Merge pull request #2326 from contentstack/fix/DX-3920

Fix: Moved the MFA to catch block

Author: cs-raj

.talismanrc

@@ -1,8 +1,8 @@
 fileignoreconfig:
   - filename: package-lock.json
-    checksum: 21d5e66a045c155578dc6b6d747745b94c4591c1e17f5226b94b833a46ee9bff
+    checksum: 7fe633822937ac8ac6153c796e02ad26f31a4cdbf28d62650fe7bc990ccabac4
   - filename: pnpm-lock.yaml
-    checksum: a0e789a97a39aece1d637ed121bb6847d39dfb9033b71ea8bf10619eec2e246a
+    checksum: 096da506eea94052c82ddf88d0167be7511c4ce136d3de8cb1e6cc11c2444fd5
   - filename: packages/contentstack-import-setup/test/unit/backup-handler.test.ts
     checksum: 0582d62b88834554cf12951c8690a73ef3ddbb78b82d2804d994cf4148e1ef93
   - filename: packages/contentstack-import-setup/test/config.json

package-lock.json

@@ -1,7 +1,7 @@
 {
   "name": "@contentstack/cli-auth",
   "description": "Contentstack CLI plugin for authentication activities",
-  "version": "1.7.0",
+  "version": "1.7.1",
   "author": "Contentstack",
   "bugs": "https://github.com/contentstack/cli/issues",
   "scripts": {

packages/contentstack-auth/package.json

@@ -118,25 +118,26 @@ class AuthHandler {
             if (result.user) {
               log.debug('Login successful, user found', { module: 'auth-handler', userEmail: result.user.email });
               resolve(result.user as User);
-            } else if (result.error_code === 294) {
-              const tfToken = await this.handleOTPFlow(tfaToken, loginPayload);
-
+            } else {
+              log.debug('Login failed: no user found.', { module: 'auth-handler', result });
+              reject(new Error(messageHandler.parse('CLI_AUTH_LOGIN_NO_USER')));
+            }
+          })
+          .catch(async (error: any) => {
+            if (error.errorCode === 294) {
               try {
+                const tfToken = await this.handleOTPFlow(tfaToken, loginPayload);
                 resolve(await this.login(email, password, tfToken));
               } catch (error) {
                 log.debug('Login with TFA token failed.', { module: 'auth-handler', error });
                 cliux.print('CLI_AUTH_2FA_FAILED', { color: 'red' });
                 reject(error);
               }
             } else {
-              log.debug('Login failed: no user found.', { module: 'auth-handler', result });
-              reject(new Error(messageHandler.parse('CLI_AUTH_LOGIN_NO_USER')));
+              log.debug('Login API call failed.', { module: 'auth-handler', error: error?.errorMessage || error });
+              cliux.print('CLI_AUTH_LOGIN_FAILED', { color: 'yellow' });
+              reject(error);
             }
-          })
-          .catch((error: any) => {
-            log.debug('Login API call failed.', { module: 'auth-handler', error: error?.errorMessage || error });
-            cliux.print('CLI_AUTH_LOGIN_FAILED', { color: 'yellow' });
-            handleAndLogError(error, { module: 'auth-handler' });
           });
       } else {
         const hasEmail = !!email;
@@ -203,7 +204,7 @@ class AuthHandler {
           .catch((error: Error) => {
             log.debug('Token validation failed.', { module: 'auth-handler', error: error.message });
             cliux.print('CLI_AUTH_TOKEN_VALIDATION_FAILED', { color: 'yellow' });
-            handleAndLogError(error, { module: 'auth-handler' });
+            reject(error);
           });
       } else {
         log.debug('Token validation failed: no auth token provided.', { module: 'auth-handler' });

packages/contentstack-auth/src/utils/auth-handler.ts

@@ -87,20 +87,6 @@ class MFAHandler {
       }
     }
 
-    if (!secret) {
-      log.debug('Checking stored MFA secret', { module: 'mfa-handler' });
-      const mfaConfig = configHandler.get('mfa');
-      if (mfaConfig?.secret) {
-        try {
-          secret = this.encrypter.decrypt(mfaConfig.secret);
-          source = 'stored configuration';
-        } catch (error) {
-          log.debug('Failed to decrypt stored MFA secret', { module: 'mfa-handler', error });
-          handleAndLogError(error, { module: 'mfa-handler' }, messageHandler.parse('CLI_AUTH_MFA_DECRYPT_FAILED'));
-        }
-      }
-    }
-
     if (secret) {
       try {
         const code = this.generateMFACode(secret);

