github_mirrors/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter.git synced 2025-02-02 23:28:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(security) Disable 2FA configure if 2FA is enabled

Browse Source
This commit is contained in:
KernelDeimos 2024-05-09 18:04:53 -04:00
parent df24c663df
commit 8b6bbe003d
2 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packages/backend/src/api/APIError.js
View File

@ -335,6 +335,10 @@ module.exports = class APIError {
status: 400, status: 400,
message: ({ action }) => `Invalid action: ${quot(action)}.`, message: ({ action }) => `Invalid action: ${quot(action)}.`,
}, },
'2fa_already_enabled': {
status: 409,
message: '2FA is already enabled.',
},
// Object Mapping // Object Mapping
'field_not_allowed_for_create': { 'field_not_allowed_for_create': {

15
packages/backend/src/routers/auth/configure-2fa.js
View File

@ -1,5 +1,6 @@
const APIError = require("../../api/APIError"); const APIError = require("../../api/APIError");
const eggspress = require("../../api/eggspress"); const eggspress = require("../../api/eggspress");
const { get_user } = require("../../helpers");
const { UserActorType } = require("../../services/auth/Actor"); const { UserActorType } = require("../../services/auth/Actor");
const { DB_WRITE } = require("../../services/database/consts"); const { DB_WRITE } = require("../../services/database/consts");
const { Context } = require("../../util/context"); const { Context } = require("../../util/context");
@ -25,6 +26,12 @@ module.exports = eggspress('/auth/configure-2fa/:action', {
const db = await x.get('services').get('database').get(DB_WRITE, '2fa'); const db = await x.get('services').get('database').get(DB_WRITE, '2fa');
actions.setup = async () => { actions.setup = async () => {
const user = await get_user({ id: req.user.id, force: true });
if ( user.otp_enabled ) {
throw APIError.create('2fa_already_enabled');
}
const svc_otp = x.get('services').get('otp'); const svc_otp = x.get('services').get('otp');
// generate secret // generate secret
@ -56,6 +63,8 @@ module.exports = eggspress('/auth/configure-2fa/:action', {
); );
req.user.otp_secret = result.secret; req.user.otp_secret = result.secret;
req.user.otp_recovery_codes = hashed_recovery_codes.join(','); req.user.otp_recovery_codes = hashed_recovery_codes.join(',');
user.otp_secret = result.secret;
user.otp_recovery_codes = hashed_recovery_codes.join(',');
return result; return result;
}; };
@ -77,6 +86,12 @@ module.exports = eggspress('/auth/configure-2fa/:action', {
return res.status(429).send('Too many requests.'); return res.status(429).send('Too many requests.');
} }
const user = await get_user({ id: req.user.id, force: true });
if ( user.otp_enabled ) {
throw APIError.create('2fa_already_enabled');
}
await db.write( await db.write(
`UPDATE user SET otp_enabled = 1 WHERE uuid = ?`, `UPDATE user SET otp_enabled = 1 WHERE uuid = ?`,
[user.uuid] [user.uuid]