Merge branch 'main' of https://github.com/fosrl/pangolin

2025-08-04 10:05:53 +02:00 · 2024-12-24 16:01:29 -05:00 · 2024-12-24 16:01:29 -05:00 · 29bd88ebdf
commit 29bd88ebdf
parent 2f328fc719 e0b1aa98e0
15 changed files with 556 additions and 166 deletions
--- a/server/routers/auth/disable2fa.ts
+++ b/server/routers/auth/disable2fa.ts
@ -11,6 +11,9 @@ import { response } from "@server/utils";
 import { verifyPassword } from "@server/auth/password";
 import { verifyTotpCode } from "@server/auth/2fa";
 import logger from "@server/logger";
+import { sendEmail } from "@server/emails";
+import TwoFactorAuthNotification from "@server/emails/templates/TwoFactorAuthNotification";
+import config from "@server/config";

 export const disable2faBody = z
    .object({
@ -84,17 +87,22 @@ export async function disable2fa(
            );
        }

-        await db.transaction(async (trx) => {
-            await trx
-                .update(users)
-                .set({ twoFactorEnabled: false })
-                .where(eq(users.userId, user.userId));
+        await db
+            .update(users)
+            .set({ twoFactorEnabled: false })
+            .where(eq(users.userId, user.userId));

-            await trx
-                .delete(twoFactorBackupCodes)
-                .where(eq(twoFactorBackupCodes.userId, user.userId));
-        });
-        // TODO: send email to user confirming two-factor authentication is disabled
+        sendEmail(
+            TwoFactorAuthNotification({
+                email: user.email,
+                enabled: false
+            }),
+            {
+                to: user.email,
+                from: config.email?.no_reply,
+                subject: "Two-factor authentication disabled"
+            }
+        );

        return response<null>(res, {
            data: null,
--- a/server/routers/auth/requestTotpSecret.ts
+++ b/server/routers/auth/requestTotpSecret.ts
@ -25,6 +25,7 @@ export type RequestTotpSecretBody = z.infer<typeof requestTotpSecretBody>;

 export type RequestTotpSecretResponse = {
    secret: string;
+    uri: string;
 };

 export async function requestTotpSecret(
@ -75,7 +76,8 @@ export async function requestTotpSecret(

        return response<RequestTotpSecretResponse>(res, {
            data: {
-                secret: uri
+                secret,
+                uri
            },
            success: true,
            error: false,
--- a/server/routers/auth/verifyTotp.ts
+++ b/server/routers/auth/verifyTotp.ts
@ -11,6 +11,9 @@ import { alphabet, generateRandomString } from "oslo/crypto";
 import { hashPassword } from "@server/auth/password";
 import { verifyTotpCode } from "@server/auth/2fa";
 import logger from "@server/logger";
+import { sendEmail } from "@server/emails";
+import TwoFactorAuthNotification from "@server/emails/templates/TwoFactorAuthNotification";
+import config from "@server/config";

 export const verifyTotpBody = z
    .object({
@ -92,8 +95,6 @@ export async function verifyTotp(
            });
        }

-        // TODO: send email to user confirming two-factor authentication is enabled
-
        if (!valid) {
            return next(
                createHttpError(
@ -103,6 +104,18 @@ export async function verifyTotp(
            );
        }

+        sendEmail(
+            TwoFactorAuthNotification({
+                email: user.email,
+                enabled: true
+            }),
+            {
+                to: user.email,
+                from: config.email?.no_reply,
+                subject: "Two-factor authentication enabled"
+            }
+        );
+
        return response<VerifyTotpResponse>(res, {
            data: {
                valid,