packages/contentstack-auth/src/utils/mfa-handler.ts

@@ -30,7 +30,9 @@ describe('Auth Handler', function () {
               return Promise.reject(new Error('Invalid 2FA code'));
             }
           } else {
-            return Promise.resolve({ error_code: 294 });
+            const error: any = new Error('2FA required');
+            error.errorCode = 294;
+            return Promise.reject(error);
           }
         }
         return Promise.resolve({ user });
@@ -113,13 +115,23 @@ describe('Auth Handler', function () {
     it('Login with 2FA enabled invalid otp, failed to login', async function () {
       this.timeout(10000);
       TFAEnabled = true;
-      let result;
+      askOTPStub.restore();
+      askOTPStub = sinon.stub(interactive, 'askOTP').callsFake(function () {
+        return Promise.resolve(InvalidTFATestToken);
+      });
       try {
-        result = await authHandler.login(credentials.email, credentials.password);
+        await authHandler.login(credentials.email, credentials.password);
+        expect.fail('Should have thrown an error');
       } catch (error) {
-        result = error;
+        expect(error).to.be.instanceOf(Error);
+        expect((error as Error).message).to.include('Invalid 2FA code');
+      } finally {
+        TFAEnabled = false;
+        askOTPStub.restore();
+        askOTPStub = sinon.stub(interactive, 'askOTP').callsFake(function () {
+          return Promise.resolve(TFATestToken);
+        });
       }
-      TFAEnabled = false;
     });
 
     it('Login with 2FA enabled with sms channel, should be logged in successfully', async function () {

packages/contentstack-auth/test/unit/auth-handler.test.ts

@@ -1,7 +1,7 @@
 {
   "name": "@contentstack/cli-cm-bootstrap",
   "description": "Bootstrap contentstack apps",
-  "version": "1.18.0",
+  "version": "1.18.1",
   "author": "Contentstack",
   "bugs": "https://github.com/contentstack/cli/issues",
   "scripts": {
@@ -16,14 +16,14 @@
     "test:report": "nyc --reporter=lcov mocha \"test/**/*.test.js\""
   },
   "dependencies": {
-    "@contentstack/cli-cm-seed": "~1.14.0",
+    "@contentstack/cli-cm-seed": "~1.14.1",
     "@contentstack/cli-command": "~1.7.1",
     "@contentstack/cli-utilities": "~1.16.0",
     "@oclif/core": "^4.3.0",
     "@oclif/plugin-help": "^6.2.28",
     "inquirer": "8.2.7",
     "mkdirp": "^1.0.4",
-    "tar": "^6.2.1 "
+    "tar": "^7.5.6"
   },
   "devDependencies": {
     "@oclif/test": "^4.1.13",

packages/contentstack-bootstrap/package.json

@@ -21,7 +21,7 @@
     "winston": "^3.17.0"
   },
   "devDependencies": {
-    "@contentstack/cli-auth": "~1.7.0",
+    "@contentstack/cli-auth": "~1.7.1",
     "@contentstack/cli-config": "~1.17.0",
     "@contentstack/cli-dev-dependencies": "~1.3.1",
     "@oclif/plugin-help": "^6.2.28",

packages/contentstack-export/package.json

@@ -8,7 +8,7 @@
     "@contentstack/cli-audit": "~1.17.0",
     "@contentstack/cli-command": "~1.7.1",
     "@contentstack/cli-utilities": "~1.16.0",
-    "@contentstack/management": "~1.22.0",
+    "@contentstack/management": "~1.27.3",
     "@contentstack/cli-variants": "~1.3.6",
     "@oclif/core": "^4.3.0",
     "big-json": "^3.2.0",

packages/contentstack-import/package.json

@@ -1,17 +1,17 @@
 {
   "name": "@contentstack/cli-cm-seed",
   "description": "create a Stack from existing content types, entries, assets, etc.",
-  "version": "1.14.0",
+  "version": "1.14.1",
   "author": "Contentstack",
   "bugs": "https://github.com/contentstack/cli/issues",
   "dependencies": {
     "@contentstack/cli-cm-import": "~1.31.0",
     "@contentstack/cli-command": "~1.7.1",
     "@contentstack/cli-utilities": "~1.16.0",
-    "@contentstack/management": "~1.22.0",
+    "@contentstack/management": "~1.27.3",
     "inquirer": "8.2.7",
     "mkdirp": "^1.0.4",
-    "tar": "^6.2.1",
+    "tar": "^7.5.6",
     "tmp": "^0.2.3"
   },
   "devDependencies": {