Multi Factor Auth

[MukeshAbhi]

Description

Closes #945

This PR introduces Time-Based One-Time Password (TOTP) based Multi-Factor Authentication (MFA) to enhance account security.

Overview

• Implemented TOTP-based authentication using standard RFC 6238 compliant algorithm.
• Added QR code generation for seamless setup with authenticator apps (e.g., Google Authenticator, Authy).
• Added verification flow for validating one-time codes.
• Securely stores MFA secret associated with the user.
• Enforced TOTP validation during login when MFA is enabled.

API Changes

• POST /mfa/enable – Generates secret and QR code.
• POST /mfa/verify – Verifies TOTP code during setup/login.
• POST /mfa/disable – Disables MFA after verification.
• POST /mfa/cancel - Cancel MFA while in setup stage.
• POST/mfa/sigin - Sign-In flow if MFA enabled.

---

What type of PR is this? (Check all applicable)

• 🍕 Feature
• ✅ Test

---

Screenshots (if applicable)

• MFA Controller

• Signin Controller

• MFA Services

-Coverage Report
Services

Controller

---

Checklist

• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[sonarqubecloud]

Quality Gate passed

Issues
11 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud