refactor(core): Extract all Auth-related User columns into a separate entity (#9557)

Co-authored-by: Ricardo Espinoza <ricardo@n8n.io>

packages/cli/src/controllers/auth.controller.ts

@@ -79,16 +79,11 @@ export class AuthController {
 					throw new AuthError('MFA Error', 998);
 				}
 
-				const { decryptedRecoveryCodes, decryptedSecret } =
-					await this.mfaService.getSecretAndRecoveryCodes(user.id);
-
-				user.mfaSecret = decryptedSecret;
-				user.mfaRecoveryCodes = decryptedRecoveryCodes;
-
-				const isMFATokenValid =
-					(await this.validateMfaToken(user, mfaToken)) ||
-					(await this.validateMfaRecoveryCode(user, mfaRecoveryCode));
-
+				const isMFATokenValid = await this.mfaService.validateMfa(
+					user.id,
+					mfaToken,
+					mfaRecoveryCode,
+				);
 				if (!isMFATokenValid) {
 					throw new AuthError('Invalid mfa token or recovery code');
 				}
@@ -193,27 +188,4 @@ export class AuthController {
 		this.authService.clearCookie(res);
 		return { loggedOut: true };
 	}
-
-	private async validateMfaToken(user: User, token?: string) {
-		if (!!!token) return false;
-		return this.mfaService.totp.verifySecret({
-			secret: user.mfaSecret ?? '',
-			token,
-		});
-	}
-
-	private async validateMfaRecoveryCode(user: User, mfaRecoveryCode?: string) {
-		if (!!!mfaRecoveryCode) return false;
-		const index = user.mfaRecoveryCodes.indexOf(mfaRecoveryCode);
-		if (index === -1) return false;
-
-		// remove used recovery code
-		user.mfaRecoveryCodes.splice(index, 1);
-
-		await this.userService.update(user.id, {
-			mfaRecoveryCodes: this.mfaService.encryptRecoveryCodes(user.mfaRecoveryCodes),
-		});
-
-		return true;
-	}
 }