summary refs log tree commit diff
path: root/api
diff options
context:
space:
mode:
authorMadeline <46743919+MaddyUnderStars@users.noreply.github.com>2022-07-20 22:04:19 +1000
committerMadeline <46743919+MaddyUnderStars@users.noreply.github.com>2022-07-20 22:04:19 +1000
commiteb7f2c7b72f545b99949e4290bc38cb448903141 (patch)
treef1e20ecf6efca0d4ad54649746dd2d9170a50fb3 /api
parentAdd node-2fa to package.json (diff)
downloadserver-eb7f2c7b72f545b99949e4290bc38cb448903141.tar.xz
Add config `security_twoFactor_generateBackupCodes` to control backup code generation
Diffstat (limited to 'api')
-rw-r--r--api/src/routes/users/@me/mfa/codes.ts4
-rw-r--r--api/src/routes/users/@me/mfa/totp/enable.ts11
2 files changed, 9 insertions, 6 deletions
diff --git a/api/src/routes/users/@me/mfa/codes.ts b/api/src/routes/users/@me/mfa/codes.ts
index 2a1fb498..6ddf32f0 100644
--- a/api/src/routes/users/@me/mfa/codes.ts
+++ b/api/src/routes/users/@me/mfa/codes.ts
@@ -1,6 +1,6 @@
 import { Router, Request, Response } from "express";
 import { route } from "@fosscord/api";
-import { BackupCode, FieldErrors, generateMfaBackupCodes, User } from "@fosscord/util";
+import { BackupCode, Config, FieldErrors, generateMfaBackupCodes, User } from "@fosscord/util";
 import bcrypt from "bcrypt";
 
 const router = Router();
@@ -22,7 +22,7 @@ router.post("/", route({ body: "MfaCodesSchema" }), async (req: Request, res: Re
 	}
 
 	var codes: BackupCode[];
-	if (regenerate) {
+	if (regenerate && Config.get().security.twoFactor.generateBackupCodes) {
 		await BackupCode.update(
 			{ user: { id: req.user_id } },
 			{ expired: true }
diff --git a/api/src/routes/users/@me/mfa/totp/enable.ts b/api/src/routes/users/@me/mfa/totp/enable.ts
index bc5f16ad..87f36d55 100644
--- a/api/src/routes/users/@me/mfa/totp/enable.ts
+++ b/api/src/routes/users/@me/mfa/totp/enable.ts
@@ -1,10 +1,9 @@
 import { Router, Request, Response } from "express";
-import { User, generateToken, BackupCode, generateMfaBackupCodes } from "@fosscord/util";
+import { User, generateToken, BackupCode, generateMfaBackupCodes, Config } from "@fosscord/util";
 import { route } from "@fosscord/api";
 import bcrypt from "bcrypt";
 import { HTTPError } from "lambert-server";
 import { verifyToken } from 'node-2fa';
-import crypto from "crypto";
 
 const router = Router();
 
@@ -35,8 +34,12 @@ router.post("/", route({ body: "TotpEnableSchema" }), async (req: Request, res:
 	if (verifyToken(body.secret, body.code)?.delta != 0)
 		throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008);
 
-	let backup_codes = generateMfaBackupCodes(req.user_id);
-	await Promise.all(backup_codes.map(x => x.save()));
+	let backup_codes: BackupCode[] = [];
+	if (Config.get().security.twoFactor.generateBackupCodes) {
+		backup_codes = generateMfaBackupCodes(req.user_id);
+		await Promise.all(backup_codes.map(x => x.save()));
+	}
+
 	await User.update(
 		{ id: req.user_id },
 		{ mfa_enabled: true, totp_secret: body.secret }