diff --git a/server/AyaNova/Controllers/AuthController.cs b/server/AyaNova/Controllers/AuthController.cs
index 1efce9ac..aa51d4f2 100644
--- a/server/AyaNova/Controllers/AuthController.cs
+++ b/server/AyaNova/Controllers/AuthController.cs
@@ -452,9 +452,9 @@ namespace AyaNova.Api.Controllers
//if user already has a secret set then this is not valid, must be re-requested first
//this is to stop someone from messing up someone's login accidentally or maliciously by simply hitting the route logged in as them
- if(!string.IsNullOrWhiteSpace(u.TotpSecret) || u.TwoFactorEnabled)
- return BadRequest(new ApiErrorResponse(ApiErrorCode.INVALID_OPERATION, "generalerror", "2fa already enabled"));
-
+ if (!string.IsNullOrWhiteSpace(u.TotpSecret) || u.TwoFactorEnabled)
+ return BadRequest(new ApiErrorResponse(ApiErrorCode.INVALID_OPERATION, "generalerror", "2fa already enabled"));
+
var tfa = new TwoFactorAuth("AyaNova");
u.TotpSecret = tfa.CreateSecret(160);
@@ -509,7 +509,13 @@ namespace AyaNova.Api.Controllers
//ok, something to validate, let's validate it
var tfa = new TwoFactorAuth("AyaNova");
- var ret = tfa.VerifyCode(u.TotpSecret, pin.Pin, 8);
+ var ret = tfa.VerifyCode(u.TotpSecret, pin.Pin.Replace(" ", "").Trim());
+ if (ret == true)
+ {
+ //enable 2fa on user account
+ u.TwoFactorEnabled = true;
+ await ct.SaveChangesAsync();
+ }
return Ok(ApiOkResponse.Response(new
{
@@ -517,6 +523,34 @@ namespace AyaNova.Api.Controllers
}));
}
+
+ ///
+ /// Disable (turn off) 2fa for current user account
+ ///
+ ///
+ /// From route path
+ /// OK on success
+ [HttpPost("totp-disable")]
+ public async Task DisableTOTP(ApiVersion apiVersion)
+ {
+ if (!serverState.IsOpen)
+ return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+
+ if (!ModelState.IsValid)
+ return BadRequest(new ApiErrorResponse(ModelState));
+
+ //get user
+ var UserId = UserIdFromContext.Id(HttpContext.Items);
+
+ var u = await ct.User.FirstOrDefaultAsync(z => z.Id == UserId);
+ if (u == null)//should never happen but ?
+ return StatusCode(403, new ApiNotAuthorizedResponse());
+
+ u.TotpSecret = null;
+ u.TwoFactorEnabled = false;
+ await ct.SaveChangesAsync();
+ return NoContent();
+ }
//------------------------------------------------------
public class CredentialsParam
diff --git a/server/AyaNova/resource/de.json b/server/AyaNova/resource/de.json
index 15877d13..14520b40 100644
--- a/server/AyaNova/resource/de.json
+++ b/server/AyaNova/resource/de.json
@@ -2171,5 +2171,7 @@
"AuthConnectAppManualEntry":"Haben Sie Probleme beim Scannen des Codes? Geben Sie Folgendes manuell in Ihre Authentifizierungs-App ein:",
"AuthEnterPin":"Geben Sie den 6-stelligen Passcode ein",
"AuthPinInvalid":"Passcode ungültig",
- "AuthConnectCompleted":"Die Zwei-Faktor-Authentifizierung ist jetzt aktiviert"
+ "AuthConnectCompleted":"Die Zwei-Faktor-Authentifizierung ist jetzt aktiviert",
+ "AuthDisableTwoFactor":"Deaktivieren Sie die Zwei-Faktor-Authentifizierung",
+ "AuthTwoFactorDisabled":"Die Zwei-Faktor-Authentifizierung ist jetzt deaktiviert"
}
\ No newline at end of file
diff --git a/server/AyaNova/resource/en.json b/server/AyaNova/resource/en.json
index 63de2ecb..1b77cf87 100644
--- a/server/AyaNova/resource/en.json
+++ b/server/AyaNova/resource/en.json
@@ -2171,5 +2171,7 @@
"AuthConnectAppManualEntry":"Having trouble scanning the code? Enter the following manually into your authenticator app:",
"AuthEnterPin":"Enter 6 digit pass code",
"AuthPinInvalid":"Pass code not valid",
- "AuthConnectCompleted":"Two factor authentication is now enabled"
+ "AuthConnectCompleted":"Two-Factor authentication is now enabled",
+ "AuthDisableTwoFactor":"Disable Two-Factor authentication",
+ "AuthTwoFactorDisabled":"Two-Factor authentication is now disabled"
}
\ No newline at end of file
diff --git a/server/AyaNova/resource/es.json b/server/AyaNova/resource/es.json
index 88822132..3cf6df83 100644
--- a/server/AyaNova/resource/es.json
+++ b/server/AyaNova/resource/es.json
@@ -2171,5 +2171,7 @@
"AuthConnectAppManualEntry":"¿Tiene problemas para escanear el código? Ingrese lo siguiente manualmente en su aplicación de autenticación:",
"AuthEnterPin":"Ingrese un código de acceso de 6 dígitos",
"AuthPinInvalid":"Código de acceso no válido",
- "AuthConnectCompleted":"La autenticación de dos factores ahora está habilitada"
+ "AuthConnectCompleted":"La autenticación de dos factores ahora está habilitada",
+ "AuthDisableTwoFactor":"Deshabilitar la autenticación de dos factores",
+ "AuthTwoFactorDisabled":"La autenticación de dos factores ahora está deshabilitada"
}
\ No newline at end of file
diff --git a/server/AyaNova/resource/fr.json b/server/AyaNova/resource/fr.json
index 5b0ee950..d6e66029 100644
--- a/server/AyaNova/resource/fr.json
+++ b/server/AyaNova/resource/fr.json
@@ -2171,5 +2171,7 @@
"AuthConnectAppManualEntry":"Vous rencontrez des difficultés pour scanner le code? Saisissez les informations suivantes manuellement dans votre application d'authentification:",
"AuthEnterPin":"Entrez le code d'accès à 6 chiffres",
"AuthPinInvalid":"Code d'accès non valide",
- "AuthConnectCompleted":"L'authentification à deux facteurs est maintenant activée"
+ "AuthConnectCompleted":"L'authentification à deux facteurs est maintenant activée",
+ "AuthDisableTwoFactor":"Désactiver l'authentification à deux facteurs",
+ "AuthTwoFactorDisabled":"L'authentification à deux facteurs est maintenant désactivée"
}
\ No newline at end of file