diff --git a/src/api/routes/users/@me/mfa/codes-verification.ts b/src/api/routes/users/@me/mfa/codes-verification.ts
index ac16f7e7..24f018c9 100644
--- a/src/api/routes/users/@me/mfa/codes-verification.ts
+++ b/src/api/routes/users/@me/mfa/codes-verification.ts
@@ -23,6 +23,7 @@ import {
generateMfaBackupCodes,
User,
CodesVerificationSchema,
+ DiscordApiErrors,
} from "@fosscord/util";
const router = Router();
@@ -31,14 +32,17 @@ router.post(
"/",
route({ body: "CodesVerificationSchema" }),
async (req: Request, res: Response) => {
- const { key, nonce, regenerate } = req.body as CodesVerificationSchema;
+ // const { key, nonce, regenerate } = req.body as CodesVerificationSchema;
+ const { regenerate } = req.body as CodesVerificationSchema;
// TODO: We don't have email/etc etc, so can't send a verification code.
// Once that's done, this route can verify `key`
- const user = await User.findOneOrFail({ where: { id: req.user_id } });
+ // const user = await User.findOneOrFail({ where: { id: req.user_id } });
+ if ((await User.count({ where: { id: req.user_id } })) === 0)
+ throw DiscordApiErrors.UNKNOWN_USER;
- var codes: BackupCode[];
+ let codes: BackupCode[];
if (regenerate) {
await BackupCode.update(
{ user: { id: req.user_id } },
diff --git a/src/api/routes/users/@me/mfa/codes.ts b/src/api/routes/users/@me/mfa/codes.ts
index 09b9b329..e2600400 100644
--- a/src/api/routes/users/@me/mfa/codes.ts
+++ b/src/api/routes/users/@me/mfa/codes.ts
@@ -51,7 +51,7 @@ router.post(
});
}
- var codes: BackupCode[];
+ let codes: BackupCode[];
if (regenerate) {
await BackupCode.update(
{ user: { id: req.user_id } },
diff --git a/src/api/routes/users/@me/mfa/totp/disable.ts b/src/api/routes/users/@me/mfa/totp/disable.ts
index c399ba33..e35691ae 100644
--- a/src/api/routes/users/@me/mfa/totp/disable.ts
+++ b/src/api/routes/users/@me/mfa/totp/disable.ts
@@ -42,7 +42,7 @@ router.post(
const backup = await BackupCode.findOne({ where: { code: body.code } });
if (!backup) {
- const ret = verifyToken(user.totp_secret!, body.code);
+ const ret = verifyToken(user.totp_secret || "", body.code);
if (!ret || ret.delta != 0)
throw new HTTPError(
req.t("auth:login.INVALID_TOTP_CODE"),
diff --git a/src/api/routes/users/@me/mfa/totp/enable.ts b/src/api/routes/users/@me/mfa/totp/enable.ts
index a59983ac..f6519ad0 100644
--- a/src/api/routes/users/@me/mfa/totp/enable.ts
+++ b/src/api/routes/users/@me/mfa/totp/enable.ts
@@ -57,7 +57,7 @@ router.post(
if (verifyToken(body.secret, body.code)?.delta != 0)
throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008);
- let backup_codes = generateMfaBackupCodes(req.user_id);
+ const backup_codes = generateMfaBackupCodes(req.user_id);
await Promise.all(backup_codes.map((x) => x.save()));
await User.update(
{ id: req.user_id },
|
