Current section: Verify Two-Factor Authentication (2FA) 4 exercises

Switching to Verified Session ID After Code Verification

Loading exercise


00:00 For this next step, we need to actually handle the code once it's been submitted. So we already have the verification to verify that the code is correct, and we have our verify query params and all that stuff that will say this is a two-factor auth code and all that stuff. So what we need to do is actually handle,

00:18 after that verification has been done, to switch from the unverified session ID to a verified session ID in our regular cookie session. And so that's your step here. It shouldn't be overly complicated. You've already done a lot of verification in the past. The tricky bit here is if you happened to forget

00:38 or didn't save or something, the verification for the two-factor auth code that you created for the Kodi user, and so you can't create a new code here. That is the case for myself. And so I wanna show you how to overcome that problem because I imagine that'll be a problem for some of you because now we've just locked ourselves out.

00:56 So there are a couple of ways you could do this. You could just look in the database and find the secret and all that information if you want to, and reconstruct that. But I think it's easier just to do it this way. We're gonna run npx prisma db seed, and this will delete all of the things and recreate Kodi and all of the different things

01:15 without any verifications. And so with that now, we can restart the app. And with that app restarted, come on, let's go. Almost done here. I'll go to the homepage here. There we go. Now, if I try to log in as Kodi, he no longer has a verification. And so we can come in here

01:33 and enable two-factor authentication and copy this. And we've got that code that we had previously. We can save this as otp.js in the Playground directory here, that'll work.

01:49 Okay, and then just paste that URL right there. And so then we can run node-otp, and that'll give us a code we can use. And now we have two-factor auth enabled again. And now just keep hold of this

02:09 or put it in a two-factor auth app or something like that, because you're gonna need to do this a couple of times as we're testing things out. So with that, you should be good here. And actually with where we're at right now, if I log out and log in, we can test out this a little bit to make sure that we've got the right two-factor auth code.

02:31 So if we run this again, then we've got our new auth code. And what this should say is that it's not yet implemented. If we don't have the right auth code, then it should verify and say that's invalid auth code. So we do at least now have the ability to generate auth code. So if you get stuck and you're like,

02:49 oh no, I don't remember the auth code, you can simply reseed the database and then recreate or go through the two-factor enable flow, and then you can get a new auth code that way. So that should get you all set up for this next task. Have a good time with it.