strapi-identity 0.4.2 → 0.5.0

package/dist/admin/{AdminReset-BiWQDTRv.js → AdminReset-BoWx0F06.js}

@@ -4,7 +4,7 @@ const jsxRuntime = require("react/jsx-runtime");
 const React = require("react");
 const WarningAlert = require("./WarningAlert-DFE5euMk.js");
 const designSystem = require("@strapi/design-system");
-const index = require("./index-B9P8S4CX.js");
+const index = require("./index-BeqHh5Gz.js");
 const reactIntl = require("react-intl");
 const AdminReset = ({ id }) => {
   const { formatMessage } = reactIntl.useIntl();

package/dist/admin/{AdminReset-DOmsyqwQ.mjs → AdminReset-D4NNnBDS.mjs}

@@ -2,7 +2,7 @@ import { jsxs, Fragment, jsx } from "react/jsx-runtime";
 import { useState, useEffect } from "react";
 import { W as WarningAlert } from "./WarningAlert-VU011LVF.mjs";
 import { Box, Flex, Typography, Grid, Button } from "@strapi/design-system";
-import { g as getToken, a as getTranslation } from "./index-DpIJdETG.mjs";
+import { g as getToken, a as getTranslation } from "./index-CKG2ZxYT.mjs";
 import { useIntl } from "react-intl";
 const AdminReset = ({ id }) => {
   const { formatMessage } = useIntl();

package/dist/admin/{ProfileToggle-BUqs_hxZ.js → ProfileToggle-DtjyJRWN.js}

@@ -3,7 +3,7 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const jsxRuntime = require("react/jsx-runtime");
 const React = require("react");
 const designSystem = require("@strapi/design-system");
-const index = require("./index-B9P8S4CX.js");
+const index = require("./index-BeqHh5Gz.js");
 const reactIntl = require("react-intl");
 function RemoveModal({ open, onOpenChange, onSubmit }) {
   const { formatMessage } = reactIntl.useIntl();

package/dist/admin/{ProfileToggle-k0d-caPC.mjs → ProfileToggle-NJZgrDT_.mjs}

@@ -1,7 +1,7 @@
 import { jsx, jsxs, Fragment } from "react/jsx-runtime";
 import { useState, useEffect } from "react";
 import { Modal, Flex, Typography, TextInput, Button, Box, Grid, Field, Toggle } from "@strapi/design-system";
-import { a as getTranslation, I as InputOTP, b as InputOTPGroup, c as InputOTPSlot, d as InputOTPSeparator, g as getToken, C as ConfirmModal, E as EmailOTPModal } from "./index-DpIJdETG.mjs";
+import { a as getTranslation, I as InputOTP, b as InputOTPGroup, c as InputOTPSlot, d as InputOTPSeparator, g as getToken, C as ConfirmModal, E as EmailOTPModal } from "./index-CKG2ZxYT.mjs";
 import { useIntl } from "react-intl";
 function RemoveModal({ open, onOpenChange, onSubmit }) {
   const { formatMessage } = useIntl();

package/dist/admin/{SettingsPage-DVVkN1xw.js → SettingsPage-BXl7gVGV.js}

@@ -6,7 +6,7 @@ const WarningAlert = require("./WarningAlert-DFE5euMk.js");
 const admin = require("@strapi/strapi/admin");
 const designSystem = require("@strapi/design-system");
 const icons = require("@strapi/icons");
-const index = require("./index-B9P8S4CX.js");
+const index = require("./index-BeqHh5Gz.js");
 const reactIntl = require("react-intl");
 var commonjsGlobal = typeof globalThis !== "undefined" ? globalThis : typeof window !== "undefined" ? window : typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : {};
 var lodash$1 = { exports: {} };

package/dist/admin/{SettingsPage-Dm_llkYv.mjs → SettingsPage-CZuOMYvG.mjs}

@@ -4,7 +4,7 @@ import { W as WarningAlert } from "./WarningAlert-VU011LVF.mjs";
 import { useNotification, Page, Layouts } from "@strapi/strapi/admin";
 import { Button, Flex, Typography, Grid, Field, Toggle, TextInput, Textarea } from "@strapi/design-system";
 import { Check } from "@strapi/icons";
-import { g as getToken, a as getTranslation } from "./index-DpIJdETG.mjs";
+import { g as getToken, a as getTranslation } from "./index-CKG2ZxYT.mjs";
 import { useIntl } from "react-intl";
 var commonjsGlobal = typeof globalThis !== "undefined" ? globalThis : typeof window !== "undefined" ? window : typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : {};
 var lodash$1 = { exports: {} };

