mirror of
https://github.com/documenso/documenso.git
synced 2025-11-12 15:53:02 +10:00
792158c2cb
Add two factor authentication for users who wish to enhance the security of their accounts.
48 lines
1.2 KiB
TypeScript
48 lines
1.2 KiB
TypeScript
import { ErrorCode } from '@documenso/lib/next-auth/error-codes';
|
|
import { prisma } from '@documenso/prisma';
|
|
import { User } from '@documenso/prisma/client';
|
|
|
|
import { getBackupCodes } from './get-backup-code';
|
|
import { verifyTwoFactorAuthenticationToken } from './verify-2fa-token';
|
|
|
|
type EnableTwoFactorAuthenticationOptions = {
|
|
user: User;
|
|
code: string;
|
|
};
|
|
|
|
export const enableTwoFactorAuthentication = async ({
|
|
user,
|
|
code,
|
|
}: EnableTwoFactorAuthenticationOptions) => {
|
|
if (user.identityProvider !== 'DOCUMENSO') {
|
|
throw new Error(ErrorCode.INCORRECT_IDENTITY_PROVIDER);
|
|
}
|
|
|
|
if (user.twoFactorEnabled) {
|
|
throw new Error(ErrorCode.TWO_FACTOR_ALREADY_ENABLED);
|
|
}
|
|
|
|
if (!user.twoFactorSecret) {
|
|
throw new Error(ErrorCode.TWO_FACTOR_SETUP_REQUIRED);
|
|
}
|
|
|
|
const isValidToken = await verifyTwoFactorAuthenticationToken({ user, totpCode: code });
|
|
|
|
if (!isValidToken) {
|
|
throw new Error(ErrorCode.INCORRECT_TWO_FACTOR_CODE);
|
|
}
|
|
|
|
const updatedUser = await prisma.user.update({
|
|
where: {
|
|
id: user.id,
|
|
},
|
|
data: {
|
|
twoFactorEnabled: true,
|
|
},
|
|
});
|
|
|
|
const recoveryCodes = getBackupCodes({ user: updatedUser });
|
|
|
|
return { recoveryCodes };
|
|
};
|