1 files changed, 18 insertions, 7 deletions

diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts
index 5896fb90..3b0f8c61 100644
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@@ -11,7 +11,7 @@ import { getUserByEmail, getUserById } from '@/lib/users/repository'
 import { authenticateWithSGips, verifyExternalCredentials } from '@/lib/users/auth/verifyCredentails'
 import { verifyOtpTemp } from '@/lib/users/verifyOtp'
 import { getSecuritySettings } from '@/lib/password-policy/service'
-import { verifySmsToken } from '@/lib/users/auth/passwordUtil'
+import { verifySmsToken, verifyEmailToken } from '@/lib/users/auth/passwordUtil'
 import { SessionRepository } from '@/lib/users/session/repository'
 import { getUserRoles } from '@/lib/users/service'
 
@@ -161,14 +161,15 @@ export const authOptions: NextAuthOptions = {
       },
     }),
 
-    // ✅ MFA 완료 후 최종 인증 - roles 정보 추가
+    // ✅ MFA 완료 후 최종 인증 - roles 정보 추가 (SMS/Email OTP 지원)
     CredentialsProvider({
       id: 'credentials-mfa',
       name: 'MFA Verification',
       credentials: {
         userId: { label: 'User ID', type: 'text' },
-        smsToken: { label: 'SMS Token', type: 'text' },
+        smsToken: { label: 'SMS Token', type: 'text' }, // SMS 또는 Email OTP 토큰
         tempAuthKey: { label: 'Temp Auth Key', type: 'text' },
+        mfaType: { label: 'MFA Type', type: 'text' }, // 'sms' 또는 'email'
       },
       async authorize(credentials, req) {
         if (!credentials?.userId || !credentials?.smsToken || !credentials?.tempAuthKey) {
@@ -191,10 +192,20 @@ export const authOptions: NextAuthOptions = {
             return null
           }
 
-          // SMS 토큰 검증
-          const smsVerificationResult = await verifySmsToken(user.id, credentials.smsToken)
-          if (!smsVerificationResult || !smsVerificationResult.success) {
-            console.error('SMS token verification failed')
+          // MFA 타입에 따라 SMS 또는 Email OTP 검증
+          const mfaType = credentials.mfaType || 'sms'; // 기본값은 SMS
+          let verificationResult;
+
+          if (mfaType === 'email') {
+            verificationResult = await verifyEmailToken(user.id, credentials.smsToken)
+            console.log(`Email OTP verification for user ${user.email}:`, verificationResult.success)
+          } else {
+            verificationResult = await verifySmsToken(user.id, credentials.smsToken)
+            console.log(`SMS OTP verification for user ${user.email}:`, verificationResult.success)
+          }
+
+          if (!verificationResult || !verificationResult.success) {
+            console.error(`${mfaType.toUpperCase()} token verification failed`)
             return null
           }