Merge pull request #2328 from contentstack/main

Back Merge

Author: cs-raj

packages/contentstack-auth/src/utils/auth-handler.ts

@@ -118,25 +118,26 @@ class AuthHandler {
             if (result.user) {
               log.debug('Login successful, user found', { module: 'auth-handler', userEmail: result.user.email });
               resolve(result.user as User);
-            } else if (result.error_code === 294) {
-              const tfToken = await this.handleOTPFlow(tfaToken, loginPayload);
-
+            } else {
+              log.debug('Login failed: no user found.', { module: 'auth-handler', result });
+              reject(new Error(messageHandler.parse('CLI_AUTH_LOGIN_NO_USER')));
+            }
+          })
+          .catch(async (error: any) => {
+            if (error.errorCode === 294) {
               try {
+                const tfToken = await this.handleOTPFlow(tfaToken, loginPayload);
                 resolve(await this.login(email, password, tfToken));
               } catch (error) {
                 log.debug('Login with TFA token failed.', { module: 'auth-handler', error });
                 cliux.print('CLI_AUTH_2FA_FAILED', { color: 'red' });
                 reject(error);
               }
             } else {
-              log.debug('Login failed: no user found.', { module: 'auth-handler', result });
-              reject(new Error(messageHandler.parse('CLI_AUTH_LOGIN_NO_USER')));
+              log.debug('Login API call failed.', { module: 'auth-handler', error: error?.errorMessage || error });
+              cliux.print('CLI_AUTH_LOGIN_FAILED', { color: 'yellow' });
+              reject(error);
             }
-          })
-          .catch((error: any) => {
-            log.debug('Login API call failed.', { module: 'auth-handler', error: error?.errorMessage || error });
-            cliux.print('CLI_AUTH_LOGIN_FAILED', { color: 'yellow' });
-            handleAndLogError(error, { module: 'auth-handler' });
           });
       } else {
         const hasEmail = !!email;
@@ -203,7 +204,7 @@ class AuthHandler {
           .catch((error: Error) => {
             log.debug('Token validation failed.', { module: 'auth-handler', error: error.message });
             cliux.print('CLI_AUTH_TOKEN_VALIDATION_FAILED', { color: 'yellow' });
-            handleAndLogError(error, { module: 'auth-handler' });
+            reject(error);
           });
       } else {
         log.debug('Token validation failed: no auth token provided.', { module: 'auth-handler' });

packages/contentstack-auth/src/utils/mfa-handler.ts

@@ -87,20 +87,6 @@ class MFAHandler {
       }
     }
 
-    if (!secret) {
-      log.debug('Checking stored MFA secret', { module: 'mfa-handler' });
-      const mfaConfig = configHandler.get('mfa');
-      if (mfaConfig?.secret) {
-        try {
-          secret = this.encrypter.decrypt(mfaConfig.secret);
-          source = 'stored configuration';
-        } catch (error) {
-          log.debug('Failed to decrypt stored MFA secret', { module: 'mfa-handler', error });
-          handleAndLogError(error, { module: 'mfa-handler' }, messageHandler.parse('CLI_AUTH_MFA_DECRYPT_FAILED'));
-        }
-      }
-    }
-
     if (secret) {
       try {
         const code = this.generateMFACode(secret);

packages/contentstack-auth/test/unit/auth-handler.test.ts

@@ -32,7 +32,9 @@ describe('Auth Handler', function () {
               return Promise.reject(new Error('Invalid 2FA code'));
             }
           } else {
-            return Promise.resolve({ error_code: 294 });
+            const error: any = new Error('2FA required');
+            error.errorCode = 294;
+            return Promise.reject(error);
           }
         }
         return Promise.resolve({ user });
@@ -115,13 +117,23 @@ describe('Auth Handler', function () {
     it('Login with 2FA enabled invalid otp, failed to login', async function () {
       this.timeout(10000);
       TFAEnabled = true;
-      let result;
+      askOTPStub.restore();
+      askOTPStub = sinon.stub(interactive, 'askOTP').callsFake(function () {
+        return Promise.resolve(InvalidTFATestToken);
+      });
       try {
-        result = await authHandler.login(credentials.email, credentials.password);
+        await authHandler.login(credentials.email, credentials.password);
+        expect.fail('Should have thrown an error');
       } catch (error) {
-        result = error;
+        expect(error).to.be.instanceOf(Error);
+        expect((error as Error).message).to.include('Invalid 2FA code');
+      } finally {
+        TFAEnabled = false;
+        askOTPStub.restore();
+        askOTPStub = sinon.stub(interactive, 'askOTP').callsFake(function () {
+          return Promise.resolve(TFATestToken);
+        });
       }
-      TFAEnabled = false;
     });
 
     it('Login with 2FA enabled with sms channel, should be logged in successfully', async function () {

packages/contentstack-utilities/package.json

@@ -32,7 +32,7 @@
   "author": "contentstack",
   "license": "MIT",
   "dependencies": {
-    "@contentstack/management": "~1.25.1",
+    "@contentstack/management": "~1.27.3",
     "@contentstack/marketplace-sdk": "^1.4.0",
     "@oclif/core": "^4.3.0",
     "axios": "^1.9.0",