */ jsx(Grid.Item, { col: 6, children: /* @__PURE__ */ jsx(Typography, { variant: "pi", children: code }) }, code)) }),
-      /* @__PURE__ */ jsx(Typography, { variant: "pi", textAlign: "center", children: formatMessage({
-        id: getTranslation("profile.recovery_codes_warning"),
-        defaultMessage: "If you lose both your authenticator app and your recovery codes, you will need to contact an administrator to regain access to your account."
-      }) })
-    ] }) : /* @__PURE__ */ jsxs(Flex, { direction: "column", children: [
-      /* @__PURE__ */ jsxs(Flex, { direction: "column", alignItems: "center", gap: 4, marginTop: 4, marginBottom: 4, children: [
-        /* @__PURE__ */ jsx(Typography, { children: formatMessage({
-          id: getTranslation("profile.scan_qr"),
-          defaultMessage: "You will need an authenticator app to scan the QR code below."
-        }) }),
-        qrCodeUri && /* @__PURE__ */ jsx(QRCodeCanvas, { value: qrCodeUri, size: 256 }),
-        secret && /* @__PURE__ */ jsx(Typography, { variant: "pi", children: secret || "" })
-      ] }),
-      /* @__PURE__ */ jsx(Rule, {}),
-      /* @__PURE__ */ jsxs(Flex, { direction: "column", alignItems: "center", gap: 4, marginTop: 4, marginBottom: 4, children: [
-        /* @__PURE__ */ jsx(Typography, { children: formatMessage({
-          id: getTranslation("profile.enter_otp"),
-          defaultMessage: "Enter the 6-digit code from your authenticator app to confirm."
-        }) }),
-        /* @__PURE__ */ jsxs(InputOTP, { maxLength: 6, name: "otp", id: "otp", autoFocus: true, children: [
-          /* @__PURE__ */ jsxs(InputOTPGroup, { children: [
-            /* @__PURE__ */ jsx(InputOTPSlot, { index: 0 }),
-            /* @__PURE__ */ jsx(InputOTPSlot, { index: 1 }),
-            /* @__PURE__ */ jsx(InputOTPSlot, { index: 2 })
-          ] }),
-          /* @__PURE__ */ jsx(InputOTPSeparator, {}),
-          /* @__PURE__ */ jsxs(InputOTPGroup, { children: [
-            /* @__PURE__ */ jsx(InputOTPSlot, { index: 3 }),
-            /* @__PURE__ */ jsx(InputOTPSlot, { index: 4 }),
-            /* @__PURE__ */ jsx(InputOTPSlot, { index: 5 })
-          ] })
-        ] })
-      ] })
-    ] }) }),
-    /* @__PURE__ */ jsxs(Modal.Footer, { children: [
-      passcodes && /* @__PURE__ */ jsx("span", {}),
-      /* @__PURE__ */ jsx(Modal.Close, { children: /* @__PURE__ */ jsx(Button, { variant: passcodes ? void 0 : "tertiary", children: passcodes ? formatMessage({ id: "global.close", defaultMessage: "Close" }) : formatMessage({ id: "app.components.Button.cancel", defaultMessage: "Cancel" }) }) }),
-      !passcodes && /* @__PURE__ */ jsx(Button, { type: "submit", children: formatMessage({ id: "app.components.Button.confirm", defaultMessage: "Confirm" }) })
-    ] })
-  ] }) }) });
-}
-const Rule = styled.hr`
-  height: 1px;
-  border: 0;
-  background-color: #e5e5e5;
-`;
 function RemoveModal({ open, onOpenChange, onSubmit }) {
   const { formatMessage } = useIntl();
   const [showRecovery, setShowRecovery] = useState(false);
@@ -120,145 +51,6 @@ function RemoveModal({ open, onOpenChange, onSubmit }) {
     ] })
   ] }) }) });
 }
-function EmailOTPModal({
-  mode,
-  open,
-  email,
-  onOpenChange,
-  onSuccess
-}) {
-  const { formatMessage } = useIntl();
-  const [step, setStep] = useState("send");
-  const [loading, setLoading] = useState(false);
-  const [error, setError] = useState(null);
-  const handleOpenChange = (nextOpen) => {
-    if (!nextOpen) {
-      setStep("send");
-      setError(null);
-    }
-    onOpenChange(nextOpen);
-  };
-  const handleSend = async () => {
-    const token = getToken();
-    setLoading(true);
-    setError(null);
-    try {
-      const endpoint = mode === "setup" ? "/strapi-identity/enable-email" : "/strapi-identity/disable-email/request";
-      const response = await fetch(endpoint, {
