test: add integration tests for delete mfa

Author: wangsijie

packages/integration-tests/src/api/my-account.ts

@@ -90,3 +90,12 @@ export const addMfaVerification = async (
     json: body,
     headers: { [verificationRecordIdHeader]: verificationRecordId },
   });
+
+export const deleteMfaVerification = async (
+  api: KyInstance,
+  verificationId: string,
+  verificationRecordId: string
+) =>
+  api.delete(`api/my-account/mfa-verifications/${verificationId}`, {
+    headers: { [verificationRecordIdHeader]: verificationRecordId },
+  });

packages/integration-tests/src/tests/api/account/mfa.test.ts

@@ -4,6 +4,7 @@ import { MfaFactor } from '@logto/schemas';
 import { enableAllAccountCenterFields } from '#src/api/account-center.js';
 import {
   addMfaVerification,
+  deleteMfaVerification,
   generateTotpSecret,
   getMfaVerifications,
 } from '#src/api/my-account.js';
@@ -98,6 +99,41 @@ describe('my-account (mfa)', () => {
     });
   });
 
+  devFeatureTest.describe('DELETE /my-account/mfa-verifications/:verificationId', () => {
+    devFeatureTest.it('should be able to delete totp verification', async () => {
+      await enableAllAccountCenterFields();
+
+      const { user, username, password } = await createDefaultTenantUserWithPassword();
+      const api = await signInAndGetUserApi(username, password, {
+        scopes: [UserScope.Profile, UserScope.Identities],
+      });
+      const { secret } = await generateTotpSecret(api);
+      const verificationRecordId = await createVerificationRecordByPassword(api, password);
+
+      // Add TOTP verification
+      await addMfaVerification(api, verificationRecordId, {
+        type: MfaFactor.TOTP,
+        secret,
+      });
+
+      const mfaVerifications = await getMfaVerifications(api);
+      expect(mfaVerifications).toHaveLength(1);
+      expect(mfaVerifications[0]?.type).toBe(MfaFactor.TOTP);
+
+      const totpVerificationId = mfaVerifications[0]?.id;
+      expect(totpVerificationId).toBeTruthy();
+
+      // Delete TOTP verification
+      const deleteVerificationRecordId = await createVerificationRecordByPassword(api, password);
+      await deleteMfaVerification(api, totpVerificationId!, deleteVerificationRecordId);
+
+      const updatedMfaVerifications = await getMfaVerifications(api);
+      expect(updatedMfaVerifications).toHaveLength(0);
+
+      await deleteDefaultTenantUser(user.id);
+    });
+  });
+
   describe('POST /my-account/mfa-verifications/web-authn/registration', () => {
     it('should be able to get webauthn registration options', async () => {
       const { user, username, password } = await createDefaultTenantUserWithPassword();