contentstack
diff --git a/‎.talismanrc‎
Lines changed: 8 additions & 0 deletions b/‎.talismanrc‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎…k-config/src/commands/config/totp/add.ts‎ ‎…ck-config/src/commands/config/mfa/add.ts‎packages/contentstack-config/src/commands/config/totp/add.ts renamed to packages/contentstack-config/src/commands/config/mfa/add.ts
Lines changed: 20 additions & 20 deletions b/‎…k-config/src/commands/config/totp/add.ts‎ ‎…ck-config/src/commands/config/mfa/add.ts‎packages/contentstack-config/src/commands/config/totp/add.ts renamed to packages/contentstack-config/src/commands/config/mfa/add.ts
Lines changed: 20 additions & 20 deletions
diff --git a/‎…onfig/src/commands/config/totp/remove.ts‎ ‎…config/src/commands/config/mfa/remove.ts‎packages/contentstack-config/src/commands/config/totp/remove.ts renamed to packages/contentstack-config/src/commands/config/mfa/remove.ts
Lines changed: 17 additions & 17 deletions b/‎…onfig/src/commands/config/totp/remove.ts‎ ‎…config/src/commands/config/mfa/remove.ts‎packages/contentstack-config/src/commands/config/totp/remove.ts renamed to packages/contentstack-config/src/commands/config/mfa/remove.ts
Lines changed: 17 additions & 17 deletions
diff --git a/‎packages/contentstack-config/src/services/mfa/mfa-service.interface.ts‎
Lines changed: 12 additions & 0 deletions b/‎packages/contentstack-config/src/services/mfa/mfa-service.interface.ts‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎…config/src/services/totp/totp.service.ts‎ ‎…k-config/src/services/mfa/mfa.service.ts‎packages/contentstack-config/src/services/totp/totp.service.ts renamed to packages/contentstack-config/src/services/mfa/mfa.service.ts
Lines changed: 28 additions & 25 deletions b/‎…config/src/services/totp/totp.service.ts‎ ‎…k-config/src/services/mfa/mfa.service.ts‎packages/contentstack-config/src/services/totp/totp.service.ts renamed to packages/contentstack-config/src/services/mfa/mfa.service.ts
Lines changed: 28 additions & 25 deletions
diff --git a/‎packages/contentstack-config/src/services/mfa/mfa.types.ts‎
Lines changed: 17 additions & 0 deletions b/‎packages/contentstack-config/src/services/mfa/mfa.types.ts‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎packages/contentstack-config/src/services/mfa/types.ts‎
Lines changed: 20 additions & 0 deletions b/‎packages/contentstack-config/src/services/mfa/types.ts‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎packages/contentstack-config/src/services/totp/totp-service.interface.ts‎
Lines changed: 0 additions & 12 deletions b/‎packages/contentstack-config/src/services/totp/totp-service.interface.ts‎
Lines changed: 0 additions & 12 deletions
diff --git a/‎packages/contentstack-config/src/services/totp/totp.types.ts‎
Lines changed: 0 additions & 17 deletions b/‎packages/contentstack-config/src/services/totp/totp.types.ts‎
Lines changed: 0 additions & 17 deletions
@@ -45,5 +45,13 @@ fileignoreconfig:
   checksum: 63aeb5dc49a60c195a5cfcefd52aeb276f0bb5227152d44c7d6305b0dbf7bee5
 - filename: packages/contentstack-config/src/commands/config/totp/remove.ts
   checksum: 17f6576f90d3b30f37c5ef1318b188db2c70ab31e7fdedc3c94807d1eb822a8b
+- filename: packages/contentstack-config/src/services/mfa/types.ts
+  checksum: 2817710204fc907642803e514bb51df506f60a196d00548362e7178a3bf21208
+- filename: packages/contentstack-config/src/services/mfa/mfa-service.interface.ts
+  checksum: 68158e62e4e5f6d51538bed0789074a4f595f1e4b3a37e82edce6afe5b69bc30
+- filename: packages/contentstack-config/src/services/totp/types.ts
+  checksum: 3aaf2a825de2e8876590518bb6a5ae8f964d5d33188cbd44c3a8555507424a32
+- filename: packages/contentstack-config/test/unit/services/mfa.service.test.ts
+  checksum: 8ba652904813cc27d5be3c7829588c3f4b0a3b3fab50439676690fe95a1d4733
 version: "1.0"
 