-        method: "POST",
-        headers: { "Content-Type": "application/json", authorization: `Bearer ${token}` }
-      });
-      const body = await response.json();
-      if (!response.ok) {
-        throw new Error(body.error || "Failed to send verification email");
-      }
-      setStep("confirm");
-    } catch (err) {
-      setError(err.message);
-    } finally {
-      setLoading(false);
-    }
-  };
-  const handleConfirm = async (e) => {
-    e.preventDefault();
-    const token = getToken();
-    const formData = new FormData(e.target);
-    const code = formData.get("otp");
-    setLoading(true);
-    setError(null);
-    try {
-      const endpoint = mode === "setup" ? "/strapi-identity/setup-email" : "/strapi-identity/disable";
-      const response = await fetch(endpoint, {
-        method: "POST",
-        headers: { "Content-Type": "application/json", authorization: `Bearer ${token}` },
-        body: JSON.stringify({ code })
-      });
-      const body = await response.json();
-      if (!response.ok) {
-        throw new Error(body.error || "Invalid or expired code");
-      }
-      handleOpenChange(false);
-      onSuccess();
-    } catch (err) {
-      setError(err.message);
-    } finally {
-      setLoading(false);
-    }
-  };
-  const title = mode === "setup" ? formatMessage({
-    id: getTranslation("email_otp.setup_title"),
-    defaultMessage: "Enable Email OTP"
-  }) : formatMessage({
-    id: getTranslation("email_otp.disable_title"),
-    defaultMessage: "Disable Email OTP"
-  });
-  return /* @__PURE__ */ jsx(Modal.Root, { open, onOpenChange: handleOpenChange, children: /* @__PURE__ */ jsxs(Modal.Content, { children: [
-    /* @__PURE__ */ jsx(Modal.Header, { children: /* @__PURE__ */ jsx(Modal.Title, { children: title }) }),
-    step === "send" ? /* @__PURE__ */ jsxs(Fragment, { children: [
-      /* @__PURE__ */ jsx(Modal.Body, { children: /* @__PURE__ */ jsxs(Flex, { direction: "column", alignItems: "center", gap: 4, marginTop: 4, marginBottom: 4, children: [
-        /* @__PURE__ */ jsx(Typography, { textAlign: "center", children: mode === "setup" ? formatMessage(
-          {
-            id: getTranslation("email_otp.setup_description"),
-            defaultMessage: "We'll send a 6-digit verification code to {email}. Enter it to enable Email OTP."
-          },
-          { email: /* @__PURE__ */ jsx("strong", { children: email }) }
-        ) : formatMessage(
-          {
-            id: getTranslation("email_otp.disable_description"),
-            defaultMessage: "We'll send a 6-digit verification code to {email}. Enter it to disable Email OTP."
-          },
-          { email: /* @__PURE__ */ jsx("strong", { children: email }) }
-        ) }),
-        error ? /* @__PURE__ */ jsx(Typography, { role: "alert", textColor: "danger600", textAlign: "center", children: error }) : null
-      ] }) }),
-      /* @__PURE__ */ jsxs(Modal.Footer, { children: [
-        /* @__PURE__ */ jsx(Modal.Close, { children: /* @__PURE__ */ jsx(Button, { variant: "tertiary", children: formatMessage({ id: "app.components.Button.cancel", defaultMessage: "Cancel" }) }) }),
-        /* @__PURE__ */ jsx(Button, { onClick: handleSend, loading, children: formatMessage({
-          id: getTranslation("email_otp.send_code"),
-          defaultMessage: "Send verification email"
-        }) })
-      ] })
-    ] }) : /* @__PURE__ */ jsxs("form", { onSubmit: handleConfirm, children: [
-      /* @__PURE__ */ jsx(Modal.Body, { children: /* @__PURE__ */ jsxs(Flex, { direction: "column", alignItems: "center", gap: 4, marginTop: 4, marginBottom: 4, children: [
-        /* @__PURE__ */ jsx(Typography, { textAlign: "center", children: formatMessage(
-          {
-            id: getTranslation("email_otp.confirm_description"),
-            defaultMessage: "Enter the 6-digit code sent to {email}."
