iio/pingvin-share
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: totp can't be enabled if user is a ldap user

Browse Source
This commit is contained in:
Elias Schneider
2024-11-23 18:55:47 +01:00
parent 18d8cbbbab
commit c8f05f2475
2 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
backend/src/auth/auth.service.ts
View File

@@ -368,4 +368,12 @@ export class AuthService {
return null; return null;
} }
} }
async verifyPassword(user: User, password: string) {
if (!user.password && this.config.get("ldap.enabled")) {
return !!this.ldapService.authenticateUser(user.username, password);
}
return argon.verify(user.password, password);
}
} }

8
backend/src/auth/authTotp.service.ts
View File

@@ -5,7 +5,6 @@ import {
UnauthorizedException, UnauthorizedException,
} from "@nestjs/common"; } from "@nestjs/common";
import { User } from "@prisma/client"; import { User } from "@prisma/client";
import * as argon from "argon2";
import { authenticator, totp } from "otplib"; import { authenticator, totp } from "otplib";
import * as qrcode from "qrcode-svg"; import * as qrcode from "qrcode-svg";
import { ConfigService } from "src/config/config.service"; import { ConfigService } from "src/config/config.service";
@@ -65,7 +64,7 @@ export class AuthTotpService {
} }
async enableTotp(user: User, password: string) { async enableTotp(user: User, password: string) {
if (!(await argon.verify(user.password, password))) if (!this.authService.verifyPassword(user, password))
throw new ForbiddenException("Invalid password"); throw new ForbiddenException("Invalid password");
// Check if we have a secret already // Check if we have a secret already
@@ -106,9 +105,8 @@ export class AuthTotpService {
}; };
} }
// TODO: Maybe require a token to verify that the user who started enabling totp is the one who is verifying it?
async verifyTotp(user: User, password: string, code: string) { async verifyTotp(user: User, password: string, code: string) {
if (!(await argon.verify(user.password, password))) if (!this.authService.verifyPassword(user, password))
throw new ForbiddenException("Invalid password"); throw new ForbiddenException("Invalid password");
const { totpSecret } = await this.prisma.user.findUnique({ const { totpSecret } = await this.prisma.user.findUnique({
@@ -137,7 +135,7 @@ export class AuthTotpService {
} }
async disableTotp(user: User, password: string, code: string) { async disableTotp(user: User, password: string, code: string) {
if (!(await argon.verify(user.password, password))) if (!this.authService.verifyPassword(user, password))
throw new ForbiddenException("Invalid password"); throw new ForbiddenException("Invalid password");
const { totpSecret } = await this.prisma.user.findUnique({ const { totpSecret } = await this.prisma.user.findUnique({