feat: request usee to disable 2fa before deleting account

2025-11-14 08:42:12 +10:00 · 2024-02-17 07:34:21 +00:00
parent fddd860d15
commit f98567ea87
2 changed files with 45 additions and 94 deletions
--- a/apps/web/src/components/forms/profile.tsx
+++ b/apps/web/src/components/forms/profile.tsx
@ -7,7 +7,6 @@ import { signOut } from 'next-auth/react';
 import { useForm } from 'react-hook-form';
 import { z } from 'zod';
 import { validateTwoFactorAuthentication } from '@documenso/lib/server-only/2fa/validate-2fa';
 import type { User } from '@documenso/prisma/client';
 import { TRPCClientError } from '@documenso/trpc/client';
 import { trpc } from '@documenso/trpc/react';
@ -67,13 +66,6 @@ export const ProfileForm = ({ className, user }: ProfileFormProps) => {
    resolver: zodResolver(ZProfileFormSchema),
  });
  const deleteAccountTwoFactorTokenForm = useForm<TTwoFactorAuthTokenSchema>({
    defaultValues: {
      token: '',
    },
    resolver: zodResolver(ZTwoFactorAuthTokenSchema),
  });
  const isSubmitting = form.formState.isSubmitting;
  const hasTwoFactorAuthentication = user.twoFactorEnabled;
@ -113,38 +105,17 @@ export const ProfileForm = ({ className, user }: ProfileFormProps) => {
    }
  };
-  const deleteAccoutAndSignOut = async () => {
+  const onDeleteAccount = async () => {
    await deleteAccount();
    toast({
      title: 'Account deleted',
      description: 'Your account has been deleted successfully.',
      duration: 5000,
    });
    return await signOut({ callbackUrl: '/' });
  };
  const onDeleteAccount = async (hasTwoFactorAuthentication: boolean) => {
    try {
-      if (!hasTwoFactorAuthentication) {
+      await deleteAccount();
        return await deleteAccoutAndSignOut();
      }
-      const { token } = deleteAccountTwoFactorTokenForm.getValues();
+      toast({
-
+        title: 'Account deleted',
-      if (!token) {
+        description: 'Your account has been deleted successfully.',
-        throw new Error('Please enter your Two Factor Authentication token.');
+        duration: 5000,
      }
      await validateTwoFactorAuthentication({
        totpCode: token,
        user,
      }).catch(() => {
        throw new Error('We were unable to validate your Two Factor Authentication token.');
      });
-      await deleteAccoutAndSignOut();
+      return await signOut({ callbackUrl: '/' });
    } catch (err) {
      if (err instanceof TRPCClientError && err.data?.code === 'BAD_REQUEST') {
        toast({
@ -225,66 +196,47 @@ export const ProfileForm = ({ className, user }: ProfileFormProps) => {
            irreversible and will cancel your subscription, so proceed with caution.
          </CardContent>
          <CardFooter className="justify-end pb-4 pr-4">
-            <Form {...deleteAccountTwoFactorTokenForm}>
+            <Dialog>
-              <form
+              <DialogTrigger asChild>
-                onSubmit={deleteAccountTwoFactorTokenForm.handleSubmit(() => {
+                <Button variant="destructive">Delete Account</Button>
-                  console.log('delete account');
+              </DialogTrigger>
-                })}
+              <DialogContent>
-              >
+                <DialogHeader>
-                <Dialog>
+                  <DialogTitle>Delete Account</DialogTitle>
-                  <DialogTrigger asChild>
+                  <DialogDescription>
-                    <Button variant="destructive">Delete Account</Button>
+                    Documenso will delete{' '}
-                  </DialogTrigger>
+                    <span className="font-semibold">all of your documents</span>, along with all of
-                  <DialogContent>
+                    your completed documents, signatures, and all other resources belonging to your
-                    <DialogHeader>
+                    Account.
-                      <DialogTitle>Delete Account</DialogTitle>
+                  </DialogDescription>
-                      <DialogDescription>
+                </DialogHeader>
                        Documenso will delete{' '}
                        <span className="font-semibold">all of your documents</span>, along with all
                        of your completed documents, signatures, and all other resources belonging
                        to your Account.
                      </DialogDescription>
                    </DialogHeader>
-                    <Alert variant="destructive">
+                <Alert variant="destructive">
-                      <AlertDescription className="selection:bg-red-100">
+                  <AlertDescription className="selection:bg-red-100">
-                        This action is not reversible. Please be certain.
+                    This action is not reversible. Please be certain.
-                      </AlertDescription>
+                  </AlertDescription>
-                    </Alert>
+                </Alert>
-                    {hasTwoFactorAuthentication && (
+                {hasTwoFactorAuthentication && (
-                      <div className="flex flex-col gap-y-4">
+                  <Alert variant="destructive">
-                        <FormField
+                    <AlertDescription className="selection:bg-red-100">
-                          name="token"
+                      Disable Two Factor Authentication before deleting your account.
-                          control={deleteAccountTwoFactorTokenForm.control}
+                    </AlertDescription>
-                          render={({ field }) => (
+                  </Alert>
-                            <FormItem>
+                )}
                              <FormLabel className="text-muted-foreground">
                                Two Factor Authentication Token
                              </FormLabel>
                              <FormControl>
                                <Input {...field} value={field.value ?? ''} />
                              </FormControl>
                              <FormMessage />
                            </FormItem>
                          )}
                        />
                      </div>
                    )}
-                    <DialogFooter>
+                <DialogFooter>
-                      <Button
+                  <Button
-                        onClick={async () => onDeleteAccount(hasTwoFactorAuthentication)}
+                    onClick={onDeleteAccount}
-                        loading={isDeletingAccount}
+                    loading={isDeletingAccount}
-                        variant="destructive"
+                    variant="destructive"
-                      >
+                    disabled={hasTwoFactorAuthentication}
-                        {isDeletingAccount ? 'Deleting account...' : 'Delete Account'}
+                  >
-                      </Button>
+                    {isDeletingAccount ? 'Deleting account...' : 'Delete Account'}
-                    </DialogFooter>
+                  </Button>
-                  </DialogContent>
+                </DialogFooter>
-                </Dialog>
+              </DialogContent>
-              </form>
+            </Dialog>
            </Form>
          </CardFooter>
        </Card>
      </div>
--- a/packages/lib/server-only/2fa/verify-2fa-token.ts
+++ b/packages/lib/server-only/2fa/verify-2fa-token.ts
@ -17,7 +17,6 @@ export const verifyTwoFactorAuthenticationToken = async ({
  user,
  totpCode,
 }: VerifyTwoFactorAuthenticationTokenOptions) => {
  // TODO: This is undefined and I can't figure out why.
  const key = DOCUMENSO_ENCRYPTION_KEY;
  if (!user.twoFactorSecret) {