Use refresh token in 2FA flow

When refactoring authentication to use refresh tokens we missed the 2FA flow. It's not clear that we should be supporting 2FA to begin with since rclone doesn't support it, and ultimately the real solution is to use keys instead of passwords for sftp authentication. That being said, while it's here we should make sure it isn't broken! Issue #298 2FA auth flow does not utilize refresh tokens
PermanentOrg · Nov 7, 2023 · d497ef1 · d497ef1
1 parent a7f797d
commit d497ef1
Showing 1 changed file with 20 additions and 8 deletions.
diff --git a/src/classes/AuthenticationSession.ts b/src/classes/AuthenticationSession.ts
@@ -205,17 +205,29 @@ export class AuthenticationSession {
     }).then((clientResponse) => {
       switch (clientResponse.statusCode) {
         case FusionAuthStatusCode.Success:
-        case FusionAuthStatusCode.SuccessButUnregisteredInApp:
-          if (clientResponse.response.token !== undefined) {
-            logger.verbose('Successful 2FA authentication attempt.', {
-              username: this.authContext.username,
-            });
-            this.authToken = clientResponse.response.token;
+          logger.verbose('Successful 2FA authentication attempt.', {
+            username: this.authContext.username,
+          });
+          if (clientResponse.response.refreshToken) {
+            this.successHandler(clientResponse.response.refreshToken);
             this.authContext.accept();
-            return;
+          } else {
+            logger.warn('No refresh token in response :', clientResponse.response);
+            this.authContext.reject();
           }
-          this.authContext.reject();
           return;
+        case FusionAuthStatusCode.SuccessButUnregisteredInApp: {
+          const userId = clientResponse.response.user?.id ?? '';
+          this.registerUserInApp(userId)
+            .then(() => {
+              this.processTwoFactorCodeResponse([twoFactorCode]);
+            })
+            .catch((error) => {
+              logger.warn('Error during registration and authentication:', error);
+              this.authContext.reject();
+            });
+          return;
+        }
         default:
           logger.verbose('Failed 2FA authentication attempt.', {
             username: this.authContext.username,