diff --git a/.vscode/launch.json b/.vscode/launch.json index 8fd97968..0e2049e9 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -53,7 +53,7 @@ "AYANOVA_FOLDER_USER_FILES": "c:\\temp\\RavenTestData\\userfiles", "AYANOVA_FOLDER_BACKUP_FILES": "c:\\temp\\RavenTestData\\backupfiles", "AYANOVA_FOLDER_TEMPORARY_SERVER_FILES": "c:\\temp\\RavenTestData\\tempfiles", - "AYANOVA_SERVER_TEST_MODE": "true", + "AYANOVA_SERVER_TEST_MODE": "false", "AYANOVA_SERVER_TEST_MODE_SEEDLEVEL": "small", "AYANOVA_SERVER_TEST_MODE_TZ_OFFSET": "-7", "AYANOVA_BACKUP_PG_DUMP_PATH": "C:\\data\\code\\postgres_13\\bin\\" diff --git a/server/AyaNova/Controllers/AuthController.cs b/server/AyaNova/Controllers/AuthController.cs index aa51d4f2..ec02908f 100644 --- a/server/AyaNova/Controllers/AuthController.cs +++ b/server/AyaNova/Controllers/AuthController.cs @@ -194,6 +194,18 @@ namespace AyaNova.Api.Controllers } + //TWO FACTOR ENABLED?? + //if 2fa enabled then need to validate it before sending token, so we're halfway there and need to send a 2fa prompt + if (u.TwoFactorEnabled) + { + + return Ok(ApiOkResponse.Response(new + { + tfa = true + })); + } + + //build the key (JWT set in startup.cs) byte[] secretKey = System.Text.Encoding.ASCII.GetBytes(ServerBootConfig.AYANOVA_JWT_SECRET); @@ -450,12 +462,10 @@ namespace AyaNova.Api.Controllers if (u == null)//should never happen but ? return StatusCode(403, new ApiNotAuthorizedResponse()); - //if user already has a secret set then this is not valid, must be re-requested first //this is to stop someone from messing up someone's login accidentally or maliciously by simply hitting the route logged in as them - if (!string.IsNullOrWhiteSpace(u.TotpSecret) || u.TwoFactorEnabled) + if (u.TwoFactorEnabled) return BadRequest(new ApiErrorResponse(ApiErrorCode.INVALID_OPERATION, "generalerror", "2fa already enabled")); - var tfa = new TwoFactorAuth("AyaNova"); u.TotpSecret = tfa.CreateSecret(160); await ct.SaveChangesAsync();