-          },
-          { email: /* @__PURE__ */ jsx("strong", { children: email }) }
-        ) }),
-        /* @__PURE__ */ jsxs(InputOTP, { maxLength: 6, name: "otp", id: "otp", autoFocus: true, children: [
-          /* @__PURE__ */ jsxs(InputOTPGroup, { children: [
-            /* @__PURE__ */ jsx(InputOTPSlot, { index: 0 }),
-            /* @__PURE__ */ jsx(InputOTPSlot, { index: 1 }),
-            /* @__PURE__ */ jsx(InputOTPSlot, { index: 2 })
-          ] }),
-          /* @__PURE__ */ jsx(InputOTPSeparator, {}),
-          /* @__PURE__ */ jsxs(InputOTPGroup, { children: [
-            /* @__PURE__ */ jsx(InputOTPSlot, { index: 3 }),
-            /* @__PURE__ */ jsx(InputOTPSlot, { index: 4 }),
-            /* @__PURE__ */ jsx(InputOTPSlot, { index: 5 })
-          ] })
-        ] }),
-        error ? /* @__PURE__ */ jsx(Typography, { role: "alert", textColor: "danger600", textAlign: "center", children: error }) : null,
-        /* @__PURE__ */ jsx(Button, { variant: "ghost", type: "button", onClick: () => handleSend(), children: formatMessage({
-          id: getTranslation("email_otp.resend_code"),
-          defaultMessage: "Resend code"
-        }) })
-      ] }) }),
-      /* @__PURE__ */ jsxs(Modal.Footer, { children: [
-        /* @__PURE__ */ jsx(Modal.Close, { children: /* @__PURE__ */ jsx(Button, { variant: "tertiary", children: formatMessage({
-          id: "app.components.Button.cancel",
-          defaultMessage: "Cancel"
-        }) }) }),
-        /* @__PURE__ */ jsx(Button, { type: "submit", loading, children: formatMessage({
-          id: "app.components.Button.confirm",
-          defaultMessage: "Confirm"
-        }) })
-      ] })
-    ] })
-  ] }) });
-}
 const ProfileToggle = () => {
   const { formatMessage } = useIntl();
   const [enabled, setEnabled] = useState(null);

package/dist/admin/{SettingsPage-DulEjadb.js → SettingsPage-DVVkN1xw.js}

@@ -6,8 +6,7 @@ const WarningAlert = require("./WarningAlert-DFE5euMk.js");
 const admin = require("@strapi/strapi/admin");
 const designSystem = require("@strapi/design-system");
 const icons = require("@strapi/icons");
-const index = require("./index-C9K2h5UC.js");
-const tokenHelpers = require("./tokenHelpers-B54WRTn1.js");
+const index = require("./index-B9P8S4CX.js");
 const reactIntl = require("react-intl");
 var commonjsGlobal = typeof globalThis !== "undefined" ? globalThis : typeof window !== "undefined" ? window : typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : {};
 var lodash$1 = { exports: {} };
@@ -5611,7 +5610,6 @@ function SettingsPage() {
     setSaving(true);
     const formData = new FormData(event.currentTarget);
     const values = getConfigFromForm(formData);
-    console.log(formData, values);
     if (initialConfig?.enabled && !values.enabled && !confirmed) {
       setShowWarning(true);
       setSaving(false);
@@ -5623,7 +5621,7 @@ function SettingsPage() {
       return;
     }
     try {
-      const token = tokenHelpers.getToken();
+      const token = index.getToken();
       const response = await fetch("/strapi-identity/config", {
         method: "PUT",
         headers: {
@@ -5659,7 +5657,7 @@ function SettingsPage() {
   };
   React.useEffect(() => {
     const ac = new AbortController();
-    const token = tokenHelpers.getToken();
+    const token = index.getToken();
     (async () => {
       try {
         const response = await fetch("/strapi-identity/config", {
@@ -5775,7 +5773,6 @@ function SettingsPage() {
                         designSystem.Toggle,
                         {
                           name: "enforce",
-                          disabled: true,
                           checked: enforce,
                           onChange: ({ target }) => setEnforce(target.checked),
                           offLabel: formatMessage({

package/dist/admin/{SettingsPage-DgPikS3m.mjs → SettingsPage-Dm_llkYv.mjs}

@@ -4,8 +4,7 @@ import { W as WarningAlert } from "./WarningAlert-VU011LVF.mjs";
 import { useNotification, Page, Layouts } from "@strapi/strapi/admin";
 import { Button, Flex, Typography, Grid, Field, Toggle, TextInput, Textarea } from "@strapi/design-system";
 import { Check } from "@strapi/icons";
-import { g as getTranslation } from "./index-C_4USMnn.mjs";
-import { g as getToken } from "./tokenHelpers-CKVyT1sz.mjs";
+import { g as getToken, a as getTranslation } from "./index-DpIJdETG.mjs";
 import { useIntl } from "react-intl";
 var commonjsGlobal = typeof globalThis !== "undefined" ? globalThis : typeof window !== "undefined" ? window : typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : {};
 var lodash$1 = { exports: {} };
@@ -5609,7 +5608,6 @@ function SettingsPage() {
     setSaving(true);
     const formData = new FormData(event.currentTarget);
     const values = getConfigFromForm(formData);
-    console.log(formData, values);
     if (initialConfig?.enabled && !values.enabled && !confirmed) {
       setShowWarning(true);
       setSaving(false);
@@ -5773,7 +5771,6 @@ function SettingsPage() {
                         Toggle,
                         {
                           name: "enforce",
-                          disabled: true,
                           checked: enforce,
                           onChange: ({ target }) => setEnforce(target.checked),
                           offLabel: formatMessage({