Adds two endpoints for MFA, one for enabling MFA on a user account and and another for verifying a totp token once the secret key has been saved/established.
Currently has no integration with login/JWT sessions.
Closes #92
How to Test
Post to /api/user/enable-mfa with a body containing the relevant email address to store secret key in user table and return an encoded image of QR code + the secret key itself
Post to /api/user/verify-mfa with a body containing email address and the totp token to check if the totp is valid
Checklist
[ ] The code includes tests if relevant
[ ] I have actually self-reviewed my changes and done QA
Description
Adds two endpoints for MFA, one for enabling MFA on a user account and and another for verifying a totp token once the secret key has been saved/established.
Currently has no integration with login/JWT sessions.
Closes #92
How to Test
Post to
/api/user/enable-mfa
with a body containing the relevant email address to store secret key in user table and return an encoded image of QR code + the secret key itselfPost to
/api/user/verify-mfa
with a body containing email address and the totp token to check if the totp is validChecklist