✨ Add SMS-based MFA method

src/errors/errors.constants.ts

@@ -34,6 +34,7 @@ export const MFA_ENABLED_CONFLICT =
 export const MFA_NOT_ENABLED = 'MFA_NOT_ENABLED';
 export const MFA_BACKUP_CODE_USED = 'MFA_BACKUP_CODE_USED';
 export const MFA_PHONE_OR_TOKEN_REQUIRED = 'MFA_BACKUP_CODE_USED';
+export const MFA_PHONE_NOT_FOUND = 'MFA_BACKUP_CODE_USED';
 export const UNVERIFIED_LOCATION = 'UNVERIFIED_LOCATION';
 
 export const CURRENT_PASSWORD_REQUIRED = 'Current password is required';

src/modules/auth/auth.module.ts

@@ -10,6 +10,7 @@ import { GeolocationModule } from '../geolocation/geolocation.module';
 import { PrismaModule } from '../prisma/prisma.module';
 import { PwnedModule } from '../pwned/pwned.module';
 import { TokensModule } from '../tokens/tokens.module';
+import { TwilioModule } from '../twilio/twilio.module';
 import { AuthController } from './auth.controller';
 import { AuthService } from './auth.service';
 import { StaartStrategy } from './staart.strategy';
@@ -23,6 +24,7 @@ import { StaartStrategy } from './staart.strategy';
     ConfigModule,
     PwnedModule,
     ApiKeysModule,
+    TwilioModule,
     GeolocationModule,
     ApprovedSubnetsModule,
     JwtModule.register({

src/modules/auth/auth.service.ts

@@ -18,20 +18,21 @@ import { authenticator } from 'otplib';
 import qrcode from 'qrcode';
 import randomColor from 'randomcolor';
 import {
+  COMPROMISED_PASSWORD,
   EMAIL_USER_CONFLICT,
+  EMAIL_VERIFIED_CONFLICT,
   INVALID_CREDENTIALS,
+  INVALID_MFA_CODE,
+  MFA_BACKUP_CODE_USED,
+  MFA_ENABLED_CONFLICT,
+  MFA_NOT_ENABLED,
+  MFA_PHONE_NOT_FOUND,
   NO_EMAILS,
-  UNVERIFIED_EMAIL,
-  USER_NOT_FOUND,
-  EMAIL_VERIFIED_CONFLICT,
   NO_TOKEN_PROVIDED,
   SESSION_NOT_FOUND,
-  MFA_ENABLED_CONFLICT,
-  INVALID_MFA_CODE,
-  MFA_NOT_ENABLED,
-  MFA_BACKUP_CODE_USED,
+  UNVERIFIED_EMAIL,
   UNVERIFIED_LOCATION,
-  COMPROMISED_PASSWORD,
+  USER_NOT_FOUND,
 } from 'src/errors/errors.constants';
 import { safeEmail } from '../../helpers/safe-email';
 import { ApprovedSubnetsService } from '../approved-subnets/approved-subnets.service';
@@ -49,6 +50,7 @@ import {
   PASSWORD_RESET_TOKEN,
 } from '../tokens/tokens.constants';
 import { TokensService } from '../tokens/tokens.service';
+import { TwilioService } from '../twilio/twilio.service';
 import { RegisterDto } from './auth.dto';
 import {
   AccessTokenClaims,
@@ -70,6 +72,7 @@ export class AuthService {
     private tokensService: TokensService,
     private geolocationService: GeolocationService,
     private approvedSubnetsService: ApprovedSubnetsService,
+    private twilioService: TwilioService,
   ) {
     this.authenticator = authenticator.create({
       window: [
@@ -513,6 +516,15 @@ export class AuthService {
           )}`,
         },
       });
+    } else if (user.twoFactorMethod === 'SMS' || forceMethod === 'SMS') {
+      if (!user.twoFactorPhone)
+        throw new BadRequestException(MFA_PHONE_NOT_FOUND);
+      this.twilioService.send({
+        to: user.twoFactorPhone,
+        body: `${this.getOneTimePassword(user.twoFactorSecret)} is your ${
+          this.configService.get<string>('sms.smsServiceName') ?? ''
+        } verification code.`,
+      });
     }
     return { totpToken, type: user.twoFactorMethod, multiFactorRequired: true };
   }

src/modules/emails/emails.module.ts

@@ -8,6 +8,7 @@ import { GeolocationService } from '../geolocation/geolocation.service';
 import { PrismaModule } from '../prisma/prisma.module';
 import { PwnedModule } from '../pwned/pwned.module';
 import { TokensModule } from '../tokens/tokens.module';
+import { TwilioModule } from '../twilio/twilio.module';
 import { UsersService } from '../users/users.service';
 import { EmailController } from './emails.controller';
 import { EmailsService } from './emails.service';
@@ -17,6 +18,7 @@ import { EmailsService } from './emails.service';
     PrismaModule,
     EmailModule,
     ConfigModule,
+    TwilioModule,
     PwnedModule,
     TokensModule,
     JwtModule.register({