package/dist/admin/{index-B9P8S4CX.js → index-BeqHh5Gz.js}

@@ -1370,7 +1370,8 @@ const VerifyPage = ({ fallbackIcon }) => {
           `${response.status} ${response.statusText}: ${data.error || "Unknown error"}`
         );
       }
-      const target = new URLSearchParams(window.location.search).get("redirectTo") || "/admin";
+      const rawTarget = new URLSearchParams(window.location.search).get("redirectTo") || "/admin";
+      const target = rawTarget.startsWith("/") ? rawTarget : "/admin";
       window.location.replace(target);
     } catch (error2) {
       setError(
@@ -1383,20 +1384,26 @@ const VerifyPage = ({ fallbackIcon }) => {
     }
   };
   React.useEffect(() => {
-    const mfaToken = document.cookie.split("; ").reduce((acc, cookie) => {
-      const [name, value] = cookie.split("=");
-      return name === "strapi_admin_mfa" ? value.trim() : acc;
-    }, null);
-    if (auth?.token || !mfaToken) {
+    if (auth?.token) {
       window.location.replace("/admin");
       return;
     }
-    try {
-      const payloadBase64 = mfaToken.split(".")[1];
-      const decoded = JSON.parse(atob(payloadBase64));
-      setMfaType(decoded.mfaType || null);
-    } catch {
-    }
+    const ac = new AbortController();
+    (async () => {
+      try {
+        const response = await fetch("/strapi-identity/verify/info", { signal: ac.signal });
+        if (!response.ok) {
+          window.location.replace("/admin");
+          return;
+        }
+        const data = await response.json();
+        setMfaType(data.data?.mfaType || null);
+      } catch (error2) {
+        if (error2 instanceof DOMException && error2.name === "AbortError") return;
+        window.location.replace("/admin");
+      }
+    })();
+    return () => ac.abort();
   }, [auth?.token]);
   const handleResend = async () => {
     setResendLoading(true);
@@ -1958,7 +1965,7 @@ const plugin = {
       },
       id: "strapi-identity-settings",
       to: `/${PLUGIN_ID}`,
-      Component: () => Promise.resolve().then(() => require("./SettingsPage-DVVkN1xw.js")),
+      Component: () => Promise.resolve().then(() => require("./SettingsPage-BXl7gVGV.js")),
       permissions: [{ action: "plugin::strapi-identity.settings.update" }]
     });
     app.addMiddlewares([mfaRedirect]);
@@ -1967,14 +1974,14 @@ const plugin = {
       id: "profile-toggle",
       route: "/admin/me",
       selector: '#main-content form[method="put"] > :nth-child(2) > div > div > div:nth-child(2)',
-      Component: () => Promise.resolve().then(() => require("./ProfileToggle-BUqs_hxZ.js"))
+      Component: () => Promise.resolve().then(() => require("./ProfileToggle-DtjyJRWN.js"))
     });
     injections.registerRoute({
       id: "admin-reset",
       route: "/admin/settings/users/:id",
       selector: '#main-content form[method="put"] > :nth-child(2) > div > div:nth-child(2)',
       permissions: [{ action: "plugin::strapi-identity.settings.update" }],
-      Component: () => Promise.resolve().then(() => require("./AdminReset-BiWQDTRv.js"))
+      Component: () => Promise.resolve().then(() => require("./AdminReset-BoWx0F06.js"))
     });
     InjectVerify(app);
     InjectEnforced(app);

