flip_api.user_services.mfa_status
=================================

.. py:module:: flip_api.user_services.mfa_status


Attributes
----------

.. autoapisummary::

   flip_api.user_services.mfa_status.router


Functions
---------

.. autoapisummary::

   flip_api.user_services.mfa_status.get_own_mfa_status


Module Contents
---------------

.. py:data:: router

.. py:function:: get_own_mfa_status(request: fastapi.Request, token_id: uuid.UUID = Depends(verify_token_no_mfa)) -> dict[str, bool]

   Report whether the caller has an active TOTP authenticator and
   whether this environment requires one.

   Exempt from the MFA gate so a freshly-invited or admin-reset user can
   discover their enrolment state and be routed to the setup page.

   :param request: FastAPI request object, used to resolve the Cognito user
                   pool id.
   :param token_id: ID of the authenticated user (from the bearer token).

   :returns: ``{"enabled": <bool>, "required": <bool>}``.
             ``enabled`` reflects whether the caller has a verified and active
             TOTP device; ``required`` mirrors Settings.ENFORCE_MFA so the UI
             can skip the enrolment redirect in dev without a second env var.
   :rtype: dict[str, bool]

   :raises HTTPException: 404 if the token's sub does not resolve to a
   :raises Cognito user, 500 on Cognito errors.: