mirror of
https://github.com/fosrl/pangolin.git
synced 2025-08-04 10:05:53 +02:00
disable 2fa and end email notifications
This commit is contained in:
Milo Schwartz
parent
ccc2e3358c
commit
cf75be5a6c
14 changed files with 555 additions and 173 deletions
83
server/emails/templates/TwoFactorAuthNotification.tsx
Normal file
83
server/emails/templates/TwoFactorAuthNotification.tsx
Normal file
|
|
@ -0,0 +1,83 @@
|
|||
import {
|
||||
Body,
|
||||
Container,
|
||||
Head,
|
||||
Heading,
|
||||
Html,
|
||||
Preview,
|
||||
Section,
|
||||
Text,
|
||||
Tailwind
|
||||
} from "@react-email/components";
|
||||
import * as React from "react";
|
||||
|
||||
interface Props {
|
||||
email: string;
|
||||
enabled: boolean;
|
||||
}
|
||||
|
||||
export const TwoFactorAuthNotification = ({ email, enabled }: Props) => {
|
||||
const previewText = `Two-Factor Authentication has been ${enabled ? "enabled" : "disabled"}`;
|
||||
|
||||
return (
|
||||
<Html>
|
||||
<Head />
|
||||
<Preview>{previewText}</Preview>
|
||||
<Tailwind
|
||||
config={{
|
||||
theme: {
|
||||
extend: {
|
||||
colors: {
|
||||
primary: "#16A34A"
|
||||
}
|
||||
}
|
||||
}
|
||||
}}
|
||||
>
|
||||
<Body className="font-sans">
|
||||
<Container className="bg-white border border-solid border-gray-200 p-6 max-w-lg mx-auto my-8 rounded-lg">
|
||||
<Heading className="text-2xl font-semibold text-gray-800 text-center">
|
||||
Two-Factor Authentication{" "}
|
||||
{enabled ? "Enabled" : "Disabled"}
|
||||
</Heading>
|
||||
<Text className="text-base text-gray-700 mt-4">
|
||||
Hi {email || "there"},
|
||||
</Text>
|
||||
<Text className="text-base text-gray-700 mt-2">
|
||||
This email confirms that Two-Factor Authentication
|
||||
has been successfully{" "}
|
||||
{enabled ? "enabled" : "disabled"} on your account.
|
||||
</Text>
|
||||
<Section className="text-center my-6">
|
||||
{enabled ? (
|
||||
<Text className="text-base text-gray-700">
|
||||
With Two-Factor Authentication enabled, your
|
||||
account is now more secure. Please ensure
|
||||
you keep your authentication method safe.
|
||||
</Text>
|
||||
) : (
|
||||
<Text className="text-base text-gray-700">
|
||||
With Two-Factor Authentication disabled,
|
||||
your account may be less secure. We
|
||||
recommend enabling it to protect your
|
||||
account.
|
||||
</Text>
|
||||
)}
|
||||
</Section>
|
||||
<Text className="text-base text-gray-700 mt-2">
|
||||
If you did not make this change, please contact our
|
||||
support team immediately.
|
||||
</Text>
|
||||
<Text className="text-sm text-gray-500 mt-6">
|
||||
Best regards,
|
||||
<br />
|
||||
Fossorial
|
||||
</Text>
|
||||
</Container>
|
||||
</Body>
|
||||
</Tailwind>
|
||||
</Html>
|
||||
);
|
||||
};
|
||||
|
||||
export default TwoFactorAuthNotification;
|
||||
|
|
@ -11,11 +11,16 @@ import { response } from "@server/utils";
|
|||
import { verifyPassword } from "@server/auth/password";
|
||||
import { verifyTotpCode } from "@server/auth/2fa";
|
||||
import logger from "@server/logger";
|
||||
import { sendEmail } from "@server/emails";
|
||||
import TwoFactorAuthNotification from "@server/emails/templates/TwoFactorAuthNotification";
|
||||
import config from "@server/config";
|
||||
|
||||
export const disable2faBody = z.object({
|
||||
password: z.string(),
|
||||
code: z.string().optional(),
|
||||
}).strict();
|
||||
export const disable2faBody = z
|
||||
.object({
|
||||
password: z.string(),
|
||||
code: z.string().optional()
|
||||
})
|
||||
.strict();
|
||||
|
||||
export type Disable2faBody = z.infer<typeof disable2faBody>;
|
||||
|
||||
|
|
@ -26,7 +31,7 @@ export type Disable2faResponse = {
|
|||
export async function disable2fa(
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction,
|
||||
next: NextFunction
|
||||
): Promise<any> {
|
||||
const parsedBody = disable2faBody.safeParse(req.body);
|
||||
|
||||
|
|
@ -34,8 +39,8 @@ export async function disable2fa(
|
|||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
fromError(parsedBody.error).toString(),
|
||||
),
|
||||
fromError(parsedBody.error).toString()
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -52,8 +57,8 @@ export async function disable2fa(
|
|||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
"Two-factor authentication is already disabled",
|
||||
),
|
||||
"Two-factor authentication is already disabled"
|
||||
)
|
||||
);
|
||||
} else {
|
||||
if (!code) {
|
||||
|
|
@ -62,7 +67,7 @@ export async function disable2fa(
|
|||
success: true,
|
||||
error: false,
|
||||
message: "Two-factor authentication required",
|
||||
status: HttpCode.ACCEPTED,
|
||||
status: HttpCode.ACCEPTED
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
@ -70,15 +75,15 @@ export async function disable2fa(
|
|||
const validOTP = await verifyTotpCode(
|
||||
code,
|
||||
user.twoFactorSecret!,
|
||||
user.userId,
|
||||
user.userId
|
||||
);
|
||||
|
||||
if (!validOTP) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
"The two-factor code you entered is incorrect",
|
||||
),
|
||||
"The two-factor code you entered is incorrect"
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -91,22 +96,32 @@ export async function disable2fa(
|
|||
.delete(twoFactorBackupCodes)
|
||||
.where(eq(twoFactorBackupCodes.userId, user.userId));
|
||||
|
||||
// TODO: send email to user confirming two-factor authentication is disabled
|
||||
sendEmail(
|
||||
TwoFactorAuthNotification({
|
||||
email: user.email,
|
||||
enabled: false
|
||||
}),
|
||||
{
|
||||
to: user.email,
|
||||
from: config.email?.no_reply,
|
||||
subject: "Two-factor authentication disabled"
|
||||
}
|
||||
);
|
||||
|
||||
return response<null>(res, {
|
||||
data: null,
|
||||
success: true,
|
||||
error: false,
|
||||
message: "Two-factor authentication disabled",
|
||||
status: HttpCode.OK,
|
||||
status: HttpCode.OK
|
||||
});
|
||||
} catch (error) {
|
||||
logger.error(error);
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.INTERNAL_SERVER_ERROR,
|
||||
"Failed to disable two-factor authentication",
|
||||
),
|
||||
"Failed to disable two-factor authentication"
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ export type RequestTotpSecretBody = z.infer<typeof requestTotpSecretBody>;
|
|||
|
||||
export type RequestTotpSecretResponse = {
|
||||
secret: string;
|
||||
uri: string;
|
||||
};
|
||||
|
||||
export async function requestTotpSecret(
|
||||
|
|
@ -75,7 +76,8 @@ export async function requestTotpSecret(
|
|||
|
||||
return response<RequestTotpSecretResponse>(res, {
|
||||
data: {
|
||||
secret: uri
|
||||
secret,
|
||||
uri
|
||||
},
|
||||
success: true,
|
||||
error: false,
|
||||
|
|
|
|||
|
|
@ -11,6 +11,9 @@ import { alphabet, generateRandomString } from "oslo/crypto";
|
|||
import { hashPassword } from "@server/auth/password";
|
||||
import { verifyTotpCode } from "@server/auth/2fa";
|
||||
import logger from "@server/logger";
|
||||
import { sendEmail } from "@server/emails";
|
||||
import TwoFactorAuthNotification from "@server/emails/templates/TwoFactorAuthNotification";
|
||||
import config from "@server/config";
|
||||
|
||||
export const verifyTotpBody = z
|
||||
.object({
|
||||
|
|
@ -90,8 +93,6 @@ export async function verifyTotp(
|
|||
}
|
||||
}
|
||||
|
||||
// TODO: send email to user confirming two-factor authentication is enabled
|
||||
|
||||
if (!valid) {
|
||||
return next(
|
||||
createHttpError(
|
||||
|
|
@ -101,6 +102,18 @@ export async function verifyTotp(
|
|||
);
|
||||
}
|
||||
|
||||
sendEmail(
|
||||
TwoFactorAuthNotification({
|
||||
email: user.email,
|
||||
enabled: true
|
||||
}),
|
||||
{
|
||||
to: user.email,
|
||||
from: config.email?.no_reply,
|
||||
subject: "Two-factor authentication enabled"
|
||||
}
|
||||
);
|
||||
|
||||
return response<VerifyTotpResponse>(res, {
|
||||
data: {
|
||||
valid,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue