Skip to content

Commit

Permalink
Add TOTP delete endpoint
Browse files Browse the repository at this point in the history
  • Loading branch information
Timshel committed Dec 26, 2024
1 parent ed4ad67 commit f97d620
Showing 1 changed file with 45 additions and 1 deletion.
46 changes: 45 additions & 1 deletion src/api/core/two_factor/authenticator.rs
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ use crate::{
pub use crate::config::CONFIG;

pub fn routes() -> Vec<Route> {
routes![generate_authenticator, activate_authenticator, activate_authenticator_put,]
routes![generate_authenticator, activate_authenticator, activate_authenticator_put, disable_authenticator]
}

#[post("/two-factor/get-authenticator", data = "<data>")]
Expand Down Expand Up @@ -175,3 +175,47 @@ pub async fn validate_totp_code(
}
);
}

#[derive(Debug, Deserialize)]
#[serde(rename_all = "camelCase")]
struct DisableAuthenticatorData {
key: String,
master_password_hash: String,
r#type: NumberOrString,
}

#[delete("/two-factor/authenticator", data = "<data>")]
async fn disable_authenticator(data: Json<DisableAuthenticatorData>, headers: Headers, mut conn: DbConn) -> JsonResult {
let user = headers.user;
let type_ = data.r#type.into_i32()?;

if !user.check_valid_password(&data.master_password_hash) {
err!("Invalid password");
}

if let Some(twofactor) = TwoFactor::find_by_user_and_type(&user.uuid, type_, &mut conn).await {
if twofactor.data == data.key {
twofactor.delete(&mut conn).await?;
log_user_event(
EventType::UserDisabled2fa as i32,
&user.uuid,
headers.device.atype,
&headers.ip.ip,
&mut conn,
)
.await;
} else {
err!(format!("TOTP key for user {} does not match recorded value, cannot deactivate", &user.email));
}
}

if TwoFactor::find_by_user(&user.uuid, &mut conn).await.is_empty() {
super::enforce_2fa_policy(&user, &user.uuid, headers.device.atype, &headers.ip.ip, &mut conn).await?;
}

Ok(Json(json!({
"enabled": false,
"keys": type_,
"object": "twoFactorProvider"
})))
}

0 comments on commit f97d620

Please sign in to comment.