Implement mfa emails and apply James' updates

Author: ericallam

apps/webapp/app/routes/resources.account.mfa.setup/MfaDisableDialog.tsx

@@ -65,9 +65,9 @@ export function MfaDisableDialog({
         </DialogHeader>
         <Form method="post" onSubmit={handleSubmit}>
           {useRecoveryCode ? (
-            <>
+            <div className="pt-3">
               <Paragraph className="mb-6 text-center">
-                Enter one of your recovery codes.
+                Enter one of your recovery codes to disable MFA.
               </Paragraph>
               <Fieldset className="flex w-full flex-col items-center gap-y-2">
                 <InputGroup>
@@ -84,28 +84,28 @@ export function MfaDisableDialog({
                   />
                 </InputGroup>
               </Fieldset>
-
-              <Button
-                type="button"
-                onClick={handleSwitchToTotpCode}
-                variant="minimal/small"
-                className="mt-4"
-              >
-                Use an authenticator app
-              </Button>
-            </>
+              <div className="flex justify-center">
+                <Button
+                  type="button"
+                  onClick={handleSwitchToTotpCode}
+                  variant="minimal/small"
+                  className="my-4"
+                >
+                  Use an authenticator app
+                </Button>
+              </div>
+            </div>
           ) : (
-            <>
+            <div className="pt-3">
               <Paragraph variant="base" className="mb-6 text-center">
-                Enter the code from your authenticator app.
+                Enter the code from your authenticator app to disable MFA.
               </Paragraph>
               <Fieldset className="flex w-full flex-col items-center gap-y-2">
                 <InputOTP
                   maxLength={6}
                   value={totpCode}
                   onChange={(value) => setTotpCode(value)}
                   variant="large"
-                  fullWidth
                 >
                   <InputOTPGroup variant="large" fullWidth>
                     <InputOTPSlot index={0} autoFocus variant="large" fullWidth />
@@ -117,15 +117,17 @@ export function MfaDisableDialog({
                   </InputOTPGroup>
                 </InputOTP>
               </Fieldset>
-              <Button
-                type="button"
-                onClick={handleSwitchToRecoveryCode}
-                variant="minimal/small"
-                className="mt-4"
-              >
-                Use a recovery code
-              </Button>
-            </>
+              <div className="flex justify-center">
+                <Button
+                  type="button"
+                  onClick={handleSwitchToRecoveryCode}
+                  variant="minimal/small"
+                  className="my-4"
+                >
+                  Use a recovery code
+                </Button>
+              </div>
+            </div>
           )}
 
           {error && <FormError>{error}</FormError>}
@@ -147,4 +149,4 @@ export function MfaDisableDialog({
       </DialogContent>
     </Dialog>
   );
-}
+}

apps/webapp/app/routes/resources.account.mfa.setup/MfaSetupDialog.tsx

@@ -60,7 +60,7 @@ export function MfaSetupDialog({
 
   const downloadRecoveryCodes = () => {
     if (!recoveryCodes) return;
-    
+
     const content = recoveryCodes.join("\n");
     const blob = new Blob([content], { type: "text/plain" });
     const url = URL.createObjectURL(blob);
@@ -87,12 +87,12 @@ export function MfaSetupDialog({
                 Copy and store these recovery codes carefully in case you lose your device.
               </Paragraph>
 
-              <div className="flex flex-col gap-6 rounded border border-grid-dimmed bg-background-bright pt-6">
-                <div className="grid grid-cols-3 gap-2">
+              <div className="flex flex-col rounded border border-grid-dimmed bg-background-bright">
+                <div className="grid grid-cols-3 gap-x-2 gap-y-4 px-3 py-6">
                   {recoveryCodes.map((code, index) => (
-                    <div key={index} className="text-center font-mono text-sm text-text-bright">
+                    <span key={index} className="text-center font-mono text-xs text-text-bright">
                       {code}
-                    </div>
+                    </span>
                   ))}
                 </div>
                 <div className="flex items-center justify-end border-t border-grid-bright px-1.5 py-1.5">
@@ -145,15 +145,15 @@ export function MfaSetupDialog({
           <div className="flex flex-col gap-4 pt-3">
             <Paragraph>
               Scan the QR code below with your preferred authenticator app then enter the 6 digit
-              code that the app generates. Alternatively, you can copy the secret below and paste
-              it into your app.
+              code that the app generates. Alternatively, you can copy the secret below and paste it
+              into your app.
             </Paragraph>
 
