mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-08-04 01:55:10 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

require 2fa for disable 2fa

Browse source
This commit is contained in:
Milo Schwartz 2024-10-05 14:00:55 -04:00
parent 76eeb335a3
commit 86fb43d570
No known key found for this signature in database
1 changed files with 42 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

43
server/routers/auth/disable2fa.ts
View file

@ -9,13 +9,20 @@ import { db } from "@server/db";
import { User, users } from "@server/db/schema";
import { eq } from "drizzle-orm";
import { response } from "@server/utils";
import { decodeHex } from "oslo/encoding";
import { TOTPController } from "oslo/otp";
export const disable2faBody = z.object({
password: z.string(),
code: z.string().optional(),
});
export type Disable2faBody = z.infer<typeof disable2faBody>;
export type Disable2faResponse = {
codeRequested?: boolean;
};
export async function disable2fa(
req: Request,
res: Response,
@ -32,7 +39,7 @@ export async function disable2fa(
);
}
const { password } = parsedBody.data;
const { password, code } = parsedBody.data;
const user = req.user as User;
try {
@ -54,6 +61,40 @@ export async function disable2fa(
"Two-factor authentication is already disabled",
),
);
} else {
if (!code) {
return response<{ codeRequested: boolean }>(res, {
data: { codeRequested: true },
success: true,
error: false,
message: "Two-factor authentication required",
status: HttpCode.ACCEPTED,
});
}
}
if (!user.twoFactorSecret) {
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Failed to authenticate user",
),
);
}
const validOTP = await new TOTPController().verify(
code,
decodeHex(user.twoFactorSecret),
);
if (!validOTP) {
await new Promise((resolve) => setTimeout(resolve, 250)); // delay to prevent brute force attacks
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"The two-factor code you entered is incorrect",
),
);
}
await db