Merge pull request #46 from raisely/fix-mfa-implementation

Update MFA handling as api now throws error

Author: rubicola

package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@raisely/cli",
-	"version": "1.8.0",
+	"version": "1.8.1",
 	"description": "Raisely CLI for local development",
 	"main": "./src/cli.js",
 	"type": "module",
@@ -61,4 +61,4 @@
 		"quoteProps": "consistent",
 		"bracketSpacing": true
 	}
-}
+}

src/actions/api.js

@@ -1,5 +1,6 @@
 import fetch from 'node-fetch';
 import https from 'https';
+import _ from 'lodash';
 import { loadConfig, defaults } from '../config.js';
 
 const devHttpsAgent = new https.Agent({
@@ -66,11 +67,25 @@ export default async function api(options) {
 					status: response.status,
 				};
 
+				if (responseIsJSON && formatted) {
+					// if subcode, add this to error
+					const subcode = _.get(formatted, 'errors[0].subcode');
+					if (subcode) {
+						error.subcode = subcode;
+					}
+				}
+
 				throw error;
 			}
 			return formatted;
 		} catch (e) {
 			retryConfig.retry--;
+
+			// Handle MFA error
+			if (e.subcode && e.subcode.startsWith('MFA required')) {
+				throw e;
+			}
+
 			// Skip hard failures, except a timeout
 			if (e.status <= 500 && e.status !== 408) {
 				throw e.message;

src/helpers.js

@@ -127,3 +127,7 @@ export function error(e, loader) {
 		console.log(`${chalk.bgRed('Error:')} ${chalk.red(message)}`);
 	}
 }
+
+export function requiresMfa(e) {
+	return e.subcode && e.subcode.startsWith('MFA required');
+}

src/login.js

@@ -4,7 +4,7 @@ import ora from 'ora';
 import { login } from './actions/auth.js';
 
 import { updateConfig } from './config.js';
-import { log, error, informUpdate } from './helpers.js';
+import { log, error, informUpdate, requiresMfa } from './helpers.js';
 
 export async function doLogin(message) {
 	if (message) log(message, 'white');
@@ -35,37 +35,52 @@ export async function doLogin(message) {
 			...credentials,
 			requestAdminToken: true,
 		});
-		if (loginBody.data.requiresOtp) {
-			loginLoader.info('Your account requires 2 factor authentication.');
-			const response = await inquirer.prompt([
-				{
-					type: 'input',
-					message: 'Please provide your one time password',
-					name: 'otp',
-					validate: (value) =>
-						value.length
-							? true
-							: 'Please enter a one time password',
-				},
-			]);
+		return loginSucceed(loginLoader, loginBody);
+	} catch (e) {
+		if (requiresMfa(e)) {
+			return await loginWith2FA(loginLoader, credentials);
+		} else {
+			error(e, loginLoader);
+			return false;
+		}
+	}
+}
 
-			loginLoader = ora('Logging you in...').start();
+async function loginWith2FA(loginLoader, credentials) {
+	loginLoader.info('Your account requires 2 factor authentication.');
+	try {
+		const response = await inquirer.prompt([
+			{
+				type: 'input',
+				message: 'Please provide your one time password',
+				name: 'otp',
+				validate: (value) =>
+					value.length
+						? true
+						: 'Please enter a one time password',
+			},
+		]);
 
-			loginBody = await login({
-				...credentials,
-				otp: response.otp,
-				requestAdminToken: true,
-			});
-		}
-		const { token, data: user } = loginBody;
-		loginLoader.succeed();
-		return { user, token };
+		loginLoader.info('Logging you in...');
+
+		const loginBody = await login({
+			...credentials,
+			otp: response.otp,
+			requestAdminToken: true,
+		});
+		return loginSucceed(loginLoader, loginBody);
 	} catch (e) {
 		error(e, loginLoader);
 		return false;
 	}
 }
 
+async function loginSucceed(loginLoader, loginBody) {
+	const { token, data: user } = loginBody;
+	loginLoader.succeed();
+	return { user, token };
+}
+
 export default async function loginAction() {
 	const result = await doLogin();
 	if (!result) return;