             <div className="flex flex-col items-center justify-center gap-y-4 rounded border border-grid-dimmed bg-background-bright py-4">
               <div className="overflow-hidden rounded-lg border border-grid-dimmed">
                 <QRCodeSVG value={setupData.otpAuthUrl} size={300} marginSize={3} />
               </div>
-              <CopyableText value={setupData.secret} className="font-mono text-base tracking-wide" />
+              <CopyableText value={setupData.secret} className="font-mono text-sm tracking-wide" />
             </div>
 
             <div className="mb-4 flex items-center justify-center">
@@ -181,7 +181,7 @@ export function MfaSetupDialog({
             </div>
           </div>
 
-          {error && <FormError>{error}</FormError>}
+          <div className="mb-4 flex justify-center">{error && <FormError>{error}</FormError>}</div>
 
           <DialogFooter>
             <Button type="button" variant="secondary/medium" onClick={handleCancel}>
@@ -201,4 +201,4 @@ export function MfaSetupDialog({
       </DialogContent>
     </Dialog>
   );
-}
+}

apps/webapp/app/services/mfa/multiFactorAuthentication.server.ts

@@ -7,6 +7,7 @@ import { createHash } from "@better-auth/utils/hash";
 import { createOTP } from "@better-auth/utils/otp";
 import { base32 } from "@better-auth/utils/base32";
 import { z } from "zod";
+import { scheduleEmail } from "../email.server";
 
 const generateRandomString = createRandomStringGenerator("A-Z", "0-9");
 
@@ -99,6 +100,12 @@ export class MultiFactorAuthenticationService {
       },
     });
 
+    await scheduleEmail({
+      email: "mfa-disabled",
+      to: user.email,
+      userEmail: user.email,
+    });
+
     return {
       success: true,
     };
@@ -226,6 +233,12 @@ export class MultiFactorAuthenticationService {
       });
     }
 
+    await scheduleEmail({
+      email: "mfa-enabled",
+      to: user.email,
+      userEmail: user.email,
+    });
+
     return {
       success: true,
       recoveryCodes,

internal-packages/emails/emails/mfa-disabled.tsx

@@ -0,0 +1,48 @@
+import { Body, Container, Head, Html, Preview, Text } from "@react-email/components";
+import { Footer } from "./components/Footer";
+import { Image } from "./components/Image";
+import { container, h1, main, paragraphLight } from "./components/styles";
+import { z } from "zod";
+
+export const MfaDisabledEmailSchema = z.object({
+  email: z.literal("mfa-disabled"),
+  userEmail: z.string(),
+});
+
+type MfaDisabledEmailProps = z.infer<typeof MfaDisabledEmailSchema>;
+
+const previewDefaults: MfaDisabledEmailProps = {
+  email: "mfa-disabled",
+  userEmail: "user@example.com",
+};
+
+export default function Email(props: MfaDisabledEmailProps) {
+  const { userEmail } = {
+    ...previewDefaults,
+    ...props,
+  };
+
+  return (
+    <Html>
+      <Head />
+      <Preview>Multi-factor authentication disabled</Preview>
+      <Body style={main}>
+        <Container style={container}>
+          <Text style={h1}>Multi-factor authentication disabled</Text>
+          <Text style={paragraphLight}>Hi there,</Text>
+          <Text style={paragraphLight}>
+            You have successfully disabled multi-factor authentication (MFA) for your Trigger.dev
+            account ({userEmail}). Your account no longer has the additional security layer provided
+            by MFA.
+          </Text>
+          <Text style={paragraphLight}>
+            You can re-enable MFA at any time from your account security page. If you didn't disable
+            MFA, please contact our support team immediately.
+          </Text>
+          <Image path="/emails/logo-mono.png" width="120" height="22" alt="Trigger.dev" />
+          <Footer />
+        </Container>
+      </Body>
+    </Html>
+  );
+}

