forked from geolba/tethys.backend
Arno Kaimbacher
005df2e454
- npm updates - coverage validation: elevation ust be positive, depth must be negative - vinejs-provider.js: get enabled extensions from database, not via validOptions.extnames - vue components for backup codes: e.g.: PersonalSettings.vue - validate spaital coverage in leaflet map: draw.component.vue, map.component.vue - add backup code authentication into Login.vue - preset to use no preferred reviewer: Release.vue - 2 new vinejs validation rules: file_scan.ts and file-length.ts
139 lines
5.9 KiB
TypeScript
139 lines
5.9 KiB
TypeScript
import type { HttpContext } from '@adonisjs/core/http';
|
||
import User from '#models/user';
|
||
// import { RenderResponse } from '@ioc:EidelLev/Inertia';
|
||
import TwoFactorAuthProvider from '#app/services/TwoFactorAuthProvider';
|
||
import hash from '@adonisjs/core/services/hash';
|
||
// import { schema, rules } from '@adonisjs/validator';
|
||
import vine from '@vinejs/vine';
|
||
import BackupCodeStorage, { SecureRandom } from '#services/backup_code_storage';
|
||
|
||
// Here we are generating secret and recovery codes for the user that’s enabling 2FA and storing them to our database.
|
||
export default class UserController {
|
||
/**
|
||
* Show the user a form to change their personal information & password.
|
||
*
|
||
* @return — \Inertia\Response
|
||
*/
|
||
public async accountInfo({ inertia, auth }: HttpContext) {
|
||
// const user = auth.user;
|
||
const user = (await User.find(auth.user?.id)) as User;
|
||
// const id = request.param('id');
|
||
// const user = await User.query().where('id', id).firstOrFail();
|
||
|
||
let storage = new BackupCodeStorage(new SecureRandom());
|
||
// const codes= user.isTwoFactorEnabled? (await user.getBackupCodes()).map((role) => role.code) : [];
|
||
let backupState = await storage.getBackupCodesState(user);
|
||
|
||
return inertia.render('Auth/AccountInfo', {
|
||
user: user,
|
||
twoFactorEnabled: user.isTwoFactorEnabled,
|
||
// code: await TwoFactorAuthProvider.generateQrCode(user),
|
||
backupState: backupState,
|
||
});
|
||
}
|
||
|
||
public async accountInfoStore({ auth, request, response, session }: HttpContext) {
|
||
// const passwordSchema = schema.create({
|
||
// old_password: schema.string({ trim: true }, [rules.required()]),
|
||
// new_password: schema.string({ trim: true }, [rules.minLength(8), rules.maxLength(255), rules.confirmed('confirm_password')]),
|
||
// confirm_password: schema.string({ trim: true }, [rules.required()]),
|
||
// });
|
||
const passwordSchema = vine.object({
|
||
// first step
|
||
old_password: vine
|
||
.string()
|
||
.trim()
|
||
.regex(/^[a-zA-Z0-9]+$/),
|
||
new_password: vine.string().confirmed({ confirmationField: 'confirm_password' }).trim().minLength(8).maxLength(255),
|
||
});
|
||
try {
|
||
// await request.validate({ schema: passwordSchema });
|
||
const validator = vine.compile(passwordSchema);
|
||
await request.validateUsing(validator);
|
||
} catch (error) {
|
||
// return response.badRequest(error.messages);
|
||
throw error;
|
||
}
|
||
|
||
try {
|
||
const user = await auth.user as User;
|
||
const { old_password, new_password } = request.only(['old_password', 'new_password']);
|
||
|
||
// if (!(old_password && new_password && confirm_password)) {
|
||
// return response.status(400).send({ warning: 'Old password and new password are required.' });
|
||
// }
|
||
|
||
// Verify if the provided old password matches the user's current password
|
||
const isSame = await hash.verify(user.password, old_password);
|
||
if (!isSame) {
|
||
return response.flash('warning', 'Old password is incorrect.').redirect().back();
|
||
}
|
||
|
||
// Hash the new password before updating the user's password
|
||
user.password = new_password;
|
||
await user.save();
|
||
|
||
// return response.status(200).send({ message: 'Password updated successfully.' });
|
||
session.flash({ message: 'Password updated successfully.' });
|
||
return response.redirect().toRoute('settings.user');
|
||
} catch (error) {
|
||
// return response.status(500).send({ message: 'Internal server error.' });
|
||
return response.flash('warning', `Invalid server state. Internal server error.`).redirect().back();
|
||
}
|
||
}
|
||
|
||
public async enableTwoFactorAuthentication({ auth, response, session }: HttpContext): Promise<void> {
|
||
// const user: User | undefined = auth?.user;
|
||
const user = (await User.find(auth.user?.id)) as User;
|
||
|
||
user.twoFactorSecret = TwoFactorAuthProvider.generateSecret(user);
|
||
user.twoFactorRecoveryCodes = await TwoFactorAuthProvider.generateRecoveryCodes();
|
||
await user.save();
|
||
|
||
session.flash('message', 'Two factor authentication enabled.');
|
||
return response.redirect().back();
|
||
// return inertia.render('Auth/AccountInfo', {
|
||
// // status: {
|
||
// // type: 'success',
|
||
// // message: 'Two factor authentication enabled.',
|
||
// // },
|
||
// user: user,
|
||
// twoFactorEnabled: user.isTwoFactorEnabled,
|
||
// code: await TwoFactorAuthProvider.generateQrCode(user),
|
||
// recoveryCodes: user.twoFactorRecoveryCodes,
|
||
// });
|
||
}
|
||
|
||
public async disableTwoFactorAuthentication({ auth, response, session }: HttpContext): Promise<void> {
|
||
const user: User | undefined = auth.user;
|
||
|
||
if (user) {
|
||
user.twoFactorSecret = null;
|
||
user.twoFactorRecoveryCodes = null;
|
||
await user.save();
|
||
session.flash('message', 'Two-factor authentication disabled.');
|
||
} else {
|
||
session.flash('error', 'User not found.');
|
||
}
|
||
|
||
return response.redirect().back();
|
||
// return inertia.render('Auth/AccountInfo', {
|
||
// // status: {
|
||
// // type: 'success',
|
||
// // message: 'Two factor authentication disabled.',
|
||
// // },
|
||
// user: user,
|
||
// twoFactorEnabled: user.isTwoFactorEnabled,
|
||
// });
|
||
}
|
||
|
||
// public async fetchRecoveryCodes({ auth, view }) {
|
||
// const user = auth?.user;
|
||
|
||
// return view.render('pages/settings', {
|
||
// twoFactorEnabled: user.isTwoFactorEnabled,
|
||
// recoveryCodes: user.twoFactorRecoveryCodes,
|
||
// });
|
||
// }
|
||
}
|