finished totp endpoints

2025-08-03 17:44:44 +02:00 · 2024-10-02 21:55:49 -04:00 · 2024-10-02 21:55:49 -04:00 · 637007e060
commit 637007e060
parent e85c94d21d
10 changed files with 126 additions and 534 deletions
--- a/server/routers/auth/verifyTotp.ts
+++ b/server/routers/auth/verifyTotp.ts
@ -41,20 +41,31 @@ export async function verifyTotp(

    const { session, user } = await verifySession(req);
    if (!session) {
-        return unauthorized();
+        return next(unauthorized());
+    }
+
+    if (user.twoFactorEnabled) {
+        return next(
+            createHttpError(
+                HttpCode.BAD_REQUEST,
+                "Two-factor authentication is already enabled",
+            ),
+        );
    }

    if (!user.twoFactorSecret) {
-        return createHttpError(
-            HttpCode.BAD_REQUEST,
-            "User has not requested two-factor authentication",
+        return next(
+            createHttpError(
+                HttpCode.BAD_REQUEST,
+                "User has not requested two-factor authentication",
+            ),
        );
    }

    const totpController = new TOTPController();
    const valid = await totpController.verify(
-        user.twoFactorSecret,
-        decodeHex(code),
+        code,
+        decodeHex(user.twoFactorSecret),
    );

    if (valid) {