Implemented cooldown before User is able to resend confirmation code for 2fa

2025-12-23 14:56:47 +03:00
parent 1ed76f7243
commit ec54579921
6 changed files with 196 additions and 9 deletions
--- a/frontend/pshared/lib/api/responses/confirmation.dart
+++ b/frontend/pshared/lib/api/responses/confirmation.dart
@@ -0,0 +1,26 @@
+import 'package:json_annotation/json_annotation.dart';
+
+part 'confirmation.g.dart';
+
+@JsonSerializable()
+class ConfirmationResponse {
+  @JsonKey(name: 'ttl_seconds', defaultValue: 0)
+  final int ttlSeconds;
+  @JsonKey(name: 'cooldown_seconds', defaultValue: 0)
+  final int cooldownSeconds;
+  @JsonKey(defaultValue: '')
+  final String destination;
+
+  const ConfirmationResponse({
+    required this.ttlSeconds,
+    required this.cooldownSeconds,
+    required this.destination,
+  });
+
+  Duration get cooldownDuration => Duration(seconds: cooldownSeconds);
+  Duration get ttlDuration => Duration(seconds: ttlSeconds);
+
+  factory ConfirmationResponse.fromJson(Map<String, dynamic> json) => _$ConfirmationResponseFromJson(json);
+
+  Map<String, dynamic> toJson() => _$ConfirmationResponseToJson(this);
+}
--- a/frontend/pshared/lib/models/auth/pending_login.dart
+++ b/frontend/pshared/lib/models/auth/pending_login.dart
@@ -11,6 +11,8 @@ class PendingLogin {
  final String destination;
  final int ttlSeconds;
  final SessionIdentifier session;
+  final int? cooldownSeconds;
+  final DateTime? cooldownUntil;

  const PendingLogin({
    required this.account,
@@ -18,6 +20,8 @@ class PendingLogin {
    required this.destination,
    required this.ttlSeconds,
    required this.session,
+    this.cooldownSeconds,
+    this.cooldownUntil,
  });

  factory PendingLogin.fromResponse(
@@ -30,4 +34,30 @@ class PendingLogin {
    ttlSeconds: response.ttlSeconds,
    session: session,
  );
+
+  PendingLogin copyWith({
+    Account? account,
+    TokenData? pendingToken,
+    String? destination,
+    int? ttlSeconds,
+    SessionIdentifier? session,
+    int? cooldownSeconds,
+    DateTime? cooldownUntil,
+    bool clearCooldown = false,
+  }) {
+    return PendingLogin(
+      account: account ?? this.account,
+      pendingToken: pendingToken ?? this.pendingToken,
+      destination: destination ?? this.destination,
+      ttlSeconds: ttlSeconds ?? this.ttlSeconds,
+      session: session ?? this.session,
+      cooldownSeconds: clearCooldown ? null : cooldownSeconds ?? this.cooldownSeconds,
+      cooldownUntil: clearCooldown ? null : cooldownUntil ?? this.cooldownUntil,
+    );
+  }
+
+  int get cooldownRemainingSeconds {
+    final remaining = cooldownUntil?.difference(DateTime.now()).inSeconds ?? 0;
+    return remaining < 0 ? 0 : remaining;
+  }
 }
--- a/frontend/pshared/lib/provider/account.dart
+++ b/frontend/pshared/lib/provider/account.dart
@@ -10,6 +10,7 @@ import 'package:pshared/api/requests/signup.dart';
 import 'package:pshared/api/requests/login_data.dart';
 import 'package:pshared/config/constants.dart';
 import 'package:pshared/models/account/account.dart';
+import 'package:pshared/api/responses/confirmation.dart';
 import 'package:pshared/models/auth/login_outcome.dart';
 import 'package:pshared/models/auth/pending_login.dart';
 import 'package:pshared/models/describable.dart';
@@ -101,8 +102,8 @@ class AccountProvider extends ChangeNotifier {
        if (pending == null) {
          throw Exception('Pending login data is missing');
        }
-        await VerificationService.requestLoginCode(pending);
-        _pendingLogin = pending;
+        final confirmation = await VerificationService.requestLoginCode(pending);
+        _pendingLogin = _applyConfirmationMeta(pending, confirmation);
        _authState = AuthState.idle;
        _setResource(_resource.copyWith(isLoading: false));
      }
@@ -114,6 +115,27 @@ class AccountProvider extends ChangeNotifier {
    }
  }

+  PendingLogin _applyConfirmationMeta(PendingLogin pending, ConfirmationResponse confirmation) {
+    final ttlSeconds = confirmation.ttlSeconds != 0 ? confirmation.ttlSeconds : pending.ttlSeconds;
+    final destination = confirmation.destination.isNotEmpty ? confirmation.destination : pending.destination;
+    final cooldownSeconds = confirmation.cooldownSeconds;
+
+    return pending.copyWith(
+      ttlSeconds: ttlSeconds,
+      destination: destination,
+      cooldownSeconds: cooldownSeconds > 0 ? cooldownSeconds : null,
+      cooldownUntil: cooldownSeconds > 0 ? DateTime.now().add(confirmation.cooldownDuration) : null,
+      clearCooldown: cooldownSeconds <= 0,
+    );
+  }
+
+  void updatePendingLogin(ConfirmationResponse confirmation) {
+    final pending = _pendingLogin;
+    if (pending == null) return;
+    _pendingLogin = _applyConfirmationMeta(pending, confirmation);
+    notifyListeners();
+  }
+
  void completePendingLogin(Account account) {
    _pendingLogin = null;
    _authState = AuthState.ready;
--- a/frontend/pshared/lib/service/verification.dart
+++ b/frontend/pshared/lib/service/verification.dart
@@ -5,6 +5,7 @@ import 'package:pshared/api/responses/login.dart';
 import 'package:pshared/data/mapper/session_identifier.dart';
 import 'package:pshared/models/account/account.dart';
 import 'package:pshared/data/mapper/account/account.dart';
+import 'package:pshared/api/responses/confirmation.dart';
 import 'package:pshared/models/auth/pending_login.dart';
 import 'package:pshared/service/authorization/storage.dart';
 import 'package:pshared/service/services.dart';
@@ -15,24 +16,26 @@ class VerificationService {
  static final _logger = Logger('service.verification');
  static const String _objectType = Services.confirmations;

-  static Future<void> requestLoginCode(PendingLogin pending, {String? destination}) async {
+  static Future<ConfirmationResponse> requestLoginCode(PendingLogin pending, {String? destination}) async {
    _logger.fine('Requesting login confirmation code');
-    await getPOSTResponse(
+    final response = await getPOSTResponse(
      _objectType,
      '',
      LoginConfirmationRequest(destination: destination).toJson(),
      authToken: pending.pendingToken.token,
    );
+    return ConfirmationResponse.fromJson(response);
  }

-  static Future<void> resendLoginCode(PendingLogin pending, {String? destination}) async {
+  static Future<ConfirmationResponse> resendLoginCode(PendingLogin pending, {String? destination}) async {
    _logger.fine('Resending login confirmation code');
-    await getPOSTResponse(
+    final response = await getPOSTResponse(
      _objectType,
      '/resend',
      LoginConfirmationRequest(destination: destination).toJson(),
      authToken: pending.pendingToken.token,
    );
+    return ConfirmationResponse.fromJson(response);
  }

  static Future<Account> confirmLoginCode({