Refactor: Implement full authentication overhaul

src/components/auth/TOTPSetup.tsx

@@ -10,19 +10,15 @@ import { useAuth } from '@/hooks/useAuth';
 import { supabase } from '@/integrations/supabase/client';
 import { Smartphone, Shield, Copy, Eye, EyeOff, Trash2 } from 'lucide-react';
 import { MFARemovalDialog } from './MFARemovalDialog';
-
-interface TOTPFactor {
-  id: string;
-  friendly_name?: string;
-  factor_type: string;
-  status: string;
-  created_at: string;
-}
+import { setStepUpRequired, getAuthMethod } from '@/lib/sessionFlags';
+import { useNavigate } from 'react-router-dom';
+import type { MFAFactor } from '@/types/auth';
 
 export function TOTPSetup() {
   const { user } = useAuth();
   const { toast } = useToast();
-  const [factors, setFactors] = useState<TOTPFactor[]>([]);
+  const navigate = useNavigate();
+  const [factors, setFactors] = useState<MFAFactor[]>([]);
   const [loading, setLoading] = useState(false);
   const [enrolling, setEnrolling] = useState(false);
   const [qrCode, setQrCode] = useState('');
@@ -111,10 +107,14 @@ export function TOTPSetup() {
 
       if (verifyError) throw verifyError;
 
-      // Check if user signed in via OAuth
-      const { data: { session } } = await supabase.auth.getSession();
-      const provider = session?.user?.app_metadata?.provider;
-      const isOAuthUser = provider === 'google' || provider === 'discord';
+      // Check if user signed in via OAuth and trigger step-up flow
+      const authMethod = getAuthMethod();
+      if (authMethod === 'oauth') {
+        console.log('[TOTPSetup] OAuth user enrolled MFA, triggering step-up...');
+        setStepUpRequired(true, window.location.pathname);
+        navigate('/auth/mfa-step-up');
+        return;
+      }
 
       toast({
         title: 'TOTP Enabled',