reset password flow

2026-02-08 05:56:38 +00:00 · 2024-12-22 16:59:30 -05:00
parent 9c37036a39
commit f224bfa4ee
22 changed files with 739 additions and 184 deletions
--- a/server/auth/2fa.ts
+++ b/server/auth/2fa.ts
@@ -4,11 +4,12 @@ import { twoFactorBackupCodes } from "@server/db/schema";
 import { eq } from "drizzle-orm";
 import { decodeHex } from "oslo/encoding";
 import { TOTPController } from "oslo/otp";
+import { verifyPassword } from "./password";

 export async function verifyTotpCode(
    code: string,
    secret: string,
-    userId: string,
+    userId: string
 ): Promise<boolean> {
    if (code.length !== 6) {
        const validBackupCode = await verifyBackUpCode(code, userId);
@@ -16,7 +17,7 @@ export async function verifyTotpCode(
    } else {
        const validOTP = await new TOTPController().verify(
            code,
-            decodeHex(secret),
+            decodeHex(secret)
        );

        return validOTP;
@@ -25,7 +26,7 @@ export async function verifyTotpCode(

 export async function verifyBackUpCode(
    code: string,
-    userId: string,
+    userId: string
 ): Promise<boolean> {
    const allHashed = await db
        .select()
@@ -38,12 +39,7 @@ export async function verifyBackUpCode(

    let validId;
    for (const hashedCode of allHashed) {
-        const validCode = await verify(hashedCode.codeHash, code, {
-            memoryCost: 19456,
-            timeCost: 2,
-            outputLen: 32,
-            parallelism: 1,
-        });
+        const validCode = await verifyPassword(code, hashedCode.codeHash);
        if (validCode) {
            validId = hashedCode.codeId;
        }
--- a/server/auth/resourceOtp.ts
+++ b/server/auth/resourceOtp.ts
@@ -8,6 +8,7 @@ import { sendEmail } from "@server/emails";
 import ResourceOTPCode from "@server/emails/templates/ResourceOTPCode";
 import config from "@server/config";
 import { hash, verify } from "@node-rs/argon2";
+import { hashPassword } from "./password";

 export async function sendResourceOtpEmail(
    email: string,
@@ -47,12 +48,7 @@ export async function generateResourceOtpCode(

    const otp = generateRandomString(8, alphabet("0-9", "A-Z", "a-z"));

-    const otpHash = await hash(otp, {
-        memoryCost: 19456,
-        timeCost: 2,
-        outputLen: 32,
-        parallelism: 1,
-    });
+    const otpHash = await hashPassword(otp);

    await db.insert(resourceOtp).values({
        resourceId,
@@ -84,12 +80,7 @@ export async function isValidOtp(
        return false;
    }

-    const validCode = await verify(record[0].otpHash, otp, {
-        memoryCost: 19456,
-        timeCost: 2,
-        outputLen: 32,
-        parallelism: 1
-    });
+    const validCode = await verifyPassword(otp, record[0].otpHash);
    if (!validCode) {
        return false;
    }