diff --git a/api/src/routes/users/@me/mfa/codes.ts b/api/src/routes/users/@me/mfa/codes.ts
index 2a1fb498..6ddf32f0 100644
--- a/api/src/routes/users/@me/mfa/codes.ts
+++ b/api/src/routes/users/@me/mfa/codes.ts
@@ -1,6 +1,6 @@
import { Router, Request, Response } from "express";
import { route } from "@fosscord/api";
-import { BackupCode, FieldErrors, generateMfaBackupCodes, User } from "@fosscord/util";
+import { BackupCode, Config, FieldErrors, generateMfaBackupCodes, User } from "@fosscord/util";
import bcrypt from "bcrypt";
const router = Router();
@@ -22,7 +22,7 @@ router.post("/", route({ body: "MfaCodesSchema" }), async (req: Request, res: Re
}
var codes: BackupCode[];
- if (regenerate) {
+ if (regenerate && Config.get().security.twoFactor.generateBackupCodes) {
await BackupCode.update(
{ user: { id: req.user_id } },
{ expired: true }
diff --git a/api/src/routes/users/@me/mfa/totp/enable.ts b/api/src/routes/users/@me/mfa/totp/enable.ts
index bc5f16ad..87f36d55 100644
--- a/api/src/routes/users/@me/mfa/totp/enable.ts
+++ b/api/src/routes/users/@me/mfa/totp/enable.ts
@@ -1,10 +1,9 @@
import { Router, Request, Response } from "express";
-import { User, generateToken, BackupCode, generateMfaBackupCodes } from "@fosscord/util";
+import { User, generateToken, BackupCode, generateMfaBackupCodes, Config } from "@fosscord/util";
import { route } from "@fosscord/api";
import bcrypt from "bcrypt";
import { HTTPError } from "lambert-server";
import { verifyToken } from 'node-2fa';
-import crypto from "crypto";
const router = Router();
@@ -35,8 +34,12 @@ router.post("/", route({ body: "TotpEnableSchema" }), async (req: Request, res:
if (verifyToken(body.secret, body.code)?.delta != 0)
throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008);
- let backup_codes = generateMfaBackupCodes(req.user_id);
- await Promise.all(backup_codes.map(x => x.save()));
+ let backup_codes: BackupCode[] = [];
+ if (Config.get().security.twoFactor.generateBackupCodes) {
+ backup_codes = generateMfaBackupCodes(req.user_id);
+ await Promise.all(backup_codes.map(x => x.save()));
+ }
+
await User.update(
{ id: req.user_id },
{ mfa_enabled: true, totp_secret: body.secret }
diff --git a/util/src/entities/Config.ts b/util/src/entities/Config.ts
index 3756d686..c84ea4aa 100644
--- a/util/src/entities/Config.ts
+++ b/util/src/entities/Config.ts
@@ -121,6 +121,9 @@ export interface ConfigValue {
secret: string | null;
};
ipdataApiKey: string | null;
+ twoFactor: {
+ generateBackupCodes: boolean;
+ };
};
login: {
requireCaptcha: boolean;
@@ -312,6 +315,9 @@ export const DefaultConfigOptions: ConfigValue = {
secret: null,
},
ipdataApiKey: "eca677b284b3bac29eb72f5e496aa9047f26543605efe99ff2ce35c9",
+ twoFactor: {
+ generateBackupCodes: true,
+ },
},
login: {
requireCaptcha: false,
|
