veza/apps/web/src/features/auth/components/TwoFactorVerify.tsx

import { useState } from 'react';
import {
  Card,
  CardContent,
  CardDescription,
  CardHeader,
  CardTitle,
} from '@/components/ui/card';
import { Button } from '@/components/ui/button';
import { Input } from '@/components/ui/input';
import { Label } from '@/components/ui/label';
import { Alert, AlertDescription } from '@/components/ui/alert';
import { Loader2, Shield, AlertCircle } from 'lucide-react';
import { twoFactorService } from '@/services/2fa-service';
import { useToast } from '@/hooks/useToast';
import { parseApiError } from '@/utils/apiErrorHandler';

interface TwoFactorVerifyProps {
  onSuccess: (code: string) => void;
  onCancel: () => void;
}

export function TwoFactorVerify({ onSuccess, onCancel }: TwoFactorVerifyProps) {
  const [code, setCode] = useState('');
  const [backupCode, setBackupCode] = useState('');
  const [useBackupCode, setUseBackupCode] = useState(false);
  const [isVerifying, setIsVerifying] = useState(false);
  const [error, setError] = useState('');
  const { toast } = useToast();

  const handleVerify = async () => {
    if (!code && !backupCode) {
      setError('Please enter a verification code');
      return;
    }

    try {
      setIsVerifying(true);
      setError('');

      const verificationCode = useBackupCode ? backupCode : code;
      // TODO: Fix 2FA login verification
      // Issue: twoFactorService.verify(secret, code) is for 2FA setup, not login verification.
      // During login, we don't have the secret. The 2FA code should be verified as part of
      // the login flow (either via a separate endpoint like /auth/login/2fa or by including
      // the code in the login request when requires_2fa is true).
      // Current workaround: Pass code to parent via onSuccess() - parent should handle verification.
      // Action required: Check backend API contract for 2FA login verification endpoint.
      try {
        // FIXME: This is incorrect - verify() is for setup, not login
        // Remove this call once proper login 2FA verification is implemented
        await twoFactorService.verify('', verificationCode);
        onSuccess(verificationCode);
      } catch (verifyError: unknown) {
        // If verification fails, show error message
        const apiError = parseApiError(verifyError);
        const errorMessage = apiError.message;
        setError(errorMessage);
        toast({
          message: errorMessage,
          type: 'error',
        });
        throw verifyError; // Re-throw to be caught by outer catch if needed
      }
    } catch (error: unknown) {
      const apiError = parseApiError(error);
      setError(apiError.message);
      toast({
        message: apiError.message,
        type: 'error',
      });
    } finally {
      setIsVerifying(false);
    }
  };

  return (
    <Card className="w-full max-w-md">
      <CardHeader>
        <CardTitle className="flex items-center gap-2">
          <Shield className="h-5 w-5 text-kodo-steel" />
          Two-Factor Authentication
        </CardTitle>
        <CardDescription>
          Enter the code from your authenticator app
        </CardDescription>
      </CardHeader>
      <CardContent className="space-y-4">
        <Alert>
          <AlertCircle className="h-4 w-4" />
          <AlertDescription>
            Enter the 6-digit code from your authenticator app to continue
            signing in.
          </AlertDescription>
        </Alert>

        {error && (
          <Alert variant="destructive">
            <AlertCircle className="h-4 w-4" />
            <AlertDescription>{error}</AlertDescription>
          </Alert>
        )}

        {!useBackupCode ? (
          <>
            <div className="space-y-2">
              <Label htmlFor="2fa-code">Verification Code</Label>
              <Input
                id="2fa-code"
                type="text"
                placeholder="000000"
                value={code}
                onChange={(e) => {
                  setCode(e.target.value.replace(/\D/g, '').slice(0, 6));
                  setError('');
                }}
                maxLength={6}
                className="text-center text-2xl tracking-widest"
                autoFocus
              />
            </div>
            <p className="text-sm text-kodo-content-dim">
              Lost access?{' '}
              <button
                onClick={() => setUseBackupCode(true)}
                className="text-kodo-cyan hover:underline"
              >
                Use a backup code
              </button>
            </p>
          </>
        ) : (
          <>
            <div className="space-y-2">
              <Label htmlFor="backup-code">Backup Code</Label>
              <Input
                id="backup-code"
                type="text"
                placeholder="Enter backup code"
                value={backupCode}
                onChange={(e) => {
                  setBackupCode(e.target.value);
                  setError('');
                }}
              />
            </div>
            <p className="text-sm text-kodo-content-dim">
              <button
                onClick={() => setUseBackupCode(false)}
                className="text-kodo-cyan hover:underline"
              >
                Use authenticator code instead
              </button>
            </p>
          </>
        )}

