server/AyaNova/Controllers/AuthController.cs

@@ -452,9 +452,9 @@ namespace AyaNova.Api.Controllers
 
             //if user already has a secret set then this is not valid, must be re-requested first
             //this is to stop someone from messing up someone's login accidentally or maliciously by simply hitting the route logged in as them
-            if(!string.IsNullOrWhiteSpace(u.TotpSecret) || u.TwoFactorEnabled)
-                 return BadRequest(new ApiErrorResponse(ApiErrorCode.INVALID_OPERATION, "generalerror", "2fa already enabled"));
-            
+            if (!string.IsNullOrWhiteSpace(u.TotpSecret) || u.TwoFactorEnabled)
+                return BadRequest(new ApiErrorResponse(ApiErrorCode.INVALID_OPERATION, "generalerror", "2fa already enabled"));
+
 
             var tfa = new TwoFactorAuth("AyaNova");
             u.TotpSecret = tfa.CreateSecret(160);
@@ -509,7 +509,13 @@ namespace AyaNova.Api.Controllers
 
             //ok, something to validate, let's validate it
             var tfa = new TwoFactorAuth("AyaNova");
-            var ret = tfa.VerifyCode(u.TotpSecret, pin.Pin, 8);
+            var ret = tfa.VerifyCode(u.TotpSecret, pin.Pin.Replace(" ", "").Trim());
+            if (ret == true)
+            {
+                //enable 2fa on user account
+                u.TwoFactorEnabled = true;
+                await ct.SaveChangesAsync();
+            }
 
             return Ok(ApiOkResponse.Response(new
             {
@@ -517,6 +523,34 @@ namespace AyaNova.Api.Controllers
             }));
         }
 
+
+        /// <summary>
+        /// Disable (turn off) 2fa for current user account
+        /// 
+        /// </summary>      
+        /// <param name="apiVersion">From route path</param>
+        /// <returns>OK on success</returns>
+        [HttpPost("totp-disable")]
+        public async Task<IActionResult> DisableTOTP(ApiVersion apiVersion)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+
+            //get user
+            var UserId = UserIdFromContext.Id(HttpContext.Items);
+
+            var u = await ct.User.FirstOrDefaultAsync(z => z.Id == UserId);
+            if (u == null)//should never happen but ?
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+
+            u.TotpSecret = null;
+            u.TwoFactorEnabled = false;
+            await ct.SaveChangesAsync();
+            return NoContent();
+        }
         //------------------------------------------------------
 
         public class CredentialsParam

server/AyaNova/resource/de.json

@@ -2171,5 +2171,7 @@
   "AuthConnectAppManualEntry":"Haben Sie Probleme beim Scannen des Codes? Geben Sie Folgendes manuell in Ihre Authentifizierungs-App ein:",
   "AuthEnterPin":"Geben Sie den 6-stelligen Passcode ein",
   "AuthPinInvalid":"Passcode ungültig",
-  "AuthConnectCompleted":"Die Zwei-Faktor-Authentifizierung ist jetzt aktiviert"
+  "AuthConnectCompleted":"Die Zwei-Faktor-Authentifizierung ist jetzt aktiviert",
+  "AuthDisableTwoFactor":"Deaktivieren Sie die Zwei-Faktor-Authentifizierung",
+  "AuthTwoFactorDisabled":"Die Zwei-Faktor-Authentifizierung ist jetzt deaktiviert"
 }

server/AyaNova/resource/en.json

@@ -2171,5 +2171,7 @@
   "AuthConnectAppManualEntry":"Having trouble scanning the code? Enter the following manually into your authenticator app:",
   "AuthEnterPin":"Enter 6 digit pass code",
   "AuthPinInvalid":"Pass code not valid",
-  "AuthConnectCompleted":"Two factor authentication is now enabled"
+  "AuthConnectCompleted":"Two-Factor authentication is now enabled",
+  "AuthDisableTwoFactor":"Disable Two-Factor authentication",
+  "AuthTwoFactorDisabled":"Two-Factor authentication is now disabled"
 }

server/AyaNova/resource/es.json

@@ -2171,5 +2171,7 @@
   "AuthConnectAppManualEntry":"¿Tiene problemas para escanear el código? Ingrese lo siguiente manualmente en su aplicación de autenticación:",
   "AuthEnterPin":"Ingrese un código de acceso de 6 dígitos",
   "AuthPinInvalid":"Código de acceso no válido",
-  "AuthConnectCompleted":"La autenticación de dos factores ahora está habilitada"
+  "AuthConnectCompleted":"La autenticación de dos factores ahora está habilitada",
+  "AuthDisableTwoFactor":"Deshabilitar la autenticación de dos factores",
+  "AuthTwoFactorDisabled":"La autenticación de dos factores ahora está deshabilitada"
 }

server/AyaNova/resource/fr.json

@@ -2171,5 +2171,7 @@
   "AuthConnectAppManualEntry":"Vous rencontrez des difficultés pour scanner le code? Saisissez les informations suivantes manuellement dans votre application d'authentification:",
   "AuthEnterPin":"Entrez le code d'accès à 6 chiffres",
   "AuthPinInvalid":"Code d'accès non valide",
-  "AuthConnectCompleted":"L'authentification à deux facteurs est maintenant activée"
+  "AuthConnectCompleted":"L'authentification à deux facteurs est maintenant activée",
+  "AuthDisableTwoFactor":"Désactiver l'authentification à deux facteurs",
+  "AuthTwoFactorDisabled":"L'authentification à deux facteurs est maintenant désactivée"
 }