This commit is contained in:
syuilo
@@ -1,5 +1,6 @@
|
||||
import * as express from 'express';
|
||||
import * as bcrypt from 'bcryptjs';
|
||||
import * as speakeasy from 'speakeasy';
|
||||
import { default as User, IUser } from '../models/user';
|
||||
import Signin from '../models/signin';
|
||||
import serialize from '../serializers/signin';
|
||||
@@ -11,6 +12,7 @@ export default async (req: express.Request, res: express.Response) => {
|
||||
|
||||
const username = req.body['username'];
|
||||
const password = req.body['password'];
|
||||
const token = req.body['token'];
|
||||
|
||||
if (typeof username != 'string') {
|
||||
res.sendStatus(400);
|
||||
@@ -22,6 +24,11 @@ export default async (req: express.Request, res: express.Response) => {
|
||||
return;
|
||||
}
|
||||
|
||||
if (token != null && typeof token != 'string') {
|
||||
res.sendStatus(400);
|
||||
return;
|
||||
}
|
||||
|
||||
// Fetch user
|
||||
const user: IUser = await User.findOne({
|
||||
username_lower: username.toLowerCase()
|
||||
@@ -43,7 +50,23 @@ export default async (req: express.Request, res: express.Response) => {
|
||||
const same = await bcrypt.compare(password, user.password);
|
||||
|
||||
if (same) {
|
||||
signin(res, user, false);
|
||||
if (user.two_factor_enabled) {
|
||||
const verified = (speakeasy as any).totp.verify({
|
||||
secret: user.two_factor_secret,
|
||||
encoding: 'base32',
|
||||
token: token
|
||||
});
|
||||
|
||||
if (verified) {
|
||||
signin(res, user, false);
|
||||
} else {
|
||||
res.status(400).send({
|
||||
error: 'invalid token'
|
||||
});
|
||||
}
|
||||
} else {
|
||||
signin(res, user, false);
|
||||
}
|
||||
} else {
|
||||
res.status(400).send({
|
||||
error: 'incorrect password'
|
||||
|
||||
Reference in New Issue
Block a user