Merge pull request #396 from zapier/respect-2fa

respect 2fa settings
zapier · Feb 6, 2019 · a11c832 · a11c832
2 parents c107eb0 + 3f06e21
commit a11c832
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 11 deletions.
diff --git a/src/commands/login.js b/src/commands/login.js
@@ -6,6 +6,7 @@ const utils = require('../utils');
 const QUESTION_USERNAME =
   'What is your Zapier login email address? (Ctrl-C to cancel)';
 const QUESTION_PASSWORD = 'What is your Zapier login password?';
+const QUESTION_TOTP = 'What is your current 6-digit 2FA code?';
 
 const login = async (context, firstTime = true) => {
   const checks = [
@@ -46,7 +47,19 @@ const login = async (context, firstTime = true) => {
   const username = await utils.getInput(QUESTION_USERNAME);
   const password = await utils.getInput(QUESTION_PASSWORD, { secret: true });
 
-  const deployKey = (await utils.createCredentials(username, password)).key;
+  let goodResponse;
+  try {
+    goodResponse = await utils.createCredentials(username, password);
+  } catch ({ errText, json: { errors } }) {
+    if (errors[0].startsWith('missing totp_code')) {
+      const code = await utils.getInput(QUESTION_TOTP);
+      goodResponse = await utils.createCredentials(username, password, code);
+    } else {
+      throw new Error(errText);
+    }
+  }
+
+  const deployKey = goodResponse.key;
 
   await utils.writeFile(
     constants.AUTH_LOCATION,

diff --git a/src/utils/api.js b/src/utils/api.js
@@ -118,16 +118,21 @@ const callAPI = (route, options, rawError = false) => {
 };
 
 // Given a valid username and password - create a new deploy key.
-const createCredentials = (username, password) => {
-  // TODO: 2fa in the future?
-  return callAPI('/keys', {
-    skipDeployKey: true,
-    method: 'POST',
-    body: {
-      username,
-      password
-    }
-  });
+const createCredentials = (username, password, totpCode) => {
+  return callAPI(
+    '/keys',
+    {
+      skipDeployKey: true,
+      method: 'POST',
+      body: {
+        username,
+        password,
+        totp_code: totpCode
+      }
+    },
+    // if totp is empty, we want a raw request so we can supress an error. If it's here, we want it to be "non-raw"
+    !totpCode
+  );
 };
 
 // Reads the JSON file in the app directory.