package/dist/admin/{index-DpIJdETG.mjs → index-CKG2ZxYT.mjs}

@@ -1350,7 +1350,8 @@ const VerifyPage = ({ fallbackIcon }) => {
           `${response.status} ${response.statusText}: ${data.error || "Unknown error"}`
         );
       }
-      const target = new URLSearchParams(window.location.search).get("redirectTo") || "/admin";
+      const rawTarget = new URLSearchParams(window.location.search).get("redirectTo") || "/admin";
+      const target = rawTarget.startsWith("/") ? rawTarget : "/admin";
       window.location.replace(target);
     } catch (error2) {
       setError(
@@ -1363,20 +1364,26 @@ const VerifyPage = ({ fallbackIcon }) => {
     }
   };
   useEffect(() => {
-    const mfaToken = document.cookie.split("; ").reduce((acc, cookie) => {
-      const [name, value] = cookie.split("=");
-      return name === "strapi_admin_mfa" ? value.trim() : acc;
-    }, null);
-    if (auth?.token || !mfaToken) {
+    if (auth?.token) {
       window.location.replace("/admin");
       return;
     }
-    try {
-      const payloadBase64 = mfaToken.split(".")[1];
-      const decoded = JSON.parse(atob(payloadBase64));
-      setMfaType(decoded.mfaType || null);
-    } catch {
-    }
+    const ac = new AbortController();
+    (async () => {
+      try {
+        const response = await fetch("/strapi-identity/verify/info", { signal: ac.signal });
+        if (!response.ok) {
+          window.location.replace("/admin");
+          return;
+        }
+        const data = await response.json();
+        setMfaType(data.data?.mfaType || null);
+      } catch (error2) {
+        if (error2 instanceof DOMException && error2.name === "AbortError") return;
+        window.location.replace("/admin");
+      }
+    })();
+    return () => ac.abort();
   }, [auth?.token]);
   const handleResend = async () => {
     setResendLoading(true);
@@ -1938,7 +1945,7 @@ const plugin = {
       },
       id: "strapi-identity-settings",
       to: `/${PLUGIN_ID}`,
-      Component: () => import("./SettingsPage-Dm_llkYv.mjs"),
+      Component: () => import("./SettingsPage-CZuOMYvG.mjs"),
       permissions: [{ action: "plugin::strapi-identity.settings.update" }]
     });
     app.addMiddlewares([mfaRedirect]);
@@ -1947,14 +1954,14 @@ const plugin = {
       id: "profile-toggle",
       route: "/admin/me",
       selector: '#main-content form[method="put"] > :nth-child(2) > div > div > div:nth-child(2)',
-      Component: () => import("./ProfileToggle-k0d-caPC.mjs")
+      Component: () => import("./ProfileToggle-NJZgrDT_.mjs")
     });
     injections.registerRoute({
       id: "admin-reset",
       route: "/admin/settings/users/:id",
       selector: '#main-content form[method="put"] > :nth-child(2) > div > div:nth-child(2)',
       permissions: [{ action: "plugin::strapi-identity.settings.update" }],
-      Component: () => import("./AdminReset-DOmsyqwQ.mjs")
+      Component: () => import("./AdminReset-D4NNnBDS.mjs")
     });
     InjectVerify(app);
     InjectEnforced(app);

package/dist/admin/index.js

@@ -1,5 +1,5 @@
 "use strict";
 Object.defineProperties(exports, { __esModule: { value: true }, [Symbol.toStringTag]: { value: "Module" } });
-const index = require("./index-B9P8S4CX.js");
+const index = require("./index-BeqHh5Gz.js");
 require("strapi-admin-portal");
 exports.default = index.plugin;

package/dist/admin/index.mjs

@@ -1,4 +1,4 @@
-import { p } from "./index-DpIJdETG.mjs";
+import { p } from "./index-CKG2ZxYT.mjs";
 import "strapi-admin-portal";
 export {
   p as default

package/dist/admin/src/components/ConfirmModal/ConfirmModal.d.ts

@@ -0,0 +1,9 @@
+export interface ConfirmModalProps {
+    open?: boolean;
+    onOpenChange?: (open: boolean) => void;
+    onSubmit?: React.FormEventHandler<HTMLFormElement>;
+    qrCodeUri?: string | null;
+    secret?: string | null;
+    passcodes?: string[] | null;
+}
+export default function ConfirmModal({ open, onOpenChange, onSubmit, qrCodeUri, secret, passcodes, }: ConfirmModalProps): import("react/jsx-runtime").JSX.Element;

package/dist/admin/src/components/ConfirmModal/index.d.ts

@@ -0,0 +1 @@
+export { default, type ConfirmModalProps } from './ConfirmModal';

