integrated api for removing particular mfa

hypersign-protocol · Jul 12, 2024 · c5bdbf1 · c5bdbf1
1 parent e704d6d
commit c5bdbf1
Show file tree

Hide file tree

Showing 4 changed files with 95 additions and 2 deletions.
diff --git a/src/social-login/controller/social-login.controller.ts b/src/social-login/controller/social-login.controller.ts
@@ -9,10 +9,12 @@ import {
   Res,
   Query,
   Body,
+  Delete,
 } from '@nestjs/common';
 import { SocialLoginService } from '../services/social-login.service';
 import { AuthGuard } from '@nestjs/passport';
 import {
+  ApiBadRequestResponse,
   ApiBearerAuth,
   ApiExcludeEndpoint,
   ApiOkResponse,
@@ -25,12 +27,18 @@ import { AllExceptionsFilter } from 'src/utils/utils';
 import { ConfigService } from '@nestjs/config';
 import {
   AuthResponse,
+  DeleteMFARespDto,
   Generate2FARespDto,
   LoginResponse,
   UnauthorizedError,
   Verify2FARespDto,
 } from '../dto/response.dto';
-import { Generate2FA, MFACodeVerificationDto } from '../dto/request.dto';
+import {
+  DeleteMFADto,
+  Generate2FA,
+  MFACodeVerificationDto,
+} from '../dto/request.dto';
+import { AppError } from 'src/app-auth/dtos/fetch-app.dto';
 @UseFilters(AllExceptionsFilter)
 @ApiTags('Authentication')
 @Controller()
@@ -121,4 +129,21 @@ export class SocialLoginController {
   ) {
     return this.socialLoginService.verifyMFACode(req.user, mfaVerificationDto);
   }
+  @ApiOkResponse({
+    description: 'Removed MFA successfully',
+    type: DeleteMFARespDto,
+  })
+  @ApiBadRequestResponse({
+    status: 400,
+    type: AppError,
+  })
+  @ApiUnauthorizedResponse({
+    status: 401,
+    type: UnauthorizedError,
+  })
+  @ApiBearerAuth('Authorization')
+  @Delete('/api/auth/mfa')
+  async removeMFA(@Req() req, @Body() mfaremoveDto: DeleteMFADto) {
+    return this.socialLoginService.removeMFA(req.user, mfaremoveDto);
+  }
 }
diff --git a/src/social-login/dto/request.dto.ts b/src/social-login/dto/request.dto.ts
@@ -31,3 +31,31 @@ export class Generate2FA {
   @IsEnum(AuthneticatorType)
   authenticatorType: string;
 }
+
+export class DeleteMFADto {
+  @ApiProperty({
+    name: 'authenticatorType',
+    description: 'Type of authenticator used for 2FA',
+    example: AuthneticatorType.google,
+    enum: AuthneticatorType,
+  })
+  @IsEnum(AuthneticatorType)
+  authenticatorType: string;
+  @ApiProperty({
+    name: 'twoFactorAuthenticationCode',
+    description:
+      'Code generated in authenticator app of selected authenticatorType',
+    example: '678324',
+  })
+  @IsString()
+  @IsNotEmpty()
+  twoFactorAuthenticationCode: string;
+  @ApiProperty({
+    name: 'authenticatorToDelete',
+    description: 'Type of authenticator that user want to remove',
+    example: AuthneticatorType.google,
+    enum: AuthneticatorType,
+  })
+  @IsEnum(AuthneticatorType)
+  authenticatorToDelete: string;
+}
diff --git a/src/social-login/dto/response.dto.ts b/src/social-login/dto/response.dto.ts
@@ -91,6 +91,15 @@ export class Verify2FARespDto {
   @IsString()
   accessToken: string;
 }
+export class DeleteMFARespDto {
+  @ApiProperty({
+    name: 'message',
+    description: 'A success message',
+    example: 'Removed authenticator successfully',
+  })
+  @IsString()
+  message: string;
+}
 export enum AuthneticatorType {
   google = 'google',
   okta = 'okta',

diff --git a/src/social-login/services/social-login.service.ts b/src/social-login/services/social-login.service.ts
@@ -10,7 +10,11 @@ import { SERVICE_TYPES } from 'src/supported-service/services/iServiceList';
 import { AuthneticatorType } from '../dto/response.dto';
 import { authenticator } from 'otplib';
 import { toDataURL } from 'qrcode';
-import { Generate2FA, MFACodeVerificationDto } from '../dto/request.dto';
+import {
+  DeleteMFADto,
+  Generate2FA,
+  MFACodeVerificationDto,
+} from '../dto/request.dto';
 
 @Injectable()
 export class SocialLoginService {
@@ -144,4 +148,31 @@ export class SocialLoginService {
       accessToken,
     };
   }
+
+  async removeMFA(user, deleteMfaDto: DeleteMFADto) {
+    const {
+      twoFactorAuthenticationCode,
+      authenticatorToDelete,
+      authenticatorType,
+    } = deleteMfaDto;
+    const secret =
+      authenticatorType === AuthneticatorType.google
+        ? user.twoFAGoogleSecret
+        : user.twoFAOktaSecret;
+    const isVerified = authenticator.verify({
+      token: twoFactorAuthenticationCode,
+      secret,
+    });
+    if (!isVerified) {
+      throw new BadRequestException([
+        "Your passcode doesn't match. Please try again",
+      ]);
+    }
+    const dataToUpdate =
+      authenticatorToDelete === AuthneticatorType.google
+        ? { $unset: { twoFAGoogleSecret: '' }, isGoogleTwoFAEnabled: false }
+        : { $unset: { twoFAOktaSecret: '' }, isOktaTwoFAEnabled: false };
+    this.userRepository.findOneUpdate({ userId: user.userId }, dataToUpdate);
+    return { message: 'Removed authenticator successfully' };
+  }
 }