Merge branch 'development' into fix/dx-3434

Author: ntrjpatel

package-lock.json

@@ -18,7 +18,7 @@ $ npm install -g @contentstack/cli-auth
 $ csdx COMMAND
 running command...
 $ csdx (--version)
-@contentstack/cli-auth/1.5.2 darwin-x64 node-v22.18.0
+@contentstack/cli-auth/1.6.0 darwin-arm64 node-v22.14.0
 $ csdx --help [COMMAND]
 USAGE
   $ csdx COMMAND

packages/contentstack-auth/README.md

@@ -6,3 +6,4 @@ BRANCH_ENABLED_DELIVERY_TOKEN
 BRANCH_DISABLED_DELIVERY_TOKEN
 BRANCH_ENABLED_ENVIRONMENT
 BRANCH_DISABLED_ENVIRONMENT
+CONTENTSTACK_MFA_SECRET

packages/contentstack-auth/env.example

@@ -49,5 +49,16 @@
   "CLI_AUTH_TOKENS_VALIDATION_INVALID_API_KEY": "Invalid api key",
   "CLI_AUTH_EXIT_PROCESS": "Exiting the process...",
   "CLI_SELECT_TOKEN_TYPE": "Select the type of token to add",
-  "CLI_AUTH_ENTER_BRANCH": "Enter branch name"
+  "CLI_AUTH_MFA_INVALID_SECRET": "Invalid MFA secret format. Verify your authentication setup.",
+  "CLI_AUTH_MFA_GENERATION_FAILED": "Failed to generate MFA code. Switching to manual MFA code entry.",
+  "CLI_AUTH_MFA_DECRYPT_FAILED": "Failed to decrypt stored MFA secret. Try Resetting the MFA secret. Proceeding for Manual MFA code input.",
+  "CLI_AUTH_MFA_INVALID_CODE": "Invalid authentication code format.",
+  "CLI_AUTH_MFA_RECONFIGURE_HINT": "Consider reconfiguring MFA using config:mfa:add",
+  "CLI_AUTH_SMS_OTP_FAILED": "Failed to send SMS OTP. Try again or use a different two-factor authentication method.",
+  "CLI_AUTH_2FA_FAILED": "Two-factor authentication failed! Try again.",
+  "CLI_AUTH_LOGIN_NO_USER": "No user found with the provided credentials!",
+  "CLI_AUTH_LOGIN_NO_CREDENTIALS": "No credentials provided. Enter your email and password to log in.",
+  "CLI_AUTH_LOGOUT_NO_TOKEN": "No auth token found. Log in before logging out.",
+  "CLI_AUTH_TOKEN_VALIDATION_FAILED": "Token validation failed. Log in again.",
+  "CLI_AUTH_TOKEN_VALIDATION_NO_TOKEN": "No auth token found. Log in to continue.."
 }

packages/contentstack-auth/messages/index.json

@@ -1,7 +1,7 @@
 {
   "name": "@contentstack/cli-auth",
   "description": "Contentstack CLI plugin for authentication activities",
-  "version": "1.5.2",
+  "version": "1.6.0",
   "author": "Contentstack",
   "bugs": "https://github.com/contentstack/cli/issues",
   "scripts": {
@@ -25,7 +25,8 @@
     "@contentstack/cli-command": "~1.6.0",
     "@contentstack/cli-utilities": "~1.13.1",
     "@oclif/core": "^4.3.0",
-    "@oclif/plugin-help": "^6.2.28"
+    "@oclif/plugin-help": "^6.2.28",
+    "otplib": "^12.0.1"
   },
   "devDependencies": {
     "@fancy-test/nock": "^0.1.1",

packages/contentstack-auth/package.json

@@ -10,7 +10,7 @@ import {
   messageHandler,
 } from '@contentstack/cli-utilities';
 import { User } from '../../interfaces';
-import { authHandler, interactive } from '../../utils';
+import { authHandler, interactive, mfaHandler } from '../../utils';
 import { BaseCommand } from '../../base-command';
 
 export default class LoginCommand extends BaseCommand<typeof LoginCommand> {
@@ -40,6 +40,7 @@ export default class LoginCommand extends BaseCommand<typeof LoginCommand> {
       required: false,
       exclusive: ['oauth'],
     }),
+
     oauth: flags.boolean({
       description: 'Enables single sign-on (SSO) in Contentstack CLI.',
       required: false,
@@ -57,9 +58,9 @@ export default class LoginCommand extends BaseCommand<typeof LoginCommand> {
       log.debug('Initializing management API client', this.contextDetails);
       const managementAPIClient = await managementSDKClient({ host: this.cmaHost, skipTokenValidity: true });
       log.debug('Management API client initialized successfully', this.contextDetails);
-      
+
       const { flags: loginFlags } = await this.parse(LoginCommand);
-      log.debug('Token add flags parsed', {...this.contextDetails, flags: loginFlags});
+      log.debug('Token add flags parsed', { ...this.contextDetails, flags: loginFlags });
 
       authHandler.client = managementAPIClient;
       log.debug('Auth handler client set', this.contextDetails);
@@ -76,12 +77,22 @@ export default class LoginCommand extends BaseCommand<typeof LoginCommand> {
         log.debug('Starting basic authentication flow', this.contextDetails);
         const username = loginFlags?.username || (await interactive.askUsername());
         const password = loginFlags?.password || (await interactive.askPassword());
-        log.debug('Credentials obtained', { ...this.contextDetails, hasUsername: !!username, hasPassword: !!password });
+        log.debug('Credentials obtained', {
+          ...this.contextDetails,
+          hasUsername: !!username,
+          hasPassword: !!password,
+        });
+
         await this.login(username, password);
       }
     } catch (error) {
-      log.debug('Login command failed', { ...this.contextDetails, error });
-      cliux.error('CLI_AUTH_LOGIN_FAILED');
+      log.debug('Login command failed', {
+        ...this.contextDetails,
+        error,
+      });
+      if ((error?.message && error?.message.includes('2FA')) || error?.message.includes('MFA')) {
+        error.message = `${error.message}\nFor more information about MFA, visit: https://www.contentstack.com/docs/developers/security/multi-factor-authentication`;
+      }
       handleAndLogError(error, { ...this.contextDetails });
       process.exit();
     }
@@ -92,7 +103,19 @@ export default class LoginCommand extends BaseCommand<typeof LoginCommand> {
 
     try {
       log.debug('Calling auth handler login', this.contextDetails);
-      const user: User = await authHandler.login(username, password);
+      let tfaToken: string | undefined;
+
+      try {
+        tfaToken = await mfaHandler.getMFACode();
+        if (tfaToken) {
+          log.debug('MFA token generated from stored configuration', this.contextDetails);
+        }
+      } catch (error) {
+        log.debug('Failed to generate MFA token from config', { ...this.contextDetails, error });
+        tfaToken = undefined;
+      }
+
+      const user: User = await authHandler.login(username, password, tfaToken);
       log.debug('Auth handler login completed', {
         ...this.contextDetails,
         hasUser: !!user,