package/dist/admin/src/components/EmailOTPModal/EmailOTPModal.d.ts

@@ -0,0 +1,8 @@
+export interface EmailOTPModalProps {
+    mode: 'setup' | 'disable';
+    open: boolean;
+    email: string;
+    onOpenChange: (open: boolean) => void;
+    onSuccess: () => void;
+}
+export default function EmailOTPModal({ mode, open, email, onOpenChange, onSuccess, }: EmailOTPModalProps): import("react/jsx-runtime").JSX.Element;

package/dist/admin/src/components/Initializer.d.ts

@@ -0,0 +1,5 @@
+type InitializerProps = {
+    setPlugin: (id: string) => void;
+};
+declare const Initializer: ({ setPlugin }: InitializerProps) => null;
+export { Initializer };

package/dist/admin/src/components/InputOTP.d.ts

@@ -0,0 +1,11 @@
+import { OTPInput } from 'input-otp';
+import * as React from 'react';
+declare function InputOTP({ className, containerClassName, ...props }: React.ComponentPropsWithoutRef<typeof OTPInput> & {
+    containerClassName?: string;
+}): import("react/jsx-runtime").JSX.Element;
+declare function InputOTPGroup({ className, ...props }: React.ComponentProps<'div'>): import("react/jsx-runtime").JSX.Element;
+declare function InputOTPSlot({ index, className, ...props }: React.ComponentProps<'div'> & {
+    index: number;
+}): import("react/jsx-runtime").JSX.Element;
+declare function InputOTPSeparator({ ...props }: React.ComponentProps<'div'>): import("react/jsx-runtime").JSX.Element;
+export { InputOTP, InputOTPGroup, InputOTPSlot, InputOTPSeparator };

package/dist/admin/src/components/RemoveModal/RemoveModal.d.ts

@@ -0,0 +1,6 @@
+export interface RemoveModalProps {
+    open: boolean;
+    onOpenChange: (open: boolean) => void;
+    onSubmit: React.FormEventHandler<HTMLFormElement>;
+}
+export default function RemoveModal({ open, onOpenChange, onSubmit }: RemoveModalProps): import("react/jsx-runtime").JSX.Element;

package/dist/admin/src/components/RemoveModal/index.d.ts

@@ -0,0 +1 @@
+export { default, type RemoveModalProps } from './RemoveModal';

package/dist/admin/src/components/WarningAlert/WarningAlert.d.ts

@@ -0,0 +1,10 @@
+export interface WarningAlertProps {
+    open: boolean;
+    title?: string;
+    children: React.ReactNode;
+    confirmText?: string;
+    loading?: boolean;
+    onConfirm: () => void;
+    onCancel: () => void;
+}
+export default function WarningAlert({ open, title, children, confirmText, loading, onConfirm, onCancel, }: WarningAlertProps): import("react/jsx-runtime").JSX.Element;

package/dist/admin/src/components/WarningAlert/index.d.ts

@@ -0,0 +1 @@
+export { default, type WarningAlertProps } from './WarningAlert';

package/dist/admin/src/injection/AdminReset.d.ts

@@ -0,0 +1,4 @@
+declare const AdminReset: ({ id }: {
+    id?: string;
+}) => import("react/jsx-runtime").JSX.Element;
+export default AdminReset;

package/dist/admin/src/injection/ProfileToggle.d.ts

@@ -0,0 +1,2 @@
+declare const ProfileToggle: () => import("react/jsx-runtime").JSX.Element | null;
+export default ProfileToggle;

package/dist/admin/src/pages/EnforcedPage.d.ts

@@ -0,0 +1,13 @@
+import { StrapiApp } from '@strapi/strapi/admin';
+import { RouteObject } from 'react-router-dom';
+export interface InjectPublicRouter extends Omit<StrapiApp['router'], 'router'> {
+    router: {
+        routes: RouteObject[];
+    };
+}
+/**
+ * Inject the enforced MFA page route into the Strapi admin router
+ */
+export declare const InjectEnforced: (app: StrapiApp) => Promise<void>;
+declare const EnforcedPage: () => import("react/jsx-runtime").JSX.Element | null;
+export { EnforcedPage };

package/dist/admin/src/pluginId.d.ts

@@ -0,0 +1 @@
+export declare const PLUGIN_ID = "strapi-identity";

