IA-934 : [FEATURE] Two-Factor Authentication (2FA) - User Management Service (!68) · Requêtes de fusion · marketing confort / brainboost / brainboost-user-management-service · GitLab

khadija.elbachouri a demandé de fusionner feature/IA-934 vers develop mar. 23, 2026

What

Implemented two-factor authentication (2FA) for user login in the user management service.

Changes

New DTOs:

TwoFactorPreferenceRequest — enable/disable 2FA and set method (EMAIL/SMS)
TwoFactorVerifyRequest — verify OTP code
TwoFactorStatusResponse — return current 2FA status
LoginResponse — unified login response supporting both 2FA and non-2FA flows

UserService / UserServiceImpl:

Added authenticateBoWith2FA, authenticateApWith2FA, authenticateAeWith2FA
Added verifyTwoFactorCode — validates OTP and returns JWT
Added saveTwoFactorPreference — enable/disable 2FA per user
Added getTwoFactorStatus — returns current 2FA config for user

UserController:

Login endpoints now return LoginResponse instead of AuthenticationResponse
Added POST /two-factor/verify
Added PUT /two-factor/setup
Added GET /two-factor/status

ApiPaths:

Added TWO_FACTOR_VERIFY, TWO_FACTOR_SETUP, TWO_FACTOR_STATUS

Flow

User logs in → credentials verified
If 2FA disabled → JWT returned directly
If 2FA enabled → OTP sent by email, twoFactorRequired: true returned
User submits OTP → JWT returned after validation