        <div className="flex gap-2">
          <Button onClick={onCancel} variant="outline" className="flex-1">
            Cancel
          </Button>
          <Button
            onClick={handleVerify}
            disabled={isVerifying || (!code && !backupCode)}
            className="flex-1"
          >
            {isVerifying ? (
              <>
                <Loader2 className="mr-2 h-4 w-4 animate-spin" />
                Verifying...
              </>
            ) : (
              'Verify'
            )}
          </Button>
        </div>
      </CardContent>
    </Card>
  );
}
fix(MVP-006): Standardize environment variable names (VITE_API_BASE_URL → VITE_API_URL) 2025-12-22 21:56:37 +00:00			`import { useState } from 'react';`
refonte: backend-api go first; phase 1 2025-12-13 02:34:34 +00:00			`import {`
			`Card,`
			`CardContent,`
			`CardDescription,`
			`CardHeader,`
			`CardTitle,`
			`} from '@/components/ui/card';`
BASE: completing the initial repo state 2025-12-03 21:56:50 +00:00			`import { Button } from '@/components/ui/button';`
			`import { Input } from '@/components/ui/input';`
			`import { Label } from '@/components/ui/label';`
			`import { Alert, AlertDescription } from '@/components/ui/alert';`
			`import { Loader2, Shield, AlertCircle } from 'lucide-react';`
			`import { twoFactorService } from '@/services/2fa-service';`
fix(MVP-006): Standardize environment variable names (VITE_API_BASE_URL → VITE_API_URL) 2025-12-22 21:56:37 +00:00			`import { useToast } from '@/hooks/useToast';`
stabilisation commit A 2026-01-07 18:39:21 +00:00			`import { parseApiError } from '@/utils/apiErrorHandler';`
BASE: completing the initial repo state 2025-12-03 21:56:50 +00:00
			`interface TwoFactorVerifyProps {`
			`onSuccess: (code: string) => void;`
			`onCancel: () => void;`
			`}`

			`export function TwoFactorVerify({ onSuccess, onCancel }: TwoFactorVerifyProps) {`
			`const [code, setCode] = useState('');`
			`const [backupCode, setBackupCode] = useState('');`
			`const [useBackupCode, setUseBackupCode] = useState(false);`
			`const [isVerifying, setIsVerifying] = useState(false);`
			`const [error, setError] = useState('');`
			`const { toast } = useToast();`

			`const handleVerify = async () => {`
			`if (!code && !backupCode) {`
			`setError('Please enter a verification code');`
			`return;`
			`}`

