From d3ae9e2cbd0b951c96efbc8d84a90d939e541cf3 Mon Sep 17 00:00:00 2001 From: Wind-Explorer Date: Thu, 15 Aug 2024 01:32:32 +0800 Subject: [PATCH] Require password before disable 2FA --- .../TwoFactorsAuthenticationSetupModule.tsx | 53 ++++++++++++++++--- server/routes/users.js | 5 ++ 2 files changed, 52 insertions(+), 6 deletions(-) diff --git a/client/src/components/TwoFactorsAuthenticationSetupModule.tsx b/client/src/components/TwoFactorsAuthenticationSetupModule.tsx index 6cb4837..b12b46d 100644 --- a/client/src/components/TwoFactorsAuthenticationSetupModule.tsx +++ b/client/src/components/TwoFactorsAuthenticationSetupModule.tsx @@ -2,7 +2,7 @@ import { retrieveUserInformation } from "../security/users"; import { useEffect, useState } from "react"; import { Button, Image, Input } from "@nextui-org/react"; import instance from "../security/http"; -import { checkTwoFactorStatus } from "../utilities"; +import { checkTwoFactorStatus, popToast } from "../utilities"; import TwoFactorAuthenticationModule from "./TwoFactorAuthenticationModule"; export default function TwoFactorsAuthenticationSetupModule({ @@ -16,6 +16,7 @@ export default function TwoFactorsAuthenticationSetupModule({ const [isTwoFactorEnabled, setIsTwoFactorEnabled] = useState(false); const [setupQRBase64, setSetupQRBase64] = useState(""); const [setupBase32Secret, setSetupBase32Secret] = useState(""); + const [userPassword, setUserPassword] = useState(""); const disableTwoFactor = async () => { instance @@ -23,7 +24,25 @@ export default function TwoFactorsAuthenticationSetupModule({ id: userInformation.id, }) .then(() => { - setDisable2FAStepperCount(1); + setDisable2FAStepperCount(2); + }); + }; + + const verifyAccount = () => { + if (userPassword.length === 0) { + return; + } + instance + .post("/users/login", { + verify: true, + email: userInformation.email, + password: userPassword, + }) + .then(() => { + disableTwoFactor(); + }) + .catch(() => { + popToast("Invalid password", 2); }); }; @@ -37,8 +56,6 @@ export default function TwoFactorsAuthenticationSetupModule({ }); }; - const testTwoFactor = () => {}; - useEffect(() => { retrieveUserInformation().then((response) => { setUserInformation(response); @@ -76,7 +93,11 @@ export default function TwoFactorsAuthenticationSetupModule({ your choice.

{setupQRBase64 && ( - 2FA SETUP QR + 2FA SETUP QR )}

Or alternatively, manually enter the secret in the app:

@@ -145,7 +166,7 @@ export default function TwoFactorsAuthenticationSetupModule({ variant="light" color="danger" onPress={() => { - disableTwoFactor(); + setDisable2FAStepperCount(1); }} > Confirm @@ -157,6 +178,26 @@ export default function TwoFactorsAuthenticationSetupModule({ )} {disable2FAStepperCount === 1 && ( +
+

Let's verify that it's you.

+ +
+ +
+
+ )} + {disable2FAStepperCount === 2 && (

2FA has been disabled.

diff --git a/server/routes/users.js b/server/routes/users.js index 2e3b6ab..5a70c59 100644 --- a/server/routes/users.js +++ b/server/routes/users.js @@ -209,6 +209,11 @@ router.post("/login", async (req, res) => { return; } + if (data.verify) { + res.status(200).json({ passedCheck: true }); + return; + } + let userInfo = { id: user.id, email: user.email,