diff options
| author | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-07-20 22:04:19 +1000 |
|---|---|---|
| committer | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-07-20 22:04:19 +1000 |
| commit | eb7f2c7b72f545b99949e4290bc38cb448903141 (patch) | |
| tree | f1e20ecf6efca0d4ad54649746dd2d9170a50fb3 /api | |
| parent | Add node-2fa to package.json (diff) | |
| download | server-eb7f2c7b72f545b99949e4290bc38cb448903141.tar.xz | |
Add config `security_twoFactor_generateBackupCodes` to control backup code generation
Diffstat (limited to 'api')
| -rw-r--r-- | api/src/routes/users/@me/mfa/codes.ts | 4 | ||||
| -rw-r--r-- | api/src/routes/users/@me/mfa/totp/enable.ts | 11 |
2 files changed, 9 insertions, 6 deletions
diff --git a/api/src/routes/users/@me/mfa/codes.ts b/api/src/routes/users/@me/mfa/codes.ts index 2a1fb498..6ddf32f0 100644 --- a/api/src/routes/users/@me/mfa/codes.ts +++ b/api/src/routes/users/@me/mfa/codes.ts @@ -1,6 +1,6 @@ import { Router, Request, Response } from "express"; import { route } from "@fosscord/api"; -import { BackupCode, FieldErrors, generateMfaBackupCodes, User } from "@fosscord/util"; +import { BackupCode, Config, FieldErrors, generateMfaBackupCodes, User } from "@fosscord/util"; import bcrypt from "bcrypt"; const router = Router(); @@ -22,7 +22,7 @@ router.post("/", route({ body: "MfaCodesSchema" }), async (req: Request, res: Re } var codes: BackupCode[]; - if (regenerate) { + if (regenerate && Config.get().security.twoFactor.generateBackupCodes) { await BackupCode.update( { user: { id: req.user_id } }, { expired: true } diff --git a/api/src/routes/users/@me/mfa/totp/enable.ts b/api/src/routes/users/@me/mfa/totp/enable.ts index bc5f16ad..87f36d55 100644 --- a/api/src/routes/users/@me/mfa/totp/enable.ts +++ b/api/src/routes/users/@me/mfa/totp/enable.ts @@ -1,10 +1,9 @@ import { Router, Request, Response } from "express"; -import { User, generateToken, BackupCode, generateMfaBackupCodes } from "@fosscord/util"; +import { User, generateToken, BackupCode, generateMfaBackupCodes, Config } from "@fosscord/util"; import { route } from "@fosscord/api"; import bcrypt from "bcrypt"; import { HTTPError } from "lambert-server"; import { verifyToken } from 'node-2fa'; -import crypto from "crypto"; const router = Router(); @@ -35,8 +34,12 @@ router.post("/", route({ body: "TotpEnableSchema" }), async (req: Request, res: if (verifyToken(body.secret, body.code)?.delta != 0) throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008); - let backup_codes = generateMfaBackupCodes(req.user_id); - await Promise.all(backup_codes.map(x => x.save())); + let backup_codes: BackupCode[] = []; + if (Config.get().security.twoFactor.generateBackupCodes) { + backup_codes = generateMfaBackupCodes(req.user_id); + await Promise.all(backup_codes.map(x => x.save())); + } + await User.update( { id: req.user_id }, { mfa_enabled: true, totp_secret: body.secret } |