Ryan/documenso
1
0
Fork 1
mirror of https://github.com/documenso/documenso.git synced 2025-11-11 21:12:48 +10:00
Code Issues Packages Projects Releases Wiki Activity

fix: enforce 2FA for email password SSO linked accounts (#1072)

Browse Source 
## Description

Fixed issue where accounts that were initially created via
email/password, then linked to an SSO account, can bypass the 2FA during
login if they use their email password.

## Testing Performed

Tested locally, and 2FA is now required for linked SSO accounts
This commit is contained in:
David Nguyen
2024-04-03 15:18:36 +08:00
committed by GitHub
parent 484f603a6b
commit 58481f66b8
3 changed files with 5 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/app-tests/e2e/pr-718-add-stepper-component.spec.ts
View File

@ -262,7 +262,7 @@ test('should be able to create, send and sign a document', async ({ page }) => {
expect(status).toBe(DocumentStatus.PENDING); expect(status).toBe(DocumentStatus.PENDING);
await page.getByRole('button', { name: 'Complete' }).click(); await page.getByRole('button', { name: 'Complete' }).click();
await expect(page.getByRole('dialog').getByText('Sign Document')).toBeVisible(); await expect(page.getByRole('dialog').getByText('Complete Signing').first()).toBeVisible();
await page.getByRole('button', { name: 'Sign' }).click(); await page.getByRole('button', { name: 'Sign' }).click();
await page.waitForURL(`/sign/${token}/complete`); await page.waitForURL(`/sign/${token}/complete`);
@ -347,7 +347,7 @@ test('should be able to create, send with redirect url, sign a document and redi
expect(status).toBe(DocumentStatus.PENDING); expect(status).toBe(DocumentStatus.PENDING);
await page.getByRole('button', { name: 'Complete' }).click(); await page.getByRole('button', { name: 'Complete' }).click();
await expect(page.getByRole('dialog').getByText('Sign Document')).toBeVisible(); await expect(page.getByRole('dialog').getByText('Complete Signing').first()).toBeVisible();
await page.getByRole('button', { name: 'Sign' }).click(); await page.getByRole('button', { name: 'Sign' }).click();
await page.waitForURL('https://documenso.com'); await page.waitForURL('https://documenso.com');

2
packages/app-tests/e2e/test-auth-flow.spec.ts
View File

@ -30,7 +30,7 @@ test('user can sign up with email and password', async ({ page }: { page: Page }
} }
await page.getByRole('button', { name: 'Next', exact: true }).click(); await page.getByRole('button', { name: 'Next', exact: true }).click();
await page.getByLabel('Public profile username').fill('username-123'); await page.getByLabel('Public profile username').fill(Date.now().toString());
await page.getByRole('button', { name: 'Complete', exact: true }).click(); await page.getByRole('button', { name: 'Complete', exact: true }).click();

8
packages/lib/server-only/2fa/is-2fa-availble.ts
View File

@ -1,4 +1,4 @@
import { User } from '@documenso/prisma/client'; import type { User } from '@documenso/prisma/client';
import { DOCUMENSO_ENCRYPTION_KEY } from '../../constants/crypto'; import { DOCUMENSO_ENCRYPTION_KEY } from '../../constants/crypto';
@ -9,9 +9,5 @@ type IsTwoFactorAuthenticationEnabledOptions = {
export const isTwoFactorAuthenticationEnabled = ({ export const isTwoFactorAuthenticationEnabled = ({
user, user,
}: IsTwoFactorAuthenticationEnabledOptions) => { }: IsTwoFactorAuthenticationEnabledOptions) => {
return ( return user.twoFactorEnabled && typeof DOCUMENSO_ENCRYPTION_KEY === 'string';
user.twoFactorEnabled &&
user.identityProvider === 'DOCUMENSO' &&
typeof DOCUMENSO_ENCRYPTION_KEY === 'string'
);
}; };