package/dist/admin/src/public/VerifyPage.d.ts

@@ -0,0 +1,12 @@
+import { StrapiApp } from '@strapi/strapi/admin';
+import { RouteObject } from 'react-router-dom';
+export interface InjectPublicRouter extends Omit<StrapiApp['router'], 'router'> {
+    router: {
+        routes: RouteObject[];
+    };
+}
+/**
+ * Inject the verify page route into the Strapi router
+ * @param router StrapiApp router instance
+ */
+export declare const InjectVerify: (app: StrapiApp) => Promise<void>;

package/dist/admin/src/settings/SettingsPage.d.ts

@@ -0,0 +1 @@
+export default function SettingsPage(): import("react/jsx-runtime").JSX.Element;

package/dist/admin/src/utils/getTranslation.d.ts

@@ -0,0 +1,2 @@
+declare const getTranslation: (id: string) => string;
+export { getTranslation };

package/dist/admin/src/utils/tokenHelpers.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Retrieves the value of a specified cookie.
+ *
+ * @param name - The name of the cookie to retrieve.
+ * @returns The decoded cookie value if found, otherwise null.
+ */
+export declare const getCookieValue: (name: string) => string | null;
+/**
+ * Retrieves the JWT token from localStorage or cookies.
+ * @returns The JWT token if found, otherwise null.
+ */
+export declare const getToken: () => string | null;

