2 files changed, 62 insertions, 22 deletions
diff --git a/client/src/app/+login/login.component.html b/client/src/app/+login/login.component.html
index f3a2476f9..49b443a20 100644
--- a/client/src/app/+login/login.component.html
+++ b/client/src/app/+login/login.component.html
@@ -39,34 +39,48 @@
      <div class="login-form-and-externals">
        <form myPluginSelector pluginSelectorId="login-form" role="form" (ngSubmit)="login()" [formGroup]="form">
-          <div class="form-group">
+          <ng-container *ngIf="!otpStep">
-            <div>
+            <div class="form-group">
-              <label i18n for="username">Username or email address</label>
+              <div>
-              <input
+                <label i18n for="username">Username or email address</label>
-                type="text" id="username" i18n-placeholder placeholder="Example: john@example.com" required tabindex="1"
+                <input
-                formControlName="username" class="form-control" [ngClass]="{ 'input-error': formErrors['username'] }" myAutofocus
+                  type="text" id="username" i18n-placeholder placeholder="Example: john@example.com" required tabindex="1"
-              >
+                  formControlName="username" class="form-control" [ngClass]="{ 'input-error': formErrors['username'] }" myAutofocus
+                >
+              </div>
+              <div *ngIf="formErrors.username" class="form-error">{{ formErrors.username }}</div>
+              <div *ngIf="hasUsernameUppercase()" i18n class="form-warning">
+                ⚠️ Most email addresses do not include capital letters.
+              </div>
            </div>
-            <div *ngIf="formErrors.username" class="form-error">{{ formErrors.username }}</div>
+            <div class="form-group">
+              <label i18n for="password">Password</label>
-            <div *ngIf="hasUsernameUppercase()" i18n class="form-warning">
+              <my-input-text
-              ⚠️ Most email addresses do not include capital letters.
+                formControlName="password" inputId="password" i18n-placeholder placeholder="Password"
+                [formError]="formErrors['password']" autocomplete="current-password" [tabindex]="2"
+              ></my-input-text>
            </div>
-          </div>
+          </ng-container>
+          <div *ngIf="otpStep" class="form-group">
+            <p i18n>Enter the two-factor code generated by your phone app:</p>
-          <div class="form-group">
+            <label i18n for="otp-token">Two factor authentication token</label>
-            <label i18n for="password">Password</label>
            <my-input-text
-              formControlName="password" inputId="password" i18n-placeholder placeholder="Password"
+              #otpTokenInput
-              [formError]="formErrors['password']" autocomplete="current-password" [tabindex]="2"
+              [show]="true" formControlName="otp-token" inputId="otp-token"
+              [formError]="formErrors['otp-token']" autocomplete="otp-token"
            ></my-input-text>
          </div>
          <input type="submit" class="peertube-button orange-button" i18n-value value="Login" [disabled]="!form.valid">
-          <div class="additional-links">
+          <div *ngIf="!otpStep" class="additional-links">
            <a i18n role="button" class="link-orange" (click)="openForgotPasswordModal()" i18n-title title="Click here to reset your password">I forgot my password</a>
            <ng-container *ngIf="signupAllowed">
diff --git a/client/src/app/+login/login.component.ts b/client/src/app/+login/login.component.ts
index 2ed9be16c..9095e43a7 100644
--- a/client/src/app/+login/login.component.ts
+++ b/client/src/app/+login/login.component.ts
@@ -4,7 +4,8 @@ import { ActivatedRoute, Router } from '@angular/router'
 import { AuthService, Notifier, RedirectService, SessionStorageService, UserService } from '@app/core'
 import { HooksService } from '@app/core/plugins/hooks.service'
 import { LOGIN_PASSWORD_VALIDATOR, LOGIN_USERNAME_VALIDATOR } from '@app/shared/form-validators/login-validators'
-import { FormReactive, FormValidatorService } from '@app/shared/shared-forms'
+import { USER_OTP_TOKEN_VALIDATOR } from '@app/shared/form-validators/user-validators'
+import { FormReactive, FormValidatorService, InputTextComponent } from '@app/shared/shared-forms'
 import { InstanceAboutAccordionComponent } from '@app/shared/shared-instance'
 import { NgbAccordion, NgbModal, NgbModalRef } from '@ng-bootstrap/ng-bootstrap'
 import { PluginsManager } from '@root-helpers/plugins-manager'
@@ -20,6 +21,7 @@ export class LoginComponent extends FormReactive implements OnInit, AfterViewIni
  private static SESSION_STORAGE_REDIRECT_URL_KEY = 'login-previous-url'
  @ViewChild('forgotPasswordModal', { static: true }) forgotPasswordModal: ElementRef
+  @ViewChild('otpTokenInput') otpTokenInput: InputTextComponent
  accordion: NgbAccordion
  error: string = null
@@ -37,6 +39,8 @@ export class LoginComponent extends FormReactive implements OnInit, AfterViewIni
    codeOfConduct: false
  }
+  otpStep = false
  private openedForgotPasswordModal: NgbModalRef
  private serverConfig: ServerConfig
@@ -82,7 +86,11 @@ export class LoginComponent extends FormReactive implements OnInit, AfterViewIni
    // Avoid undefined errors when accessing form error properties
    this.buildForm({
      username: LOGIN_USERNAME_VALIDATOR,
-      password: LOGIN_PASSWORD_VALIDATOR
+      password: LOGIN_PASSWORD_VALIDATOR,
+      'otp-token': {
+        VALIDATORS: [], // Will be set dynamically
+        MESSAGES: USER_OTP_TOKEN_VALIDATOR.MESSAGES
+      }
    })
    this.serverConfig = snapshot.data.serverConfig
@@ -118,13 +126,20 @@ export class LoginComponent extends FormReactive implements OnInit, AfterViewIni
  login () {
    this.error = null
-    const { username, password } = this.form.value
+    const options = {
+      username: this.form.value['username'],
+      password: this.form.value['password'],
+      otpToken: this.form.value['otp-token']
+    }
-    this.authService.login(username, password)
+    this.authService.login(options)
+      .pipe()
      .subscribe({
        next: () => this.redirectService.redirectToPreviousRoute(),
-        error: err => this.handleError(err)
+        error: err => {
+          this.handleError(err)
+        }
      })
  }
@@ -162,7 +177,7 @@ The link will expire within 1 hour.`
  private loadExternalAuthToken (username: string, token: string) {
    this.isAuthenticatedWithExternalAuth = true
-    this.authService.login(username, null, token)
+    this.authService.login({ username, password: null, token })
      .subscribe({
        next: () => {
          const redirectUrl = this.storage.getItem(LoginComponent.SESSION_STORAGE_REDIRECT_URL_KEY)
@@ -182,6 +197,17 @@ The link will expire within 1 hour.`
  }
  private handleError (err: any) {
+    if (this.authService.isOTPMissingError(err)) {
+      this.otpStep = true
+      setTimeout(() => {
+        this.form.get('otp-token').setValidators(USER_OTP_TOKEN_VALIDATOR.VALIDATORS)
+        this.otpTokenInput.focus()
+      })
+      return
+    }
    if (err.message.indexOf('credentials are invalid') !== -1) this.error = $localize`Incorrect username or password.`
    else if (err.message.indexOf('blocked') !== -1) this.error = $localize`Your account is blocked.`
    else this.error = err.message