Step 1 of 6
Locate and back up the user authentication module
Identify where users are stored and how passwords are verified so we can safely extend the model.
The app already has a User model (SQL or NoSQL) and a login route that checks email + password.
Search the codebase for the User schema/model definition and the login endpoint. List the exact file paths, show the fields defined in the User model, and copy the login function code that verifies the password. Include any ORM/ODM import statements. Do not modify anything yet.
Expected after this step
File paths and exact code snippets of the User model and login logic are displayed.
Should not happen
- ✕AI returns placeholder QR strings or dummy secret values
- ✕Missing database write of the generated secret
- ✕Using hard‑coded token checks instead of real TOTP verification
- ✕Providing only UI mockups instead of JSON API responses
Verify before continuing
Do not move on until every check is true. The complete button stays locked until then.
Do not continue if…
- !AI returns placeholder QR strings or dummy secret values
- !Missing database write of the generated secret
- !Using hard‑coded token checks instead of real TOTP verification
- !Providing only UI mockups instead of JSON API responses
- !Leaving TODO comments instead of implementing actual logic
- !Skipping migration or forgetting to import required libraries
If the AI messes this up
Use this when the AI fakes progress or breaks the feature. It forces a real fix.
The AI omitted the actual code or gave a placeholder path. Re‑prompt: Provide the exact, unredacted source code for the User model and the login function, including file locations. No summaries – raw code only.