(core) Handle old Grist sessions in MFAConfig

Summary: Grist sessions created pre-MFA do not store access or refresh tokens, which means that MFA status from Cognito can't be loaded without requiring re-authentication. MFAConfig handles this by requiring security verification as usual, and checking if it needs to reload MFA status on success. If it does, it'll close the 2FA setup dialog and reload, which should show the correct 2FA configuration status and buttons. Test Plan: Updated existing tests. Reviewers: paulfitz Reviewed By: paulfitz Differential Revision: https://phab.getgrist.com/D3231
2026-03-02 04:09:24 +00:00 · 2022-01-21 14:54:15 -08:00
parent 3289fe330f
commit f74002fe32
2 changed files with 53 additions and 24 deletions
--- a/app/common/UserAPI.ts
+++ b/app/common/UserAPI.ts
@@ -298,12 +298,13 @@ export type PassVerificationResult = ChallengeRequired | ChallengeNotRequired;
 /**
 * Information about the follow-up authentication challenge.
 */
-interface ChallengeRequired {
+export interface ChallengeRequired {
  isChallengeRequired: true;
+  isAlternateChallengeAvailable: boolean;
  // Session identifier that must be re-used in response to auth challenge.
  session: string;
  challengeName: 'SMS_MFA' | 'SOFTWARE_TOKEN_MFA';
-  // If challenge is 'SMS_MFA', the destination number that the verification code was sent.
+  // If SMS MFA is enabled, the destination phone number that codes are sent to.
  deliveryDestination?: string;
 }