			`try {`
			`setIsVerifying(true);`
			`setError('');`

			`const verificationCode = useBackupCode ? backupCode : code;`
cleanup: address simple TODO comments (Cleanup 14) - Fixed ChatRoom.tsx: Implemented current user ID check for isMe - Added useUser hook to get current user - Replaced hardcoded isMe=false with proper user ID comparison - Improved TwoFactorVerify.tsx: Enhanced TODO comment with specific action items - Clarified that verify() is for setup, not login - Added FIXME with clear explanation of the issue - Documented that parent should handle verification - Cleanup 14: In progress - addressing simple, safe TODOs 2026-01-16 11:31:40 +00:00			`// TODO: Fix 2FA login verification`
			`// Issue: twoFactorService.verify(secret, code) is for 2FA setup, not login verification.`
			`// During login, we don't have the secret. The 2FA code should be verified as part of`
			`// the login flow (either via a separate endpoint like /auth/login/2fa or by including`
			`// the code in the login request when requires_2fa is true).`
			`// Current workaround: Pass code to parent via onSuccess() - parent should handle verification.`
			`// Action required: Check backend API contract for 2FA login verification endpoint.`
[FIX] PROD-007: Corriger erreurs TypeScript critiques (types, signatures, chemins de code) 2025-12-27 15:23:53 +00:00			`try {`
cleanup: address simple TODO comments (Cleanup 14) - Fixed ChatRoom.tsx: Implemented current user ID check for isMe - Added useUser hook to get current user - Replaced hardcoded isMe=false with proper user ID comparison - Improved TwoFactorVerify.tsx: Enhanced TODO comment with specific action items - Clarified that verify() is for setup, not login - Added FIXME with clear explanation of the issue - Documented that parent should handle verification - Cleanup 14: In progress - addressing simple, safe TODOs 2026-01-16 11:31:40 +00:00			`// FIXME: This is incorrect - verify() is for setup, not login`
			`// Remove this call once proper login 2FA verification is implemented`
[FIX] PROD-007: Corriger erreurs TypeScript critiques (types, signatures, chemins de code) 2025-12-27 15:23:53 +00:00			`await twoFactorService.verify('', verificationCode);`
			`onSuccess(verificationCode);`
stabilisation commit A 2026-01-07 18:39:21 +00:00			`} catch (verifyError: unknown) {`
chore: remove production logs in features 2026-01-07 09:32:53 +00:00			`// If verification fails, show error message`
stabilisation commit A 2026-01-07 18:39:21 +00:00			`const apiError = parseApiError(verifyError);`
			`const errorMessage = apiError.message;`
chore: remove production logs in features 2026-01-07 09:32:53 +00:00			`setError(errorMessage);`
			`toast({`
			`message: errorMessage,`
			`type: 'error',`
			`});`
			`throw verifyError; // Re-throw to be caught by outer catch if needed`
BASE: completing the initial repo state 2025-12-03 21:56:50 +00:00			`}`
stabilisation commit A 2026-01-07 18:39:21 +00:00			`} catch (error: unknown) {`
			`const apiError = parseApiError(error);`
			`setError(apiError.message);`
BASE: completing the initial repo state 2025-12-03 21:56:50 +00:00			`toast({`
stabilisation commit A 2026-01-07 18:39:21 +00:00			`message: apiError.message,`
fix(MVP-006): Standardize environment variable names (VITE_API_BASE_URL → VITE_API_URL) 2025-12-22 21:56:37 +00:00			`type: 'error',`
BASE: completing the initial repo state 2025-12-03 21:56:50 +00:00			`});`
			`} finally {`
			`setIsVerifying(false);`
			`}`
			`};`

			`return (`
			`<Card className="w-full max-w-md">`
			`<CardHeader>`
			`<CardTitle className="flex items-center gap-2">`
aesthetic-improvements: reduce decorative cyan in chat, auth, player, streaming, and dashboard (80/20 rule, batch 13) - Chat: ChatSidebar loading spinner and decorative icon, VirtualizedChatMessages decorative attachment badge, ChatPage decorative icon and loading spinner border/text, ChatMessage decorative username indicator and icon (7 instances) - Auth: TwoFactorVerify decorative icon (1 instance) - Player: PlayerLoading decorative spinner (1 instance) - Streaming: PlaybackSummary decorative icon (1 instance) - Dashboard: DashboardPage decorative chart color and gradient and icon (3 instances) - Total: ~13 files, ~13 instances replaced - Preserved: Active/selected states (ChatSidebar selected conversation, ChatMessage isMe message bubble and highlighted message, DashboardPage selected button 30J, ChatInput drag active overlay and emoji picker active, TrackFilters active filter badge, TrackHistory current track, TrackGridDensitySelector selected density, PlaybackSpeedControl selected speed, ViewToggle selected view mode, TrackList selected tracks, TrackListRow selected state, PlaylistList selected view mode, QualitySelector selected quality, SettingsPage selected tab and theme, LoginForm checkbox accent - focus/interaction, RegisterPage checkbox accent - focus/interaction), functional links (ForgotPasswordPage link, TwoFactorVerify links, RegisterPage links, AuthLayout link, ProfileForm links, LoginPage link, RegisterPage link), design system variants, semantic status indicators, interactive states, functional loading indicators, informational alerts/toasts - Action 11.3.1.3 in progress (thirteenth batch: chat, auth, player, streaming, and dashboard components) 2026-01-16 10:32:55 +00:00			`<Shield className="h-5 w-5 text-kodo-steel" />`
BASE: completing the initial repo state 2025-12-03 21:56:50 +00:00			`Two-Factor Authentication`
			`</CardTitle>`
refonte: backend-api go first; phase 1 2025-12-13 02:34:34 +00:00			`<CardDescription>`
			`Enter the code from your authenticator app`
			`</CardDescription>`
BASE: completing the initial repo state 2025-12-03 21:56:50 +00:00			`</CardHeader>`
			`<CardContent className="space-y-4">`
			`<Alert>`
			`<AlertCircle className="h-4 w-4" />`
			`<AlertDescription>`
refonte: backend-api go first; phase 1 2025-12-13 02:34:34 +00:00			`Enter the 6-digit code from your authenticator app to continue`
			`signing in.`
BASE: completing the initial repo state 2025-12-03 21:56:50 +00:00			`</AlertDescription>`
			`</Alert>`

