In the draft docs for Meteor 2FA, the following code is provided:
<button
onClick={() => {
Accounts.has2faEnabled(username, (err, isEnabled) => {
if (err) {
console.error("Error verifying if user has 2fa enabled", err);
return;
}
if (isEnabled) {
// send user to a page or show a component
// where they can provide a 2FA code
setShouldAskCode(true);
return;
}
// Normal login when they don't have 2FA enabled.
Meteor.loginWithPassword(username, password, error => {
if (error) {
console.error("Error trying to log in (user without 2fa)", error);
}
});
});
}
}>
Login
</button>
It also says:
If the user has 2FA enabled, and you try to use the function
Meteor.loginWithPassword
, the login will fail, as the user should provide a code to access the app.The function you will need to call now to allow the user to login is
Meteor.loginWithPasswordAnd2faCode
It sounds like we’re supposed to call Accounts.has2faEnabled
before the user has logged in. But if the user has not logged in, how can we provide username
to Accounts.has2faEnabled
?
UPDATE: Hmmm… Do I first put up a login dialog asking for username and password, and then check to see if they have 2FA enabled, and only then log them in - after getting their authenticator code if they have 2FA enabled?