diff --git a/src/api/routes/users/@me/mfa/totp/enable.ts b/src/api/routes/users/@me/mfa/totp/enable.ts
index 19836e4d..5471e0b5 100644
--- a/src/api/routes/users/@me/mfa/totp/enable.ts
+++ b/src/api/routes/users/@me/mfa/totp/enable.ts
@@ -18,6 +18,7 @@
import { route } from "@spacebar/api";
import {
+ AuthenticatorType,
TotpEnableSchema,
User,
generateMfaBackupCodes,
@@ -74,7 +75,14 @@ router.post(
await Promise.all(backup_codes.map((x) => x.save()));
await User.update(
{ id: req.user_id },
- { mfa_enabled: true, totp_secret: body.secret },
+ {
+ mfa_enabled: true,
+ totp_secret: body.secret,
+ authenticator_types: [
+ ...user.authenticator_types,
+ AuthenticatorType.TOTP,
+ ],
+ },
);
res.send({
diff --git a/src/api/routes/users/@me/mfa/webauthn/credentials/index.ts b/src/api/routes/users/@me/mfa/webauthn/credentials/index.ts
index f383ffb7..c8e5b67a 100644
--- a/src/api/routes/users/@me/mfa/webauthn/credentials/index.ts
+++ b/src/api/routes/users/@me/mfa/webauthn/credentials/index.ts
@@ -18,9 +18,12 @@
import { route } from "@spacebar/api";
import {
+ AuthenticatorType,
+ BackupCode,
CreateWebAuthnCredentialSchema,
DiscordApiErrors,
FieldErrors,
+ generateMfaBackupCodes,
GenerateWebAuthnCredentialsSchema,
generateWebAuthnTicket,
SecurityKey,
@@ -193,12 +196,41 @@ router.post(
await Promise.all([
securityKey.save(),
- User.update({ id: req.user_id }, { webauthn_enabled: true }),
+ User.update(
+ { id: req.user_id },
+ {
+ webauthn_enabled: true,
+ authenticator_types: [
+ ...user.authenticator_types,
+ AuthenticatorType.WEBAUTHN,
+ ],
+ },
+ ),
]);
+ // try and get the users existing backup codes
+ let backup_codes = await BackupCode.find({
+ where: {
+ user: {
+ id: req.user_id,
+ },
+ },
+ });
+
+ // if there arent any, create them
+ if (!backup_codes.length) {
+ backup_codes = generateMfaBackupCodes(req.user_id);
+ await Promise.all(backup_codes.map((x) => x.save()));
+ }
+
return res.json({
name,
id: securityKey.id,
+ type: AuthenticatorType.WEBAUTHN, // I think thats what this is?
+ backup_codes: backup_codes.map((x) => ({
+ ...x,
+ expired: undefined,
+ })),
});
} else {
throw DiscordApiErrors.INVALID_AUTHENTICATION_TOKEN;
|
