From 400aa574cded1bd56d8cf35387e0c72a08878608 Mon Sep 17 00:00:00 2001
From: Abdullah Atta <abdullahatta@streetwriters.co>
Date: Sat, 11 May 2024 10:29:02 +0500
Subject: [PATCH] core: fix 2fa codes not being sent

---
 packages/core/src/api/mfa-manager.ts   |  5 ++++-
 packages/core/src/api/token-manager.ts | 17 +++++++++++++++--
 packages/core/src/api/user-manager.ts  |  2 +-
 3 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/packages/core/src/api/mfa-manager.ts b/packages/core/src/api/mfa-manager.ts
index cb8bfda737..5069c4590d 100644
--- a/packages/core/src/api/mfa-manager.ts
+++ b/packages/core/src/api/mfa-manager.ts
@@ -92,7 +92,10 @@ class MFAManager {
   }
 
   async sendCode(method: "sms" | "email") {
-    const token = await this.tokenManager.getAccessToken();
+    const token = await this.tokenManager.getAccessToken([
+      "IdentityServerApi",
+      "auth:grant_types:mfa"
+    ]);
     if (!token) throw new Error("Unauthorized.");
 
     return await http.post(
diff --git a/packages/core/src/api/token-manager.ts b/packages/core/src/api/token-manager.ts
index daf544359c..812c3d1a5a 100644
--- a/packages/core/src/api/token-manager.ts
+++ b/packages/core/src/api/token-manager.ts
@@ -32,6 +32,15 @@ export type Token = {
   refresh_token: string;
 };
 
+type Scope = (typeof SCOPES)[number];
+
+const SCOPES = [
+  "notesnook.sync",
+  "offline_access",
+  "IdentityServerApi",
+  "auth:grant_types:mfa",
+  "auth:grant_types:mfa_password"
+] as const;
 const ENDPOINTS = {
   token: "/connect/token",
   revoke: "/connect/revocation",
@@ -79,10 +88,14 @@ class TokenManager {
     return scopes.includes("offline_access") && Boolean(refresh_token);
   }
 
-  async getAccessToken(forceRenew = false) {
+  async getAccessToken(
+    scopes: Scope[] = ["notesnook.sync", "IdentityServerApi"],
+    forceRenew = false
+  ) {
     return await getSafeToken(async () => {
       const token = await this.getToken(true, forceRenew);
-      if (!token || token.scope.includes("auth:grant_types")) return;
+      if (!token) return;
+      if (!scopes.some((s) => token.scope.includes(s))) return;
       return token.access_token;
     }, "Error getting access token:");
   }
diff --git a/packages/core/src/api/user-manager.ts b/packages/core/src/api/user-manager.ts
index dc93155b74..734cefed61 100644
--- a/packages/core/src/api/user-manager.ts
+++ b/packages/core/src/api/user-manager.ts
@@ -191,7 +191,7 @@ class UserManager {
         username: email,
         password: hashedPassword,
         grant_type: code ? "mfa" : "password",
-        scope: "notesnook.sync offline_access openid IdentityServerApi",
+        scope: "notesnook.sync offline_access IdentityServerApi",
         client_id: "notesnook",
         "mfa:code": code,
         "mfa:method": method