pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-10 12:46:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

server admin enforce 2fa per user

Browse Source
This commit is contained in:
miloschwartz
2025-07-13 21:43:09 -07:00
parent 590296e64d
commit 915ccdc007
32 changed files with 1072 additions and 1123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
server/routers/auth/login.ts
View File

@@ -21,10 +21,7 @@ import { UserType } from "@server/types/UserTypes";
export const loginBodySchema = z
.object({
email: z
.string()
.toLowerCase()
.email(),
email: z.string().toLowerCase().email(),
password: z.string(),
code: z.string().optional()
})
@@ -38,8 +35,6 @@ export type LoginResponse = {
twoFactorSetupRequired?: boolean;
};
export const dynamic = "force-dynamic";
export async function login(
req: Request,
res: Response,
@@ -110,18 +105,20 @@ export async function login(
);
}
if (existingUser.twoFactorEnabled) {
// If 2FA is enabled but no secret exists, force setup
if (!existingUser.twoFactorSecret) {
return response<LoginResponse>(res, {
data: { twoFactorSetupRequired: true },
success: true,
error: false,
message: "Two-factor authentication setup required",
status: HttpCode.ACCEPTED
});
}
if (
existingUser.twoFactorSetupRequested &&
!existingUser.twoFactorEnabled
) {
return response<LoginResponse>(res, {
data: { twoFactorSetupRequired: true },
success: true,
error: false,
message: "Two-factor authentication setup required",
status: HttpCode.ACCEPTED
});
}
if (existingUser.twoFactorEnabled) {
if (!code) {
return response<{ codeRequested: boolean }>(res, {
data: { codeRequested: true },
@@ -134,7 +131,7 @@ export async function login(
const validOTP = await verifyTotpCode(
code,
existingUser.twoFactorSecret,
existingUser.twoFactorSecret!,
existingUser.userId
);