@@ -1,33 +1,33 @@
 import { cliux } from '@contentstack/cli-utilities';
 import { Flags } from '@oclif/core';
 import { BaseCommand } from '../../../base-command';
-import { TOTPService } from '../../../services/totp/totp.service';
-import { TOTPError } from '../../../services/totp/types';
+import { MFAService } from '../../../services/mfa/mfa.service';
+import { MFAError } from '../../../services/mfa/mfa.types';
 
-export default class AddTOTPCommand extends BaseCommand<typeof AddTOTPCommand> {
-  static readonly description = 'Add TOTP secret for 2FA authentication';
+export default class AddMFACommand extends BaseCommand<typeof AddMFACommand> {
+  static readonly description = 'Add MFA secret for 2FA authentication';
 
   static readonly examples = [
-    '$ csdx config:totp:add',
+    '$ csdx config:mfa:add',
   ];
 
-  private readonly totpService: TOTPService;
+  private readonly mfaService: MFAService;
 
   constructor(argv: string[], config: any) {
     super(argv, config);
-    this.totpService = new TOTPService();
+    this.mfaService = new MFAService();
   }
 
   static readonly flags = {
     secret: Flags.string({
-      description: 'TOTP secret for 2FA authentication',
+      description: 'MFA secret for 2FA authentication',
       required: false,
     }),
   };
 
   async run(): Promise<void> {
     try {
-      const { flags } = await this.parse(AddTOTPCommand);
+      const { flags } = await this.parse(AddMFACommand);
       let secret = flags.secret;
 
       if (!secret) {
@@ -37,19 +37,19 @@ export default class AddTOTPCommand extends BaseCommand<typeof AddTOTPCommand> {
           message: 'Enter your secret:',
           validate: (input: string) => {
             if (!input) return 'Secret is required';
-            if (!this.totpService.validateSecret(input)) return 'Invalid TOTP secret format';
+            if (!this.mfaService.validateSecret(input)) return 'Invalid secret format';
             return true;
           },
         });
       }
 
       // Validate secret if provided via flag
-      if (!secret || !this.totpService.validateSecret(secret)) {
-        throw new TOTPError('Invalid TOTP secret format');
+      if (!secret || !this.mfaService.validateSecret(secret)) {
+        throw new MFAError('Invalid secret format');
       }
 
-      // Check if TOTP configuration already exists
-      const existingConfig = this.totpService.getStoredConfig();
+      // Check if MFA configuration already exists
+      const existingConfig = this.mfaService.getStoredConfig();
       if (existingConfig) {
         const confirm = await cliux.inquire({
           type: 'confirm',
@@ -65,20 +65,20 @@ export default class AddTOTPCommand extends BaseCommand<typeof AddTOTPCommand> {
 
       // Encrypt and store the secret
       try {
-        const encryptedSecret = this.totpService.encryptSecret(secret);
-        this.totpService.storeConfig({ secret: encryptedSecret });
+        const encryptedSecret = this.mfaService.encryptSecret(secret);
+        this.mfaService.storeConfig({ secret: encryptedSecret });
         cliux.success('Secret has been stored successfully');
       } catch (error) {
-        if (error instanceof TOTPError) {
+        if (error instanceof MFAError) {
           throw error;
         }
-        throw new TOTPError('Failed to store configuration');
+        throw new MFAError('Failed to store secret');
       }
     } catch (error) {
-      if (error instanceof TOTPError) {
+      if (error instanceof MFAError) {
         cliux.error(error.message);
       } else {
-        cliux.error('Failed to store configuration');
+        cliux.error('Failed to store secret');
       }
       throw error;
     }
 
@@ -1,15 +1,15 @@
 import { cliux } from '@contentstack/cli-utilities';
 import { BaseCommand } from '../../../base-command';
-import { TOTPService } from '../../../services/totp/totp.service';
-import { TOTPError } from '../../../services/totp/types';
+import { MFAService } from '../../../services/mfa/mfa.service';
+import { MFAError } from '../../../services/mfa/mfa.types';
 import { Flags } from '@oclif/core';
 
