2FA有効時、パスワードをチェックしてからトークンを確認するように

2023-10-11 11:26:04 +09:00
parent 511ff69900
commit 70abe21589
8 changed files with 57 additions and 62 deletions
--- a/packages/backend/src/server/api/endpoints/i/2fa/register-key.ts
+++ b/packages/backend/src/server/api/endpoints/i/2fa/register-key.ts
@@ -58,7 +58,6 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 		private userAuthService: UserAuthService,
 	) {
 		super(meta, paramDef, async (ps, me) => {
-			const token = ps.token;
 			const profile = await this.userProfilesRepository.findOne({
 				where: {
 					userId: me.id,
@@ -70,7 +69,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 				throw new ApiError(meta.errors.userNotFound);
 			}

+			const passwordMatched = await bcrypt.compare(ps.password, profile.password ?? '');
+			if (!passwordMatched) {
+				throw new ApiError(meta.errors.incorrectPassword);
+			}
+
 			if (profile.twoFactorEnabled) {
+				const token = ps.token;
 				if (token == null) {
 					throw new Error('authentication failed');
 				}
@@ -80,14 +85,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 				} catch (e) {
 					throw new Error('authentication failed');
 				}
-			}
-
-			const passwordMatched = await bcrypt.compare(ps.password, profile.password ?? '');
-			if (!passwordMatched) {
-				throw new ApiError(meta.errors.incorrectPassword);
-			}
-
-			if (!profile.twoFactorEnabled) {
+			} else {
 				throw new ApiError(meta.errors.twoFactorNotEnabled);
 			}