misc

api/custom_auth/mfa/trench/__init__.py

@@ -1 +0,0 @@
-__version__ = "0.3.1"

api/custom_auth/urls.py

@@ -33,6 +33,5 @@
     # are deprecated and will be removed in the next Major release
     path("", include("djoser.urls")),
     path("", include("custom_auth.mfa.trench.urls")),  # MFA
-    # path("", include("trench.urls")),  # MFA
     path("oauth/", include("custom_auth.oauth.urls")),
 ]

api/tests/integration/custom_auth/end_to_end/test_custom_auth_integration.py

@@ -245,7 +245,8 @@ def test_login_workflow_with_mfa_enabled(
     confirm_mfa_method_response = api_client.post(
         confirm_mfa_method_url, data=confirm_mfa_data
     )
-    assert confirm_mfa_method_response
+    assert confirm_mfa_method_response.status_code == status.HTTP_200_OK
+    backup_codes = confirm_mfa_method_response.json()["backup_codes"]
 
     # now login should return an ephemeral token rather than a token
     login_data = {"email": email, "password": password}
@@ -262,6 +263,19 @@ def test_login_workflow_with_mfa_enabled(
     assert login_confirm_response.status_code == status.HTTP_200_OK
     key = login_confirm_response.json()["key"]
 
+    # Login with backup code should also work
+    api_client.logout()
+    login_response = api_client.post(login_url, data=login_data)
+    assert login_response.status_code == status.HTTP_200_OK
+    ephemeral_token = login_response.json()["ephemeral_token"]
+    confirm_login_data = {
+        "ephemeral_token": ephemeral_token,
+        "code": backup_codes[0],
+    }
+    login_confirm_response = api_client.post(login_confirm_url, data=confirm_login_data)
+    assert login_confirm_response.status_code == status.HTTP_200_OK
+    key = login_confirm_response.json()["key"]
+
     # and verify that we can use the token to access the API
     api_client.credentials(HTTP_AUTHORIZATION=f"Token {key}")
     current_user_url = reverse("api-v1:custom_auth:ffadminuser-me")