mirror of
https://github.com/HeyPuter/puter
synced 2024-11-15 06:15:47 +00:00
Prevent enable of 2FA without configure
This commit is contained in:
parent
9c5849fbce
commit
923d5878c3
@ -339,6 +339,10 @@ module.exports = class APIError {
|
||||
status: 409,
|
||||
message: '2FA is already enabled.',
|
||||
},
|
||||
'2fa_not_configured': {
|
||||
status: 409,
|
||||
message: '2FA is not configured.',
|
||||
},
|
||||
|
||||
// protected endpoints
|
||||
'too_many_requests': {
|
||||
|
@ -88,10 +88,16 @@ module.exports = eggspress('/auth/configure-2fa/:action', {
|
||||
|
||||
const user = await get_user({ id: req.user.id, force: true });
|
||||
|
||||
// Verify that 2FA isn't already enabled
|
||||
if ( user.otp_enabled ) {
|
||||
throw APIError.create('2fa_already_enabled');
|
||||
}
|
||||
|
||||
// Verify that TOTP secret was set (configuration step not skipped)
|
||||
if ( ! user.otp_secret ) {
|
||||
throw APIError.create('2fa_not_configured');
|
||||
}
|
||||
|
||||
await db.write(
|
||||
`UPDATE user SET otp_enabled = 1 WHERE uuid = ?`,
|
||||
[user.uuid]
|
||||
|
Loading…
Reference in New Issue
Block a user