			`{error && (`
			`<Alert variant="destructive">`
			`<AlertCircle className="h-4 w-4" />`
			`<AlertDescription>{error}</AlertDescription>`
			`</Alert>`
			`)}`

			`{!useBackupCode ? (`
			`<>`
			`<div className="space-y-2">`
			`<Label htmlFor="2fa-code">Verification Code</Label>`
			`<Input`
			`id="2fa-code"`
			`type="text"`
			`placeholder="000000"`
			`value={code}`
			`onChange={(e) => {`
			`setCode(e.target.value.replace(/\D/g, '').slice(0, 6));`
			`setError('');`
			`}}`
			`maxLength={6}`
			`className="text-center text-2xl tracking-widest"`
			`autoFocus`
			`/>`
			`</div>`
consistency: auto-migrate Tailwind default colors (Batch 8, 47 instances) 2026-01-16 00:56:47 +00:00			`<p className="text-sm text-kodo-content-dim">`
BASE: completing the initial repo state 2025-12-03 21:56:50 +00:00			`Lost access?{' '}`
			`<button`
			`onClick={() => setUseBackupCode(true)}`
consistency: auto-migrate Tailwind default colors (Batch 8, 47 instances) 2026-01-16 00:56:47 +00:00			`className="text-kodo-cyan hover:underline"`
BASE: completing the initial repo state 2025-12-03 21:56:50 +00:00			`>`
			`Use a backup code`
			`</button>`
			`</p>`
			`</>`
			`) : (`
			`<>`
			`<div className="space-y-2">`
			`<Label htmlFor="backup-code">Backup Code</Label>`
			`<Input`
			`id="backup-code"`
			`type="text"`
			`placeholder="Enter backup code"`
			`value={backupCode}`
			`onChange={(e) => {`
			`setBackupCode(e.target.value);`
			`setError('');`
			`}}`
			`/>`
			`</div>`
consistency: auto-migrate Tailwind default colors (Batch 8, 47 instances) 2026-01-16 00:56:47 +00:00			`<p className="text-sm text-kodo-content-dim">`
BASE: completing the initial repo state 2025-12-03 21:56:50 +00:00			`<button`
			`onClick={() => setUseBackupCode(false)}`
consistency: auto-migrate Tailwind default colors (Batch 8, 47 instances) 2026-01-16 00:56:47 +00:00			`className="text-kodo-cyan hover:underline"`
BASE: completing the initial repo state 2025-12-03 21:56:50 +00:00			`>`
			`Use authenticator code instead`
			`</button>`
			`</p>`
			`</>`
			`)}`

			`<div className="flex gap-2">`
			`<Button onClick={onCancel} variant="outline" className="flex-1">`
			`Cancel`
			`</Button>`
refonte: backend-api go first; phase 1 2025-12-13 02:34:34 +00:00			`<Button`
			`onClick={handleVerify}`
			`disabled={isVerifying \|\| (!code && !backupCode)}`
			`className="flex-1"`
			`>`
BASE: completing the initial repo state 2025-12-03 21:56:50 +00:00			`{isVerifying ? (`
			`<>`
			`<Loader2 className="mr-2 h-4 w-4 animate-spin" />`
			`Verifying...`
			`</>`
			`) : (`
			`'Verify'`
			`)}`
			`</Button>`
			`</div>`
			`</CardContent>`
			`</Card>`
			`);`
			`}`