lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: url resolver and minor fixes

Browse source
This commit is contained in:
Sérgio Salgado 2021-04-20 16:45:30 +01:00 committed by Josh Harvey
parent 2062413c75
commit 75a2ecd3c2
15 changed files with 274 additions and 290 deletions
Download patch file Download diff file Expand all files Collapse all files

13
lib/new-admin/graphql/modules/authentication.js
View file

@ -220,17 +220,14 @@ const resetPassword = (token, userID, newPassword, context) => {
.then(() => true)
}
const reset2FA = (token, userID, code, secret, context) => {
const isCodeValid = otplib.authenticator.verify({ token: code, secret })
if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()
const reset2FA = (token, userID, code, context) => {
return users.getUserById(userID)
.then(user => {
const isCodeValid = otplib.authenticator.verify({ token: code, secret: user.temp_twofa_code })
if (!isCodeValid) throw new authErrors.InvalidTwoFactorError()
destroySessionIfSameUser(context, user)
if (user.temp_twofa_code !== secret) {
throw new authErrors.InvalidTwoFactorError()
}
return users.reset2FASecret(token, user.id, secret)
return users.reset2FASecret(token, user.id, user.temp_twofa_code)
})
.then(() => true)
}

2
lib/new-admin/graphql/resolvers/users.resolver.js
View file

@ -28,7 +28,7 @@ const resolver = {
createRegisterToken: (...[, { username, role }]) => authentication.createRegisterToken(username, role),
register: (...[, { token, username, password, role }]) => authentication.register(token, username, password, role),
resetPassword: (...[, { token, userID, newPassword }, context]) => authentication.resetPassword(token, userID, newPassword, context),
reset2FA: (...[, { token, userID, code, secret }, context]) => authentication.reset2FA(token, userID, code, secret, context)
reset2FA: (...[, { token, userID, code }, context]) => authentication.reset2FA(token, userID, code, context)
}
}

2
lib/new-admin/graphql/types/users.type.js
View file

@ -71,7 +71,7 @@ const typeDef = `
createRegisterToken(username: String!, role: String!): RegistrationToken @auth(requires: [SUPERUSER])
register(token: String!, username: String!, password: String!, role: String!): Boolean
resetPassword(token: String!, userID: ID!, newPassword: String!): Boolean
reset2FA(token: String!, userID: ID!, secret: String!, code: String!): Boolean
reset2FA(token: String!, userID: ID!, code: String!): Boolean
}
`