-export default class RemoveTOTPCommand extends BaseCommand<typeof RemoveTOTPCommand> {
+export default class RemoveMFACommand extends BaseCommand<typeof RemoveMFACommand> {
   static readonly description = 'Remove stored secret';
 
   static readonly examples = [
-    '$ csdx config:totp:remove',
-    '$ csdx config:totp:remove -y',
+    '$ csdx config:mfa:remove',
+    '$ csdx config:mfa:remove -y',
   ];
 
   static readonly flags = {
@@ -20,34 +20,34 @@ export default class RemoveTOTPCommand extends BaseCommand<typeof RemoveTOTPComm
     }),
   };
 
-  private readonly totpService: TOTPService;
+  private readonly mfaService: MFAService;
 
   constructor(argv: string[], config: any) {
     super(argv, config);
-    this.totpService = new TOTPService();
+    this.mfaService = new MFAService();
   }
 
   async run(): Promise<void> {
     try {
-      const { flags } = await this.parse(RemoveTOTPCommand);
+      const { flags } = await this.parse(RemoveMFACommand);
 
       let config;
       try {
-        config = this.totpService.getStoredConfig();
+        config = this.mfaService.getStoredConfig();
         if (!config?.secret) {
-          throw new TOTPError('Failed to remove configuration');
+          throw new MFAError('Failed to remove secret configuration');
         }
       } catch (error) {
-        if (error instanceof TOTPError) {
+        if (error instanceof MFAError) {
           throw error;
         }
-        throw new TOTPError('Failed to remove configuration');
+        throw new MFAError('Failed to remove secret configuration');
       }
 
       // Verify the configuration is valid
       let isCorrupted = false;
       try {
-        this.totpService.decryptSecret(config.secret);
+        this.mfaService.decryptSecret(config.secret);
       } catch (error) {
         this.logger.debug('Failed to decrypt secret', { error });
         isCorrupted = true;
@@ -73,17 +73,17 @@ export default class RemoveTOTPCommand extends BaseCommand<typeof RemoveTOTPComm
       }
 
       try {
-        this.totpService.removeConfig();
+        this.mfaService.removeConfig();
         cliux.success('Secret has been removed successfully');
       } catch (error) {
         this.logger.error('Failed to remove secret configuration', { error });
-        throw new TOTPError('Failed to remove configuration');
+        throw new MFAError('Failed to remove secret configuration');
       }
     } catch (error) {
-      if (error instanceof TOTPError) {
+      if (error instanceof MFAError) {
         cliux.error(error.message);
       } else {
-        cliux.error('Failed to remove configuration');
+        cliux.error('Failed to remove secret configuration');
       }
       throw error;
     }
 
@@ -0,0 +1,12 @@
+import { MFAConfig } from './mfa.types';
+
+export interface IMFAService {
+  validateSecret(secret: string): boolean;
+  encryptSecret(secret: string): string;
+  decryptSecret(encryptedSecret: string): string;
+  getStoredConfig(): MFAConfig | null;
+  storeConfig(config: Partial<MFAConfig>): void;
+  removeConfig(): void;
+  generateMFA(secret: string): string;
+  verifyMFA(secret: string, token: string): boolean;
+}
@@ -1,9 +1,9 @@
 import { configHandler, NodeCrypto, log } from '@contentstack/cli-utilities';
 import { authenticator } from 'otplib';
-import { TOTPConfig, TOTPError } from './totp.types';
-import { ITOTPService } from './totp-service.interface';
+import { MFAConfig, MFAError } from './mfa.types';
+import { IMFAService } from './mfa-service.interface';
 
-export class TOTPService implements ITOTPService {
+export class MFAService implements IMFAService {
   private readonly encrypter: NodeCrypto;
   private readonly logger = log;
 
@@ -28,15 +28,19 @@ export class TOTPService implements ITOTPService {
       return false;
     }
 
