From 456232cd82983b50ad2ace03ab874c8bf8cd818f Mon Sep 17 00:00:00 2001
From: BOHA <boha@boha.cz>
Date: Mon, 23 Mar 2026 20:31:06 +0100
Subject: [PATCH] fix: dashboard TOTP status always showing inactive
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

loadAuthData() didn't include totp_enabled or require_2fa in the
AuthData response. The frontend always saw undefined → false.

Now includes both fields from the database.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 src/services/auth.ts | 2 ++
 src/types/index.ts   | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/src/services/auth.ts b/src/services/auth.ts
index c2bf035..41eee6b 100644
--- a/src/services/auth.ts
+++ b/src/services/auth.ts
@@ -59,6 +59,8 @@ async function loadAuthData(userId: number): Promise<AuthData | null> {
     roleId: user.role_id,
     roleName: user.roles?.name ?? null,
     permissions,
+    totp_enabled: !!user.totp_enabled,
+    require_2fa: !!(await prisma.company_settings.findFirst({ select: { require_2fa: true } }))?.require_2fa,
   };
 }
 
diff --git a/src/types/index.ts b/src/types/index.ts
index cce27f0..e5b0fbc 100644
--- a/src/types/index.ts
+++ b/src/types/index.ts
@@ -51,6 +51,8 @@ export interface AuthData {
   roleId: number | null;
   roleName: string | null;
   permissions: string[];
+  totp_enabled?: boolean;
+  require_2fa?: boolean;
 }
 
 export interface JwtPayload {