Update delete authenticator to remove OTP Validation
This commit is contained in:
parent
c8ee399cb7
commit
996911e385
7 changed files with 8 additions and 30 deletions
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -3945,7 +3945,7 @@ App::get('/v1/account/mfa/recovery-codes')
|
||||||
|
|
||||||
App::delete('/v1/account/mfa/authenticators/:type')
|
App::delete('/v1/account/mfa/authenticators/:type')
|
||||||
->desc('Delete Authenticator')
|
->desc('Delete Authenticator')
|
||||||
->groups(['api', 'account'])
|
->groups(['api', 'account', 'mfaProtected'])
|
||||||
->label('event', 'users.[userId].delete.mfa')
|
->label('event', 'users.[userId].delete.mfa')
|
||||||
->label('scope', 'account')
|
->label('scope', 'account')
|
||||||
->label('audits.event', 'user.update')
|
->label('audits.event', 'user.update')
|
||||||
|
@ -3958,12 +3958,11 @@ App::delete('/v1/account/mfa/authenticators/:type')
|
||||||
->label('sdk.response.code', Response::STATUS_CODE_NOCONTENT)
|
->label('sdk.response.code', Response::STATUS_CODE_NOCONTENT)
|
||||||
->label('sdk.response.model', Response::MODEL_NONE)
|
->label('sdk.response.model', Response::MODEL_NONE)
|
||||||
->param('type', null, new WhiteList([Type::TOTP]), 'Type of authenticator.')
|
->param('type', null, new WhiteList([Type::TOTP]), 'Type of authenticator.')
|
||||||
->param('otp', '', new Text(256), 'Valid verification token.')
|
|
||||||
->inject('response')
|
->inject('response')
|
||||||
->inject('user')
|
->inject('user')
|
||||||
->inject('dbForProject')
|
->inject('dbForProject')
|
||||||
->inject('queueForEvents')
|
->inject('queueForEvents')
|
||||||
->action(function (string $type, string $otp, Response $response, Document $user, Database $dbForProject, Event $queueForEvents) {
|
->action(function (string $type, Response $response, Document $user, Database $dbForProject, Event $queueForEvents) {
|
||||||
|
|
||||||
$authenticator = (match ($type) {
|
$authenticator = (match ($type) {
|
||||||
Type::TOTP => TOTP::getAuthenticatorFromUser($user),
|
Type::TOTP => TOTP::getAuthenticatorFromUser($user),
|
||||||
|
@ -3974,27 +3973,6 @@ App::delete('/v1/account/mfa/authenticators/:type')
|
||||||
throw new Exception(Exception::USER_AUTHENTICATOR_NOT_FOUND);
|
throw new Exception(Exception::USER_AUTHENTICATOR_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
$success = (match ($type) {
|
|
||||||
Type::TOTP => Challenge\TOTP::verify($user, $otp),
|
|
||||||
default => false
|
|
||||||
});
|
|
||||||
|
|
||||||
if (!$success) {
|
|
||||||
$mfaRecoveryCodes = $user->getAttribute('mfaRecoveryCodes', []);
|
|
||||||
if (in_array($otp, $mfaRecoveryCodes)) {
|
|
||||||
$mfaRecoveryCodes = array_diff($mfaRecoveryCodes, [$otp]);
|
|
||||||
$mfaRecoveryCodes = array_values($mfaRecoveryCodes);
|
|
||||||
$user->setAttribute('mfaRecoveryCodes', $mfaRecoveryCodes);
|
|
||||||
$dbForProject->updateDocument('users', $user->getId(), $user);
|
|
||||||
|
|
||||||
$success = true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!$success) {
|
|
||||||
throw new Exception(Exception::USER_INVALID_TOKEN);
|
|
||||||
}
|
|
||||||
|
|
||||||
$dbForProject->deleteDocument('authenticators', $authenticator->getId());
|
$dbForProject->deleteDocument('authenticators', $authenticator->getId());
|
||||||
$dbForProject->purgeCachedDocument('users', $user->getId());
|
$dbForProject->purgeCachedDocument('users', $user->getId());
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue