2024-03-14 19:25:27 +00:00
|
|
|
|
import type { HttpContext } from '@adonisjs/core/http';
|
2024-04-30 09:50:50 +00:00
|
|
|
|
import User from '#models/user';
|
2024-04-23 17:36:45 +00:00
|
|
|
|
import TwoFactorAuthProvider from '#app/services/TwoFactorAuthProvider';
|
2024-01-19 14:33:46 +00:00
|
|
|
|
import { StatusCodes } from 'http-status-codes';
|
|
|
|
|
|
import { InvalidArgumentException } from 'node-exceptions';
|
2024-03-14 19:25:27 +00:00
|
|
|
|
import { TotpState } from '#contracts/enums';
|
2024-07-08 11:52:20 +00:00
|
|
|
|
import BackupCodeStorage, { SecureRandom } from '#services/backup_code_storage';
|
|
|
|
|
|
import BackupCode from '#models/backup_code';
|
2024-01-19 14:33:46 +00:00
|
|
|
|
|
|
|
|
|
|
// Here we are generating secret and recovery codes for the user that’s enabling 2FA and storing them to our database.
|
|
|
|
|
|
export default class UserController {
|
2024-03-14 19:25:27 +00:00
|
|
|
|
public async enable({ auth, response, request }: HttpContext) {
|
2024-01-19 14:33:46 +00:00
|
|
|
|
const user = (await User.find(auth.user?.id)) as User;
|
|
|
|
|
|
// await user.load('totp_secret');
|
|
|
|
|
|
// if (!user.totp_secret) {
|
|
|
|
|
|
// let totpSecret = new TotpSecret();
|
|
|
|
|
|
// user.related('totp_secret').save(totpSecret);
|
|
|
|
|
|
// await user.load('totp_secret');
|
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
|
|
if (!user) {
|
|
|
|
|
|
throw new Error('user not available');
|
|
|
|
|
|
}
|
|
|
|
|
|
const state: number = request.input('state');
|
|
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
|
switch (state) {
|
|
|
|
|
|
case TotpState.STATE_DISABLED:
|
|
|
|
|
|
// user.twoFactorSecret = null;
|
|
|
|
|
|
// user.twoFactorRecoveryCodes = null;
|
2024-07-08 11:52:20 +00:00
|
|
|
|
await BackupCode.deleteCodes(user);
|
|
|
|
|
|
user.twoFactorSecret = '';
|
|
|
|
|
|
// user.twoFactorRecoveryCodes = [''];
|
2024-01-19 14:33:46 +00:00
|
|
|
|
await user.save();
|
2024-07-08 11:52:20 +00:00
|
|
|
|
|
2024-01-19 14:33:46 +00:00
|
|
|
|
user.state = TotpState.STATE_DISABLED;
|
|
|
|
|
|
await user.save();
|
|
|
|
|
|
|
2024-07-08 11:52:20 +00:00
|
|
|
|
let storage = new BackupCodeStorage(new SecureRandom());
|
|
|
|
|
|
let backupState = await storage.getBackupCodesState(user);
|
|
|
|
|
|
|
2024-01-19 14:33:46 +00:00
|
|
|
|
return response.status(StatusCodes.OK).json({
|
|
|
|
|
|
state: TotpState.STATE_DISABLED,
|
2024-07-08 11:52:20 +00:00
|
|
|
|
backupState: backupState,
|
2024-01-19 14:33:46 +00:00
|
|
|
|
});
|
|
|
|
|
|
case TotpState.STATE_CREATED:
|
|
|
|
|
|
user.twoFactorSecret = TwoFactorAuthProvider.generateSecret(user);
|
|
|
|
|
|
user.state = TotpState.STATE_CREATED;
|
|
|
|
|
|
await user.save();
|
|
|
|
|
|
|
|
|
|
|
|
let qrcode = await TwoFactorAuthProvider.generateQrCode(user);
|
|
|
|
|
|
// throw new InvalidArgumentException('code is missing');
|
|
|
|
|
|
return response.status(StatusCodes.OK).json({
|
|
|
|
|
|
state: user.state,
|
|
|
|
|
|
secret: user.twoFactorSecret,
|
|
|
|
|
|
url: qrcode.url,
|
|
|
|
|
|
svg: qrcode.svg,
|
|
|
|
|
|
});
|
|
|
|
|
|
case TotpState.STATE_ENABLED:
|
|
|
|
|
|
let code: string = request.input('code');
|
|
|
|
|
|
if (!code) {
|
|
|
|
|
|
throw new InvalidArgumentException('code is missing');
|
|
|
|
|
|
}
|
2024-07-08 11:52:20 +00:00
|
|
|
|
const success = await TwoFactorAuthProvider.enable(user, code);
|
|
|
|
|
|
|
2024-01-19 14:33:46 +00:00
|
|
|
|
return response.status(StatusCodes.OK).json({
|
|
|
|
|
|
state: success ? TotpState.STATE_ENABLED : TotpState.STATE_CREATED,
|
|
|
|
|
|
});
|
|
|
|
|
|
default:
|
|
|
|
|
|
throw new InvalidArgumentException('Invalid TOTP state');
|
|
|
|
|
|
}
|
|
|
|
|
|
} catch (error) {
|
|
|
|
|
|
return response.status(StatusCodes.INTERNAL_SERVER_ERROR).json({
|
|
|
|
|
|
message: 'Invalid TOTP state',
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// public async fetchRecoveryCodes({ auth, view }) {
|
|
|
|
|
|
// const user = auth?.user;
|
|
|
|
|
|
|
|
|
|
|
|
// return view.render('pages/settings', {
|
|
|
|
|
|
// twoFactorEnabled: user.isTwoFactorEnabled,
|
|
|
|
|
|
// recoveryCodes: user.twoFactorRecoveryCodes,
|
|
|
|
|
|
// });
|
|
|
|
|
|
// }
|
2024-07-08 11:52:20 +00:00
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
* @NoAdminRequired
|
|
|
|
|
|
* @PasswordConfirmationRequired
|
|
|
|
|
|
*
|
|
|
|
|
|
* @return JSONResponse
|
|
|
|
|
|
*/
|
|
|
|
|
|
public async createCodes({ auth, response }: HttpContext) {
|
|
|
|
|
|
// $user = $this->userSession->getUser();
|
|
|
|
|
|
const user = (await User.find(auth.user?.id)) as User;
|
|
|
|
|
|
|
|
|
|
|
|
// let codes = TwoFactorAuthProvider.generateRecoveryCodes();
|
|
|
|
|
|
let storage = new BackupCodeStorage(new SecureRandom());
|
|
|
|
|
|
// $codes = $this->storage->createCodes($user);
|
|
|
|
|
|
const codes = await storage.createCodes(user);
|
|
|
|
|
|
|
|
|
|
|
|
let backupState = await storage.getBackupCodesState(user);
|
|
|
|
|
|
// return new JSONResponse([
|
|
|
|
|
|
// 'codes' => $codes,
|
|
|
|
|
|
// 'state' => $this->storage->getBackupCodesState($user),
|
|
|
|
|
|
// ]);
|
|
|
|
|
|
return response.status(StatusCodes.OK).json({
|
|
|
|
|
|
codes: codes,
|
|
|
|
|
|
// state: success ? TotpState.STATE_ENABLED : TotpState.STATE_CREATED,
|
|
|
|
|
|
backupState: backupState, //storage.getBackupCodesState(user),
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
2024-01-19 14:33:46 +00:00
|
|
|
|
}
|
