feat(core): Allow enforcement of MFA usage on instance (#16556)

Co-authored-by: Marc Littlemore <marc@n8n.io>
Co-authored-by: Csaba Tuncsik <csaba.tuncsik@gmail.com>

packages/frontend/@n8n/rest-api-client/src/api/mfa.ts

@@ -33,3 +33,9 @@ export type DisableMfaParams = {
 export async function disableMfa(context: IRestApiContext, data: DisableMfaParams): Promise<void> {
 	return await makeRestApiRequest(context, 'POST', '/mfa/disable', data);
 }
+
+export async function updateEnforceMfa(context: IRestApiContext, enforce: boolean): Promise<void> {
+	return await makeRestApiRequest(context, 'POST', '/mfa/enforce-mfa', {
+		enforce,
+	});
+}

packages/frontend/@n8n/rest-api-client/src/utils.ts

@@ -19,6 +19,13 @@ const getBrowserId = () => {
 export const NO_NETWORK_ERROR_CODE = 999;
 export const STREAM_SEPERATOR = '⧉⇋⇋➽⌑⧉§§\n';
 
+export class MfaRequiredError extends ApplicationError {
+	constructor() {
+		super('MFA is required to access this resource. Please set up MFA in your user settings.');
+		this.name = 'MfaRequiredError';
+	}
+}
+
 export class ResponseError extends ApplicationError {
 	// The HTTP status code of response
 	httpStatusCode?: number;
@@ -114,6 +121,9 @@ export async function request(config: {
 		}
 
 		const errorResponseData = error.response?.data;
+		if (errorResponseData?.mfaRequired === true) {
+			throw new MfaRequiredError();
+		}
 		if (errorResponseData?.message !== undefined) {
 			if (errorResponseData.name === 'NodeApiError') {
 				errorResponseData.httpStatusCode = error.response.status;