From eb7f2c7b72f545b99949e4290bc38cb448903141 Mon Sep 17 00:00:00 2001
From: Madeline <46743919+MaddyUnderStars@users.noreply.github.com>
Date: Wed, 20 Jul 2022 22:04:19 +1000
Subject: Add config `security_twoFactor_generateBackupCodes` to control backup
 code generation

---
 api/src/routes/users/@me/mfa/codes.ts       |  4 ++--
 api/src/routes/users/@me/mfa/totp/enable.ts | 11 +++++++----
 2 files changed, 9 insertions(+), 6 deletions(-)

(limited to 'api')

diff --git a/api/src/routes/users/@me/mfa/codes.ts b/api/src/routes/users/@me/mfa/codes.ts
index 2a1fb498..6ddf32f0 100644
--- a/api/src/routes/users/@me/mfa/codes.ts
+++ b/api/src/routes/users/@me/mfa/codes.ts
@@ -1,6 +1,6 @@
 import { Router, Request, Response } from "express";
 import { route } from "@fosscord/api";
-import { BackupCode, FieldErrors, generateMfaBackupCodes, User } from "@fosscord/util";
+import { BackupCode, Config, FieldErrors, generateMfaBackupCodes, User } from "@fosscord/util";
 import bcrypt from "bcrypt";
 
 const router = Router();
@@ -22,7 +22,7 @@ router.post("/", route({ body: "MfaCodesSchema" }), async (req: Request, res: Re
 	}
 
 	var codes: BackupCode[];
-	if (regenerate) {
+	if (regenerate && Config.get().security.twoFactor.generateBackupCodes) {
 		await BackupCode.update(
 			{ user: { id: req.user_id } },
 			{ expired: true }
diff --git a/api/src/routes/users/@me/mfa/totp/enable.ts b/api/src/routes/users/@me/mfa/totp/enable.ts
index bc5f16ad..87f36d55 100644
--- a/api/src/routes/users/@me/mfa/totp/enable.ts
+++ b/api/src/routes/users/@me/mfa/totp/enable.ts
@@ -1,10 +1,9 @@
 import { Router, Request, Response } from "express";
-import { User, generateToken, BackupCode, generateMfaBackupCodes } from "@fosscord/util";
+import { User, generateToken, BackupCode, generateMfaBackupCodes, Config } from "@fosscord/util";
 import { route } from "@fosscord/api";
 import bcrypt from "bcrypt";
 import { HTTPError } from "lambert-server";
 import { verifyToken } from 'node-2fa';
-import crypto from "crypto";
 
 const router = Router();
 
@@ -35,8 +34,12 @@ router.post("/", route({ body: "TotpEnableSchema" }), async (req: Request, res:
 	if (verifyToken(body.secret, body.code)?.delta != 0)
 		throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008);
 
-	let backup_codes = generateMfaBackupCodes(req.user_id);
-	await Promise.all(backup_codes.map(x => x.save()));
+	let backup_codes: BackupCode[] = [];
+	if (Config.get().security.twoFactor.generateBackupCodes) {
+		backup_codes = generateMfaBackupCodes(req.user_id);
+		await Promise.all(backup_codes.map(x => x.save()));
+	}
+
 	await User.update(
 		{ id: req.user_id },
 		{ mfa_enabled: true, totp_secret: body.secret }
-- 
cgit 1.4.1