feat(core): generate totp secret

Author: wangsijie

packages/core/src/routes/account/index.openapi.json

@@ -306,6 +306,23 @@
         }
       }
     },
+    "/api/my-account/mfa-verifications/generate-totp-secret": {
+      "post": {
+        "operationId": "GenerateTotpSecret",
+        "summary": "Generate a TOTP secret",
+        "tags": [
+          {
+            "name": "Dev feature"
+          }
+        ],
+        "description": "Generate a TOTP secret for the user.",
+        "responses": {
+          "200": {
+            "description": "The TOTP secret was generated successfully."
+          }
+        }
+      }
+    },
     "/api/my-account/mfa-verifications/{verificationId}/name": {
       "patch": {
         "operationId": "UpdateMfaVerificationName",

packages/core/src/routes/account/mfa-verifications.ts

@@ -10,10 +10,12 @@ import { z } from 'zod';
 
 import koaGuard from '#src/middleware/koa-guard.js';
 
+import { EnvSet } from '../../env-set/index.js';
 import RequestError from '../../errors/RequestError/index.js';
 import { buildVerificationRecordByIdAndType } from '../../libraries/verification.js';
 import assertThat from '../../utils/assert-that.js';
 import { transpileUserMfaVerifications } from '../../utils/user.js';
+import { generateTotpSecret } from '../interaction/utils/totp-validation.js';
 import type { UserRouter, RouterInitArgs } from '../types.js';
 
 import { accountApiPrefix } from './constants.js';
@@ -122,6 +124,23 @@ export default function mfaVerificationsRoutes<T extends UserRouter>(
     }
   );
 
+  if (EnvSet.values.isDevFeaturesEnabled) {
+    router.post(
+      `${accountApiPrefix}/mfa-verifications/generate-totp-secret`,
+      koaGuard({
+        status: [200],
+      }),
+      async (ctx, next) => {
+        const secret = generateTotpSecret();
+        ctx.body = {
+          secret,
+        };
+
+        return next();
+      }
+    );
+  }
+
   // Update mfa verification name, only support webauthn
   router.patch(
     `${accountApiPrefix}/mfa-verifications/:verificationId/name`,

packages/integration-tests/src/api/my-account.ts

@@ -74,3 +74,6 @@ export const updateOtherProfile = async (api: KyInstance, body: Record<string, u
 
 export const getUserInfo = async (api: KyInstance) =>
   api.get('api/my-account').json<Partial<UserProfileResponse>>();
+
+export const generateTotpSecret = async (api: KyInstance) =>
+  api.post('api/my-account/mfa-verifications/generate-totp-secret').json<{ secret: string }>();

packages/integration-tests/src/tests/api/account/mfa.test.ts

@@ -2,6 +2,7 @@ import { UserScope } from '@logto/core-kit';
 import { MfaFactor } from '@logto/schemas';
 
 import { enableAllAccountCenterFields } from '#src/api/account-center.js';
+import { generateTotpSecret } from '#src/api/my-account.js';
 import {
   createWebAuthnRegistrationOptions,
   verifyWebAuthnRegistration,
@@ -17,6 +18,7 @@ import {
   enableUserControlledMfaWithTotpAndWebAuthn,
   resetMfaSettings,
 } from '#src/helpers/sign-in-experience.js';
+import { devFeatureTest } from '#src/utils.js';
 
 describe('my-account (mfa)', () => {
   beforeAll(async () => {
@@ -29,6 +31,21 @@ describe('my-account (mfa)', () => {
     await resetMfaSettings();
   });
 
+  devFeatureTest.describe('POST /my-account/mfa-verifications/generate-totp-secret', () => {
+    devFeatureTest.it('should be able to generate totp secret', async () => {
+      const { user, username, password } = await createDefaultTenantUserWithPassword();
+      const api = await signInAndGetUserApi(username, password, {
+        scopes: [UserScope.Profile, UserScope.Identities],
+      });
+
+      const { secret } = await generateTotpSecret(api);
+
+      expect(secret).toBeTruthy();
+
+      await deleteDefaultTenantUser(user.id);
+    });
+  });
+
   describe('POST /my-account/mfa-verifications/web-authn/registration', () => {
     it('should be able to get webauthn registration options', async () => {
       const { user, username, password } = await createDefaultTenantUserWithPassword();