diff options
Diffstat (limited to 'src/api/routes/users/@me/mfa/totp')
| -rw-r--r-- | src/api/routes/users/@me/mfa/totp/disable.ts | 19 | ||||
| -rw-r--r-- | src/api/routes/users/@me/mfa/totp/enable.ts | 20 |
2 files changed, 10 insertions, 29 deletions
diff --git a/src/api/routes/users/@me/mfa/totp/disable.ts b/src/api/routes/users/@me/mfa/totp/disable.ts index 362152d7..6a0960d8 100644 --- a/src/api/routes/users/@me/mfa/totp/disable.ts +++ b/src/api/routes/users/@me/mfa/totp/disable.ts @@ -17,12 +17,7 @@ */ import { route } from "@spacebar/api"; -import { - BackupCode, - TotpDisableSchema, - User, - generateToken, -} from "@spacebar/util"; +import { BackupCode, TotpDisableSchema, User, generateToken } from "@spacebar/util"; import { Request, Response, Router } from "express"; import { HTTPError } from "lambert-server"; import { verifyToken } from "node-2fa"; @@ -53,11 +48,7 @@ router.post( const backup = await BackupCode.findOne({ where: { code: body.code } }); if (!backup) { const ret = verifyToken(user.totp_secret || "", body.code); - if (!ret || ret.delta != 0) - throw new HTTPError( - req.t("auth:login.INVALID_TOTP_CODE"), - 60008, - ); + if (!ret || ret.delta != 0) throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008); } await User.update( @@ -65,20 +56,20 @@ router.post( { mfa_enabled: false, totp_secret: "", - }, + } ); await BackupCode.update( { user: { id: req.user_id } }, { expired: true, - }, + } ); return res.json({ token: await generateToken(user.id), }); - }, + } ); export default router; diff --git a/src/api/routes/users/@me/mfa/totp/enable.ts b/src/api/routes/users/@me/mfa/totp/enable.ts index 19836e4d..6d66fb95 100644 --- a/src/api/routes/users/@me/mfa/totp/enable.ts +++ b/src/api/routes/users/@me/mfa/totp/enable.ts @@ -17,12 +17,7 @@ */ import { route } from "@spacebar/api"; -import { - TotpEnableSchema, - User, - generateMfaBackupCodes, - generateToken, -} from "@spacebar/util"; +import { TotpEnableSchema, User, generateMfaBackupCodes, generateToken } from "@spacebar/util"; import bcrypt from "bcrypt"; import { Request, Response, Router } from "express"; import { HTTPError } from "lambert-server"; @@ -61,21 +56,16 @@ router.post( } } - if (!body.secret) - throw new HTTPError(req.t("auth:login.INVALID_TOTP_SECRET"), 60005); + if (!body.secret) throw new HTTPError(req.t("auth:login.INVALID_TOTP_SECRET"), 60005); - if (!body.code) - throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008); + if (!body.code) throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008); if (verifyToken(body.secret, body.code)?.delta != 0) throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008); const backup_codes = generateMfaBackupCodes(req.user_id); await Promise.all(backup_codes.map((x) => x.save())); - await User.update( - { id: req.user_id }, - { mfa_enabled: true, totp_secret: body.secret }, - ); + await User.update({ id: req.user_id }, { mfa_enabled: true, totp_secret: body.secret }); res.send({ token: await generateToken(user.id), @@ -84,7 +74,7 @@ router.post( expired: undefined, })), }); - }, + } ); export default router; |