pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-03 09:16:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

added change password endpoint

Browse Source
This commit is contained in:
Milo Schwartz
2024-10-05 15:11:51 -04:00
parent 86fb43d570
commit e7080c4aa8
9 changed files with 207 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
server/routers/auth/login.ts
View File

@@ -14,6 +14,7 @@ import { decodeHex } from "oslo/encoding";
import { TOTPController } from "oslo/otp";
import { z } from "zod";
import { fromError } from "zod-validation-error";
import { verifyTotpCode } from "./verifyTotpCode";
export const loginBodySchema = z.object({
email: z.string().email(),
@@ -104,22 +105,12 @@ export async function login(
});
}
if (!existingUser.twoFactorSecret) {
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Failed to authenticate user",
),
);
}
const validOTP = await new TOTPController().verify(
const validOTP = await verifyTotpCode(
code,
decodeHex(existingUser.twoFactorSecret),
existingUser.twoFactorSecret!,
);
if (!validOTP) {
await new Promise((resolve) => setTimeout(resolve, 250)); // delay to prevent brute force attacks
return next(
createHttpError(
HttpCode.BAD_REQUEST,