added reset password workflow

2026-03-03 17:26:38 +00:00 · 2024-10-05 17:01:49 -04:00
parent 838047bb4c
commit 7d66a6ff66
12 changed files with 278 additions and 29 deletions
--- a/server/routers/auth/verifyTotp.ts
+++ b/server/routers/auth/verifyTotp.ts
@@ -19,7 +19,7 @@ export type VerifyTotpBody = z.infer<typeof verifyTotpBody>;

 export type VerifyTotpResponse = {
    valid: boolean;
-    backupCodes: string[];
+    backupCodes?: string[];
 };

 export async function verifyTotp(
@@ -63,26 +63,33 @@ export async function verifyTotp(
    try {
        const valid = await verifyTotpCode(code, user.twoFactorSecret, user.id);

-        const backupCodes = await generateBackupCodes();
-        for (const code of backupCodes) {
-            const hash = await hashPassword(code);
-
-            await db.insert(twoFactorBackupCodes).values({
-                userId: user.id,
-                codeHash: hash,
-            });
-        }
-
+        let codes;
        if (valid) {
            // if valid, enable two-factor authentication; the totp secret is no longer temporary
            await db
                .update(users)
                .set({ twoFactorEnabled: true })
                .where(eq(users.id, user.id));
+
+            const backupCodes = await generateBackupCodes();
+            codes = backupCodes;
+            for (const code of backupCodes) {
+                const hash = await hashPassword(code);
+
+                await db.insert(twoFactorBackupCodes).values({
+                    userId: user.id,
+                    codeHash: hash,
+                });
+            }
        }

+        // TODO: send email to user confirming two-factor authentication is enabled
+
        return response<VerifyTotpResponse>(res, {
-            data: { valid, backupCodes },
+            data: {
+                valid,
+                ...(valid && codes ? { backupCodes: codes } : {}),
+            },
            success: true,
            error: false,
            message: valid