From 3bf0b7d8ed861f0b3670f399166f168f51f2f61e Mon Sep 17 00:00:00 2001
From: Princi Vershwal <vershwal.princi@gmail.com>
Date: Wed, 9 Oct 2024 17:18:48 +0100
Subject: [PATCH] Added sending of 2fa code email on sign in

---
 .../server/services/auth/session/middleware.js   |  1 +
 .../services/auth/session/middleware.test.js     | 16 +++++++++++++++-
 ghost/session-service/lib/session-service.js     |  2 +-
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/ghost/core/core/server/services/auth/session/middleware.js b/ghost/core/core/server/services/auth/session/middleware.js
index ab774da113..3eb6fe9786 100644
--- a/ghost/core/core/server/services/auth/session/middleware.js
+++ b/ghost/core/core/server/services/auth/session/middleware.js
@@ -11,6 +11,7 @@ function SessionMiddleware({sessionService}) {
                 if (isVerified) {
                     res.sendStatus(201);
                 } else {
+                    await sessionService.sendAuthCodeToUser(req, res);
                     throw new errors.NoPermissionError({
                         code: '2FA_TOKEN_REQUIRED',
                         errorType: 'Needs2FAError',
diff --git a/ghost/core/test/unit/server/services/auth/session/middleware.test.js b/ghost/core/test/unit/server/services/auth/session/middleware.test.js
index c5db915dd2..7c343189f0 100644
--- a/ghost/core/test/unit/server/services/auth/session/middleware.test.js
+++ b/ghost/core/test/unit/server/services/auth/session/middleware.test.js
@@ -87,7 +87,21 @@ describe('Session Service', function () {
             req.ip = '127.0.0.1';
             req.user = models.User.forge({id: 23});
 
-            sessionMiddleware.createSession(req, res, (err) => {
+            const middleware = SessionMiddlware({
+                sessionService: {
+                    createSessionForUser: function () {
+                        return Promise.resolve();
+                    },
+                    isVerifiedSession: function () {
+                        return Promise.resolve(false);
+                    },
+                    sendAuthCodeToUser: function () {
+                        return Promise.resolve();
+                    }
+                }
+            });
+
+            middleware.createSession(req, res, (err) => {
                 should.equal(err.statusCode, 403);
                 should.equal(err.code, '2FA_TOKEN_REQUIRED');
                 done();
diff --git a/ghost/session-service/lib/session-service.js b/ghost/session-service/lib/session-service.js
index 04852f12d9..b4f1bfa126 100644
--- a/ghost/session-service/lib/session-service.js
+++ b/ghost/session-service/lib/session-service.js
@@ -147,7 +147,7 @@ module.exports = function createSessionService({
     async function sendAuthCodeToUser(req, res) {
         const token = await generateAuthCodeForUser(req, res);
         const user = await getUserForSession(req, res);
-        if(!user) {
+        if (!user) {
             throw new BadRequestError({
                 message: 'Could not fetch user from the session.'
             });