Enable Email as a MFA method/option (#68)
This adds Email as a multi-factor authentication method/option. It reuses the `VerificationCode` for the code generation and validation. It also refactors the email templating for easier repurposing. Finally, it has a small Deno version bump. Closes #25
This commit is contained in:
Bruno Bernardino
@@ -4,10 +4,7 @@ import { FreshContextState } from '/lib/types.ts';
|
||||
import { PASSWORD_SALT } from '/lib/auth.ts';
|
||||
import { generateHash } from '/lib/utils/misc.ts';
|
||||
import { UserModel } from '/lib/models/user.ts';
|
||||
import {
|
||||
getMultiFactorAuthMethodByIdFromUser,
|
||||
getMultiFactorAuthMethodsFromUser,
|
||||
} from '/lib/utils/multi-factor-auth.ts';
|
||||
import { getMultiFactorAuthMethodByIdFromUser } from '/lib/utils/multi-factor-auth.ts';
|
||||
import { AppConfig } from '/lib/config.ts';
|
||||
import { MultiFactorAuthModel } from '/lib/models/multi-factor-auth.ts';
|
||||
|
||||
@@ -85,7 +82,6 @@ export const handler: Handlers<unknown, FreshContextState> = {
|
||||
return new Response(JSON.stringify(responseBody), { status: 400 });
|
||||
}
|
||||
|
||||
const methods = getMultiFactorAuthMethodsFromUser(user);
|
||||
const method = getMultiFactorAuthMethodByIdFromUser(user, methodId);
|
||||
|
||||
if (!method) {
|
||||
|
||||
58
routes/api/auth/multi-factor/email/setup.ts
Normal file
58
routes/api/auth/multi-factor/email/setup.ts
Normal file
@@ -0,0 +1,58 @@
|
||||
import { Handlers } from 'fresh/server.ts';
|
||||
|
||||
import { FreshContextState } from '/lib/types.ts';
|
||||
import { UserModel } from '/lib/models/user.ts';
|
||||
import { AppConfig } from '/lib/config.ts';
|
||||
import { MultiFactorAuthModel } from '/lib/models/multi-factor-auth.ts';
|
||||
import { EmailModel } from '/lib/models/multi-factor-auth/email.ts';
|
||||
|
||||
export interface RequestBody {}
|
||||
|
||||
export interface ResponseBody {
|
||||
success: boolean;
|
||||
error?: string;
|
||||
data?: {
|
||||
methodId: string;
|
||||
};
|
||||
}
|
||||
|
||||
export const handler: Handlers<unknown, FreshContextState> = {
|
||||
async POST(request, context) {
|
||||
if (!context.state.user) {
|
||||
return new Response('Unauthorized', { status: 401 });
|
||||
}
|
||||
|
||||
const isMultiFactorAuthEnabled = await AppConfig.isMultiFactorAuthEnabled();
|
||||
|
||||
if (!isMultiFactorAuthEnabled) {
|
||||
const responseBody: ResponseBody = {
|
||||
success: false,
|
||||
error: 'Multi-factor authentication is not enabled on this server',
|
||||
};
|
||||
|
||||
return new Response(JSON.stringify(responseBody), { status: 403 });
|
||||
}
|
||||
|
||||
const { user } = context.state;
|
||||
|
||||
const methodId = MultiFactorAuthModel.generateMethodId();
|
||||
const setup = await EmailModel.createMethod(methodId, 'Email', user);
|
||||
|
||||
if (!user.extra.multi_factor_auth_methods) {
|
||||
user.extra.multi_factor_auth_methods = [];
|
||||
}
|
||||
|
||||
user.extra.multi_factor_auth_methods.push(setup.method);
|
||||
|
||||
await UserModel.update(user);
|
||||
|
||||
const responseData: ResponseBody = {
|
||||
success: true,
|
||||
data: {
|
||||
methodId: setup.method.id,
|
||||
},
|
||||
};
|
||||
|
||||
return new Response(JSON.stringify(responseData));
|
||||
},
|
||||
};
|
||||
@@ -3,6 +3,7 @@ import { Handlers } from 'fresh/server.ts';
|
||||
import { FreshContextState } from '/lib/types.ts';
|
||||
import { MultiFactorAuthModel } from '/lib/models/multi-factor-auth.ts';
|
||||
import { TOTPModel } from '/lib/models/multi-factor-auth/totp.ts';
|
||||
import { EmailModel } from '/lib/models/multi-factor-auth/email.ts';
|
||||
import { getMultiFactorAuthMethodByIdFromUser } from '/lib/utils/multi-factor-auth.ts';
|
||||
import { UserModel } from '/lib/models/user.ts';
|
||||
import { AppConfig } from '/lib/config.ts';
|
||||
@@ -115,6 +116,25 @@ export const handler: Handlers<unknown, FreshContextState> = {
|
||||
|
||||
return new Response(JSON.stringify(responseBody), { status: 400 });
|
||||
}
|
||||
} else if (method.type === 'email') {
|
||||
try {
|
||||
const isValid = await EmailModel.verifyCode(method.id, code, user);
|
||||
if (!isValid) {
|
||||
const responseBody: ResponseBody = {
|
||||
success: false,
|
||||
error: 'Invalid verification code',
|
||||
};
|
||||
|
||||
return new Response(JSON.stringify(responseBody), { status: 400 });
|
||||
}
|
||||
} catch {
|
||||
const responseBody: ResponseBody = {
|
||||
success: false,
|
||||
error: 'Failed to verify email verification code',
|
||||
};
|
||||
|
||||
return new Response(JSON.stringify(responseBody), { status: 500 });
|
||||
}
|
||||
}
|
||||
|
||||
MultiFactorAuthModel.enableMethodForUser(user, methodId);
|
||||
|
||||
Reference in New Issue
Block a user