-    const paddingRegex = /=+$/;
+    // Check padding - must be 0, 2, 4, 5, 6, or 7 equals signs
+    const paddingRegex = /=*$/;
     const paddingMatch = paddingRegex.exec(normalizedSecret);
     if (paddingMatch) {
       const paddingLength = paddingMatch[0].length;
-      const unpadded = normalizedSecret.slice(0, -paddingLength);
-      if (paddingLength > 6 || unpadded.length % 8 !== 0) {
+      if (paddingLength === 1 || paddingLength === 3 || paddingLength > 7) {
         return false;
       }
-    } else if (normalizedSecret.length % 8 !== 0) {
+    }
+
+    // Check that the length without padding is a multiple of 8
+    const unpaddedLength = normalizedSecret.replace(/=+$/, '').length;
+    if (unpaddedLength % 8 !== 0) {
       return false;
     }
 
@@ -54,7 +58,7 @@ export class TOTPService implements ITOTPService {
       return this.encrypter.encrypt(secret.trim().toUpperCase());
     } catch (error) {
       this.logger.error('Secret encryption failed', { error });
-      throw new TOTPError('Failed to encrypt secret');
+      throw new MFAError('Failed to encrypt secret');
     }
   }
 
@@ -63,53 +67,52 @@ export class TOTPService implements ITOTPService {
       return this.encrypter.decrypt(encryptedSecret);
     } catch (error) {
       this.logger.error('Secret decryption failed', { error });
-      throw new TOTPError('Failed to decrypt secret');
+      throw new MFAError('Failed to decrypt secret');
     }
   }
 
-  getStoredConfig(): TOTPConfig | null {
+  getStoredConfig(): MFAConfig | null {
     try {
-      const config = configHandler.get('totp');
-      return config?.secret ? config as TOTPConfig : null;
+      const config = configHandler.get('mfa');
+      return config?.secret ? config as MFAConfig : null;
     } catch (error) {
       this.logger.error('Failed to read config', { error });
-      throw new TOTPError('Failed to read configuration');
+      throw new MFAError('Failed to read configuration');
     }
   }
 
-  storeConfig(config: Partial<TOTPConfig>): void {
+  storeConfig(config: Partial<MFAConfig>): void {
     try {
-      const updatedConfig: TOTPConfig = {
-        ...config,
-        last_updated: new Date().toISOString(),
-        secret: config.secret!
+      const updatedConfig: MFAConfig = {
+        secret: config.secret!,
+        last_updated: new Date().toISOString()
       };
-      configHandler.set('totp', updatedConfig);
+      configHandler.set('mfa', updatedConfig);
     } catch (error) {
       this.logger.error('Failed to store config', { error });
-      throw new TOTPError('Failed to store configuration');
+      throw new MFAError('Failed to store configuration');
     }
   }
 
   removeConfig(): void {
     try {
-      configHandler.delete('totp');
+      configHandler.delete('mfa');
     } catch (error) {
       this.logger.error('Failed to remove config', { error });
-      throw new TOTPError('Failed to remove configuration');
+      throw new MFAError('Failed to remove configuration');
     }
   }
 
-  generateTOTP(secret: string): string {
+  generateMFA(secret: string): string {
     try {
       return authenticator.generate(secret.trim().toUpperCase());
     } catch (error) {
       this.logger.error('Failed to generate code', { error });
-      throw new TOTPError('Failed to generate code');
+      throw new MFAError('Failed to generate code');
     }
   }
 
-  verifyTOTP(secret: string, token: string): boolean {
+  verifyMFA(secret: string, token: string): boolean {
     try {
       return authenticator.check(token, secret.trim().toUpperCase());
     } catch (error) {
 
@@ -0,0 +1,17 @@
+export interface MFAConfig {
+  secret: string;
+  last_updated: string;
+}
+
+export interface MFAValidationResult {
+  isValid: boolean;
+  error?: string;
+}
+
+export class MFAError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'MFAError';
+    Object.setPrototypeOf(this, MFAError.prototype);
+  }
+}
@@ -0,0 +1,20 @@
+export interface MFAConfig {
+  secret: string;
+  last_updated: string;
+}
+
+export interface MFAValidationResult {
+  isValid: boolean;
+  error?: string;
+}
+
+export interface IMFAService {
+  validateSecret(secret: string): boolean;
+  encryptSecret(secret: string): string;
+  decryptSecret(encryptedSecret: string): string;
+  getStoredConfig(): MFAConfig | null;
+  storeConfig(config: MFAConfig): void;
+  removeConfig(): void;
+  generateMFA(secret: string): string;
+  verifyMFA(secret: string, token: string): boolean;
+}