package/dist/server/index.js

@@ -9650,7 +9650,7 @@ const replaceLogin = (route2, secret2, domain) => {
           await strapi.service("plugin::strapi-identity.email").send(adminUser.email, otp);
         }
       } catch (err) {
-        console.log("Error sending login email OTP:", err);
+        strapi.log.error("Error sending login email OTP");
       }
     }
     ctx.res.removeHeader("set-cookie");
@@ -9664,7 +9664,7 @@ const replaceLogin = (route2, secret2, domain) => {
     const newToken = jwt.sign(newPayload, secret2, { expiresIn: "5m" });
     const expires = new Date(Date.now() + 5 * 60 * 1e3);
     const secure = strapi.config.get("admin.auth.cookie.secure") ?? process.env.NODE_ENV === "production";
-    const opt = { domain, httpOnly: false, overwrite: true, secure, expires };
+    const opt = { domain, httpOnly: true, overwrite: true, secure, expires };
     ctx.cookies.set("strapi_admin_mfa", newToken, opt);
     ctx.body.data = { data: {}, error: null };
   });
@@ -9710,7 +9710,6 @@ const registerMiddlewares = (server) => {
       "/admin/users/me",
       "/strapi-identity/status",
       "/strapi-identity/config",
-      "/strapi-identity/config/enabled",
       "/strapi-identity/enable",
       "/strapi-identity/setup",
       "/strapi-identity/enable-email",
@@ -9718,7 +9717,6 @@ const registerMiddlewares = (server) => {
     ];
     const isAllowed = allowedPaths.includes(ctx.path) || // Static assets (JS, CSS, images, fonts, sourcemaps)
     /\.(mjs|js|css|png|jpg|jpeg|gif|svg|ico|woff2?|ttf|eot|map)(\?.*)?$/.test(ctx.path) || ctx.path.startsWith("/admin/@") || ctx.path.startsWith("/admin/src/");
-    if (!isAllowed) console.log(ctx.path);
     if (!isAllowed) {
       if (ctx.accepts("html") && ctx.path.startsWith("/admin")) {
         ctx.redirect("/admin/strapi-identity/enforced");
@@ -9845,7 +9843,7 @@ const config$2 = ({ strapi: strapi2 }) => ({
       ctx.status = 200;
       ctx.body = { data: enabled, error: null };
     } catch (error) {
-      console.log("Error checking if Strapi Identity is enabled:", error);
+      strapi2.log.error("Error checking if Strapi Identity is enabled");
       ctx.status = 500;
       ctx.body = { data: null, error: "Server Error" };
     }
@@ -9856,18 +9854,7 @@ const config$2 = ({ strapi: strapi2 }) => ({
       ctx.status = 200;
       ctx.body = { data: config2, error: null };
     } catch (error) {
-      console.log("Error getting config:", error);
-      ctx.status = 500;
-      ctx.body = { data: null, error: "Server Error" };
-    }
-  },
-  async getEmailStatus(ctx) {
-    try {
-      const emailService = strapi2.config.get("plugin::email");
-      ctx.status = 200;
-      ctx.body = { data: emailService, error: null };
-    } catch (error) {
-      console.log("Error getting email status:", error);
+      strapi2.log.error("Error getting config");
       ctx.status = 500;
       ctx.body = { data: null, error: "Server Error" };
     }
@@ -9879,7 +9866,7 @@ const config$2 = ({ strapi: strapi2 }) => ({
       ctx.status = 200;
       ctx.body = { data: updatedConfig, error: null };
     } catch (error) {
-      console.log("Error updating config:", error);
+      strapi2.log.error("Error updating config");
       ctx.status = 500;
       ctx.body = { data: null, error: "Server Error" };
     }
@@ -9931,6 +9918,18 @@ const buildCookieOptionsWithExpiry = (type, absoluteExpiresAtISO, secureRequest)
   return { ...base, expires: chosen, maxAge: Math.max(0, chosen.getTime() - now) };
 };
 const controller = ({ strapi: strapi2 }) => ({
+  async verifyInfo(ctx) {
+    const secret2 = strapi2.config.get("admin.auth.secret");
+    const token = ctx.cookies.get("strapi_admin_mfa");
+    try {
+      const payload = jwt.verify(token, secret2);
+      ctx.status = 200;
+      ctx.body = { data: { mfaType: payload.mfaType || null }, error: null };
+    } catch {
+      ctx.status = 401;
+      ctx.body = { data: null, error: "Invalid or expired MFA session" };
+    }
+  },
   async verify(ctx) {
     const sessionManager = strapi2.sessionManager;
     const secret2 = strapi2.config.get("admin.auth.secret");
@@ -9977,7 +9976,7 @@ const controller = ({ strapi: strapi2 }) => ({
         error: null
       };
     } catch (error) {
-      console.log("Error verifying MFA code:", error);
+      strapi2.log.error("Error verifying MFA code");
       ctx.status = 500;
       ctx.body = { data: null, error: "Server Error" };
     }
@@ -10000,7 +9999,7 @@ const controller = ({ strapi: strapi2 }) => ({
         ctx.body = { data: { message: "MFA disabled" }, error: null };
       }
     } catch (error) {
-      console.log("Error enabling/disabling MFA:", error);
+      strapi2.log.error("Error enabling/disabling MFA");
       ctx.status = 500;
       ctx.body = { data: null, error: "Failed to update MFA" };
     }
@@ -10045,7 +10044,7 @@ const controller = ({ strapi: strapi2 }) => ({
       ctx.status = 200;
       ctx.body = { data: { message: "MFA disabled" }, error: null };
     } catch (error) {
-      console.log("Error disabling MFA:", error);
+      strapi2.log.error("Error disabling MFA");
       ctx.status = 500;
       ctx.body = { data: null, error: "Failed to disable MFA" };
     }
@@ -10073,7 +10072,7 @@ const controller = ({ strapi: strapi2 }) => ({
       ctx.status = 200;
