disable 2fa and end email notifications

2026-03-05 10:16:41 +00:00 · 2024-12-24 15:36:55 -05:00
parent ccc2e3358c
commit cf75be5a6c
14 changed files with 555 additions and 173 deletions
--- a/server/routers/auth/verifyTotp.ts
+++ b/server/routers/auth/verifyTotp.ts
@@ -11,6 +11,9 @@ import { alphabet, generateRandomString } from "oslo/crypto";
 import { hashPassword } from "@server/auth/password";
 import { verifyTotpCode } from "@server/auth/2fa";
 import logger from "@server/logger";
+import { sendEmail } from "@server/emails";
+import TwoFactorAuthNotification from "@server/emails/templates/TwoFactorAuthNotification";
+import config from "@server/config";

 export const verifyTotpBody = z
    .object({
@@ -90,8 +93,6 @@ export async function verifyTotp(
            }
        }

-        // TODO: send email to user confirming two-factor authentication is enabled
-
        if (!valid) {
            return next(
                createHttpError(
@@ -101,6 +102,18 @@ export async function verifyTotp(
            );
        }

+        sendEmail(
+            TwoFactorAuthNotification({
+                email: user.email,
+                enabled: true
+            }),
+            {
+                to: user.email,
+                from: config.email?.no_reply,
+                subject: "Two-factor authentication enabled"
+            }
+        );
+
        return response<VerifyTotpResponse>(res, {
            data: {
                valid,