return user email in /api/auth/mfa

README.md

@@ -715,6 +715,7 @@ Input:
 Output:
 - name: user name, could be an empty string
 - api_key: if MFA is not enabled, the `api key` is returned right away.
+- email: user email
 
 The `api_key` is used in all subsequent requests. It's empty if MFA is enabled.
 If user hasn't enabled MFA, `mfa_key` is empty.

app/api/views/auth_mfa.py

@@ -23,7 +23,8 @@ def auth_mfa():
         200 and user info containing:
         {
             name: "John Wick",
-            api_key: "a long string"
+            api_key: "a long string",
+            email: "user email"
         }
 
     """
@@ -55,7 +56,7 @@ def auth_mfa():
     if not totp.verify(mfa_token):
         return jsonify(error="Wrong TOTP Token"), 400
 
-    ret = {"name": user.name}
+    ret = {"name": user.name, "email": user.email}
 
     api_key = ApiKey.get_by(user_id=user.id, name=device)
     if not api_key:

tests/api/test_auth_mfa.py

@@ -29,6 +29,7 @@ def test_auth_mfa_success(flask_client):
 
     assert r.status_code == 200
     assert r.json["api_key"]
+    assert r.json["email"]
     assert r.json["name"] == "Test User"