CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-28 19:20:25 +12:00
Code Issues Projects Releases Wiki Activity

fix: enable mfa in console

Browse source
This commit is contained in:
Torsten Dittmann 2024-01-11 20:24:37 +01:00
parent 07f44593c0
commit 99259ebf2b
2 changed files with 16 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
app/controllers/api/account.php
View file

@ -3346,9 +3346,10 @@ App::put('/v1/account/mfa/:provider')
->inject('requestTimestamp')
->inject('response')
->inject('user')
->inject('project')
->inject('dbForProject')
->inject('queueForEvents')
->action(function (string $provider, string $otp, ?\DateTime $requestTimestamp, Response $response, Document $user, Database $dbForProject, Event $queueForEvents) {
->action(function (string $provider, string $otp, ?\DateTime $requestTimestamp, Response $response, Document $user, Document $project, Database $dbForProject, Event $queueForEvents) {
$success = match ($provider) {
'totp' => Challenge\TOTP::verify($user, $otp),
@ -3369,6 +3370,11 @@ App::put('/v1/account/mfa/:provider')
$user = $dbForProject->withRequestTimestamp($requestTimestamp, fn () => $dbForProject->updateDocument('users', $user->getId(), $user));
$authDuration = $project->getAttribute('auths', [])['duration'] ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
$sessionId = Auth::sessionVerify($user->getAttribute('sessions', []), Auth::$secret, $authDuration);
$session = $dbForProject->getDocument('sessions', $sessionId);
$dbForProject->updateDocument('sessions', $sessionId, $session->setAttribute('factors', $provider, Document::SET_TYPE_APPEND));
$queueForEvents->setParam('userId', $user->getId());
$response->dynamic($user, Response::MODEL_ACCOUNT);
@ -3451,10 +3457,10 @@ App::post('/v1/account/mfa/challenge')
->inject('user')
->inject('project')
->inject('queueForEvents')
->inject('messaging')
->inject('mails')
->inject('queueForMessaging')
->inject('queueForMails')
->inject('locale')
->action(function (string $provider, Response $response, Database $dbForProject, Document $user, Document $project, Event $queueForEvents, EventPhone $messaging, Mail $mails, Locale $locale) {
->action(function (string $provider, Response $response, Database $dbForProject, Document $user, Document $project, Event $queueForEvents, Messaging $queueForMessaging, Mail $queueForMails, Locale $locale) {
$expire = DateTime::addSeconds(new \DateTime(), Auth::TOKEN_EXPIRATION_CONFIRM);
$challenge = new Document([

8
app/controllers/general.php
View file

@ -563,8 +563,12 @@ App::init()
throw new AppwriteException(AppwriteException::USER_PASSWORD_RESET_REQUIRED);
}
if ($mode !== APP_MODE_ADMIN && $project->getId() !== 'console') {
$minFactors = $project->getAttribute('minFactors') ?? 2;
if ($mode !== APP_MODE_ADMIN) {
$minFactors = $project->getAttribute('minFactors') ?? 1;
$mfaEnabled = $user->getAttribute('mfa', false);
if ($mfaEnabled && $minFactors === 1) {
$minFactors = 2;
}
if (!in_array('mfa', $route->getGroups())) {
if ($session && \count($session->getAttribute('factors')) < $minFactors) {
throw new AppwriteException(AppwriteException::USER_MORE_FACTORS_REQUIRED);