Should Reverify
π¨βπΌ We need to keep track of when the user last submitted their 2FA code. We'll
store this in the
cookieSession
under 'verified-time'
.Then we'll implement a utility called
shouldRequestTwoFA
which will return
true
if the user should be asked to verify their 2FA code because it's been
too long since they last verified. We're defining "too long" as "two hours."Once you have that implemented, you can actually use it in the
action
to
determine whether the user who's logging in should be redirected to the
/verify
route before logging in or not.The emoji will guide you π¨ Enjoy!