mirror of
https://github.com/documenso/documenso.git
synced 2025-11-13 16:23:06 +10:00
792158c2cb
Add two factor authentication for users who wish to enhance the security of their accounts.
49 lines
1.1 KiB
TypeScript
49 lines
1.1 KiB
TypeScript
import { compare } from 'bcrypt';
|
|
|
|
import { prisma } from '@documenso/prisma';
|
|
import { User } from '@documenso/prisma/client';
|
|
|
|
import { ErrorCode } from '../../next-auth/error-codes';
|
|
import { validateTwoFactorAuthentication } from './validate-2fa';
|
|
|
|
type DisableTwoFactorAuthenticationOptions = {
|
|
user: User;
|
|
backupCode: string;
|
|
password: string;
|
|
};
|
|
|
|
export const disableTwoFactorAuthentication = async ({
|
|
backupCode,
|
|
user,
|
|
password,
|
|
}: DisableTwoFactorAuthenticationOptions) => {
|
|
if (!user.password) {
|
|
throw new Error(ErrorCode.USER_MISSING_PASSWORD);
|
|
}
|
|
|
|
const isCorrectPassword = await compare(password, user.password);
|
|
|
|
if (!isCorrectPassword) {
|
|
throw new Error(ErrorCode.INCORRECT_PASSWORD);
|
|
}
|
|
|
|
const isValid = await validateTwoFactorAuthentication({ backupCode, user });
|
|
|
|
if (!isValid) {
|
|
throw new Error(ErrorCode.INCORRECT_TWO_FACTOR_BACKUP_CODE);
|
|
}
|
|
|
|
await prisma.user.update({
|
|
where: {
|
|
id: user.id,
|
|
},
|
|
data: {
|
|
twoFactorEnabled: false,
|
|
twoFactorBackupCodes: null,
|
|
twoFactorSecret: null,
|
|
},
|
|
});
|
|
|
|
return true;
|
|
};
|