Added API for sendingAuthCode

ghost/core/core/server/api/endpoints/session.js

@@ -64,6 +64,11 @@ const controller = {
         return Promise.resolve(function logoutSessionMw(req, res, next) {
             auth.session.logout(req, res, next);
         });
+    },
+    verify(frame) {
+        return Promise.resolve(function sendAuthCodeMw(req, res, next) {
+            auth.session.sendAuthCode(req, res, next);
+        });
     }
 };
 

ghost/core/core/server/services/auth/session/middleware.js

@@ -31,10 +31,20 @@ function SessionMiddleware({sessionService}) {
         }
     }
 
+    async function sendAuthCode(req, res, next) {
+        try {
+            await sessionService.sendAuthCodeToUser(req, res);
+            res.sendStatus(201);
+        } catch (err) {
+            next(err);
+        }
+    }
+
     return {
         createSession: createSession,
         logout: logout,
-        authenticate: authenticate
+        authenticate: authenticate,
+        sendAuthCode: sendAuthCode
     };
 }
 

ghost/core/core/server/web/api/endpoints/admin/routes.js

@@ -243,6 +243,8 @@ module.exports = function apiRoutes() {
         http(api.session.add)
     );
     router.del('/session', mw.authAdminApi, http(api.session.delete));
+    // resending verification code for 2FA
+    router.post('/session/verify', mw.authAdminApi, http(api.session.verify));
 
     // ## Identity
     router.get('/identities', mw.authAdminApi, http(api.identities.read));

ghost/session-service/lib/session-service.js

@@ -28,6 +28,9 @@ const {
  * @prop {(req: Req, res: Res) => Promise<void>} removeUserForSession
  * @prop {(req: Req, res: Res, user: User) => Promise<void>} createSessionForUser
  * @prop {(req: Req, res: Res) => Promise<void>} verifySession
+ * @prop {(req: Req, res: Res) => Promise<void>} sendAuthCodeToUser
+ * @prop {(req: Req, res: Res) => string} generateAuthCodeForUser
+ * @prop {(req: Req, res: Res) => Promise<void>} verifyAuthCodeForUser
  */
 
 /**
@@ -86,6 +89,42 @@ module.exports = function createSessionService({getSession, findUserById, getOri
         session.ip = req.ip;
     }
 
+    /**
+     * generateAuthCodeForUser
+     *
+     * @param {Req} req
+     * @param {Res} res
+     * @returns {string}
+     */
+    async function generateAuthCodeForUser(req, res) {
+        return '123456';
+        
+    }
+
+    /**
+     * verifyAuthCodeForUser
+     *
+     * @param {Req} req
+     * @param {Res} res
+     * @returns {Promise<void>}
+     */
+    async function verifyAuthCodeForUser(req, res) {
+        
+        
+    }
+
+    /**
+     * sendAuthCodeToUser
+     *
+     * @param {Req} req
+     * @param {Res} res
+     * @returns {Promise<void>}
+     */
+    async function sendAuthCodeToUser(req, res) {
+        generateAuthCodeForUser();
+        // send auth code to user
+    }
+
     /**
      * verifySession
      *
@@ -145,6 +184,8 @@ module.exports = function createSessionService({getSession, findUserById, getOri
         getUserForSession,
         createSessionForUser,
         removeUserForSession,
-        verifySession
+        verifySession,
+        sendAuthCodeToUser,
+        verifyAuthCodeForUser
     };
 };