internal-packages/emails/emails/mfa-enabled.tsx

@@ -0,0 +1,62 @@
+import { Body, Container, Head, Html, Preview, Text } from "@react-email/components";
+import { Footer } from "./components/Footer";
+import { Image } from "./components/Image";
+import { container, h1, main, paragraphLight } from "./components/styles";
+import { z } from "zod";
+
+export const MfaEnabledEmailSchema = z.object({
+  email: z.literal("mfa-enabled"),
+  userEmail: z.string(),
+});
+
+type MfaEnabledEmailProps = z.infer<typeof MfaEnabledEmailSchema>;
+
+const previewDefaults: MfaEnabledEmailProps = {
+  email: "mfa-enabled",
+  userEmail: "user@example.com",
+};
+
+export default function Email(props: MfaEnabledEmailProps) {
+  const { userEmail } = {
+    ...previewDefaults,
+    ...props,
+  };
+
+  return (
+    <Html>
+      <Head />
+      <Preview>Multi-factor authentication enabled ✅</Preview>
+      <Body style={main}>
+        <Container style={container}>
+          <Text style={h1}>Multi-factor authentication enabled</Text>
+          <Text style={paragraphLight}>Hi there,</Text>
+          <Text style={paragraphLight}>
+            Multi-factor authentication was successfully enabled for your Trigger.dev account (
+            {userEmail}). If you did not make this change, contact our support team immediately.
+          </Text>
+          <Text style={paragraphLight}>
+            <strong>Staying secure:</strong>
+          </Text>
+          <Text style={paragraphLight}>
+            • Keep your authenticator app safe and secured
+            <br />
+            • Never share your MFA codes with anyone
+            <br />• Store your recovery codes in a secure location
+          </Text>
+          <Text
+            style={{
+              ...paragraphLight,
+              display: "block",
+              marginBottom: "50px",
+            }}
+          >
+            Your account now has an additional layer of protection and you'll need to enter a code
+            from your authenticator app when logging in.
+          </Text>
+          <Image path="/emails/logo-mono.png" width="120" height="22" alt="Trigger.dev" />
+          <Footer />
+        </Container>
+      </Body>
+    </Html>
+  );
+}

internal-packages/emails/src/index.tsx

@@ -12,8 +12,10 @@ import AlertDeploymentSuccessEmail, {
 } from "../emails/deployment-success";
 import InviteEmail, { InviteEmailSchema } from "../emails/invite";
 import MagicLinkEmail from "../emails/magic-link";
-import WelcomeEmail from "../emails/welcome";
+
 import { constructMailTransport, MailTransport, MailTransportOptions } from "./transports";
+import MfaEnabledEmail, { MfaEnabledEmailSchema } from "../emails/mfa-enabled";
+import MfaDisabledEmail, { MfaDisabledEmailSchema } from "../emails/mfa-disabled";
 
 export { type MailTransportOptions };
 
@@ -28,6 +30,8 @@ export const DeliverEmailSchema = z
     AlertAttemptEmailSchema,
     AlertDeploymentFailureEmailSchema,
     AlertDeploymentSuccessEmailSchema,
+    MfaEnabledEmailSchema,
+    MfaDisabledEmailSchema,
   ])
   .and(z.object({ to: z.string() }));
 
@@ -118,6 +122,18 @@ export class EmailClient {
           component: <AlertDeploymentSuccessEmail {...data} />,
         };
       }
+      case "mfa-enabled": {
+        return {
+          subject: `Multi-factor authentication enabled on your Trigger.dev account`,
+          component: <MfaEnabledEmail {...data} />,
+        };
+      }
+      case "mfa-disabled": {
+        return {
+          subject: `Multi-factor authentication disabled on your Trigger.dev account`,
+          component: <MfaDisabledEmail {...data} />,
+        };
+      }
     }
   }
 }