Need help: show modal to input code, if email is not confirmed when logging in

Hello everyone,

I need help figuring out a good workflow in the log-in process to show a modal, asking the user to input the 4 digit code that was sent to the email, if their email is not confirmed. The workflow so far:

1. User fills email and password.
2. User clicks submit button that triggers “security-login”.
3. Server queries ‘is_email_confirmed’ based on the identity from step 2.
4. (I’m already stuck here )

I also haven’t figured out how to generate the random 4 digit code server side, need some input on it as well.

thank you in advance!