       ctx.body = { data: { message: "Verification email sent" }, error: null };
     } catch (error) {
-      console.log("Error initiating email MFA setup:", error);
+      strapi2.log.error("Error initiating email MFA setup");
       ctx.status = 500;
       ctx.body = { data: null, error: "Failed to initiate email MFA setup" };
     }
@@ -10093,7 +10092,7 @@ const controller = ({ strapi: strapi2 }) => ({
       ctx.status = 200;
       ctx.body = { data: { message: "Email OTP enabled" }, error: null };
     } catch (error) {
-      console.log("Error completing email MFA setup:", error);
+      strapi2.log.error("Error completing email MFA setup");
       ctx.status = 500;
       ctx.body = { data: null, error: "Failed to enable email MFA" };
     }
@@ -10114,7 +10113,7 @@ const controller = ({ strapi: strapi2 }) => ({
       ctx.status = 200;
       ctx.body = { data: { message: "Verification email sent" }, error: null };
     } catch (error) {
-      console.log("Error sending disable email OTP:", error);
+      strapi2.log.error("Error sending disable email OTP");
       ctx.status = 500;
       ctx.body = { data: null, error: "Failed to send verification email" };
     }
@@ -10142,7 +10141,7 @@ const controller = ({ strapi: strapi2 }) => ({
       ctx.status = 200;
       ctx.body = { data: { message: "Verification email resent" }, error: null };
     } catch (error) {
-      console.log("Error resending login email OTP:", error);
+      strapi2.log.error("Error resending login email OTP");
       ctx.status = 500;
       ctx.body = { data: null, error: "Failed to resend verification email" };
     }
@@ -10228,35 +10227,40 @@ const config$1 = [
       pluginName: "strapi-identity",
       type: "content-api"
     },
-    config: {}
-  },
-  {
-    method: "GET",
-    path: "/config",
-    handler: "config.getConfig",
-    info: {
-      apiName: "getConfig",
-      pluginName: "strapi-identity",
-      type: "content-api"
-    },
     config: {
       policies: [
-        "admin::isAuthenticatedAdmin"
+        "admin::isAuthenticatedAdmin",
+        {
+          name: "admin::hasPermissions",
+          config: {
+            actions: [
+              "plugin::strapi-identity.settings.read"
+            ]
+          }
+        }
       ]
     }
   },
   {
     method: "GET",
-    path: "/config/email",
-    handler: "config.getEmailStatus",
+    path: "/config",
+    handler: "config.getConfig",
     info: {
-      apiName: "getEmailStatus",
+      apiName: "getConfig",
       pluginName: "strapi-identity",
       type: "content-api"
     },
     config: {
       policies: [
-        "admin::isAuthenticatedAdmin"
+        "admin::isAuthenticatedAdmin",
+        {
+          name: "admin::hasPermissions",
+          config: {
+            actions: [
+              "plugin::strapi-identity.settings.read"
+            ]
+          }
+        }
       ]
     }
   },
@@ -10285,6 +10289,22 @@ const config$1 = [
   }
 ];
 const mfa = [
+  {
+    method: "GET",
+    path: "/verify/info",
+    handler: "controller.verifyInfo",
+    info: {
+      apiName: "verifyInfo",
+      pluginName: "strapi-identity",
+      type: "content-api"
+    },
+    config: {
+      auth: false,
+      policies: [
+        "has-mfa"
+      ]
+    }
+  },
   {
     method: "POST",
     path: "/verify",
@@ -10298,6 +10318,9 @@ const mfa = [
       auth: false,
       policies: [
         "has-mfa"
+      ],
+      middlewares: [
+        "admin::rateLimit"
       ]
     }
   },
@@ -10358,7 +10381,8 @@ const mfa = [
       auth: false,
       policies: [
         "has-mfa"
-      ]
+      ],
+      middlewares: []
     }
   },
   {
@@ -10407,7 +10431,7 @@ const isEnabled$1 = (id) => {
   try {
     return mfaToken2.count({ where: { admin_user: { id }, enabled: true } }).then((count) => count > 0);
   } catch (error) {
-    console.log("Error checking if 2FA is enabled for user:", error);
+    strapi.log.error("Error checking if 2FA is enabled for user");
     return false;
   }
 };
@@ -10424,7 +10448,7 @@ const reset = async (id) => {
       existingTemp ? mfaTemp2.delete({ documentId: existingTemp.documentId }) : null
     ]);
   } catch (error) {
-    console.log("Error resetting 2FA for user:", error);
+    strapi.log.error("Error resetting 2FA for user");
     throw new Error("Failed to reset 2FA for user");
   }
 };
@@ -10488,7 +10512,7 @@ const disableEmailMFAForAllUsers = async () => {
       )
     ]);
   } catch (err) {
-    console.log("Error disabling email MFA for all users:", err);
+    strapi.log.error("Error disabling email MFA for all users");
   }
 };
 const disableMFAForAllUsers = async () => {
@@ -10504,7 +10528,7 @@ const disableMFAForAllUsers = async () => {
       ...temps.map((temp) => tempDocument.delete({ documentId: temp.documentId }))
     ]);
   } catch (err) {
-    console.log("Error disabling MFA for all users:", err);
+    strapi.log.error("Error disabling MFA for all users");
   }
 };
 const checkUserByJWT = async (jwtToken) => {
@@ -10557,7 +10581,7 @@ const send = async (to, otp) => {
     sendConfig.replyTo = config2.response_email;
   }
   return emailService.send(sendConfig).catch((error) => {
-    console.log("Error sending email:", error);
+    strapi.log.error("Error sending email");
   });
 };
 const replaceTemplateVariables = (template, variables) => {