function MfaVerifyStep({ mfaTicket }) { const [err, setErr] = React.useState(null); async function trySubmit(payload) { const r = await fetch(`${window.__bs_api}/api/auth/mfa/verify`, { method: "POST", credentials: "include", headers: { "content-type": "application/json", "x-csrf-token": window.__bs_csrf }, body: JSON.stringify({ mfa_ticket: mfaTicket, ...payload }), }); if (!r.ok) { setErr("Wrong code or passkey."); return; } location.assign("/"); } async function tryPasskey() { setErr(null); const optsRes = await fetch(`${window.__bs_api}/api/auth/login/passkey/options`, { method: "POST", credentials: "include", headers: { "content-type": "application/json", "x-csrf-token": window.__bs_csrf }, body: "{}", }); const { options, challenge_key } = await optsRes.json(); const assertion = await navigator.credentials.get({ publicKey: options }); await trySubmit({ passkey: { challenge_key, response: assertion } }); } return (
{ e.preventDefault(); trySubmit({ totp_code: new FormData(e.currentTarget).get("code") }); }}>
{ e.preventDefault(); const code = prompt("Enter one of your 8-character backup codes:"); if (code) trySubmit({ backup_code: code.trim().toUpperCase() }); }}>I lost everything — use a backup code {err &&

{err}

}
); } window.MfaVerifyStep = MfaVerifyStep;