feat: enable/disable TFA per user

2020-08-30 14:18:22 -04:00
parent 32d67adee1
commit e319355017
6 changed files with 144 additions and 33 deletions
--- a/server/controllers/auth.js
+++ b/server/controllers/auth.js
@@ -71,7 +71,7 @@ router.all('/login/:strategy/callback', async (req, res, next) => {
      strategy: req.params.strategy
    }, { req, res })
    res.cookie('jwt', authResult.jwt, { expires: moment().add(1, 'y').toDate() })
-    res.redirect('/')
+    res.redirect(authResult.redirect)
  } catch (err) {
    next(err)
  }
--- a/server/graph/resolvers/user.js
+++ b/server/graph/resolvers/user.js
@@ -23,11 +23,15 @@ module.exports = {
        .select('id', 'email', 'name', 'providerKey', 'createdAt')
    },
    async single(obj, args, context, info) {
-      console.info(WIKI.auth.strategies)
      let usr = await WIKI.models.users.query().findById(args.id)
      usr.password = ''
      usr.tfaSecret = ''
-      usr.providerName = _.get(WIKI.auth.strategies, usr.providerKey).displayName
+
+      const str = _.get(WIKI.auth.strategies, usr.providerKey)
+      str.strategy = _.find(WIKI.data.authentication, ['key', str.strategyKey])
+      usr.providerName = str.displayName
+      usr.providerIs2FACapable = _.get(str, 'strategy.useForm', false)
+
      return usr
    },
    async profile (obj, args, context, info) {
@@ -140,6 +144,28 @@ module.exports = {
        return graphHelper.generateError(err)
      }
    },
+    async enableTFA (obj, args) {
+      try {
+        await WIKI.models.users.query().patch({ tfaIsActive: true, tfaSecret: null }).findById(args.id)
+
+        return {
+          responseResult: graphHelper.generateSuccess('User 2FA enabled successfully')
+        }
+      } catch (err) {
+        return graphHelper.generateError(err)
+      }
+    },
+    async disableTFA (obj, args) {
+      try {
+        await WIKI.models.users.query().patch({ tfaIsActive: false, tfaSecret: null }).findById(args.id)
+
+        return {
+          responseResult: graphHelper.generateSuccess('User 2FA disabled successfully')
+        }
+      } catch (err) {
+        return graphHelper.generateError(err)
+      }
+    },
    resetPassword (obj, args) {
      return false
    },
--- a/server/graph/schemas/user.graphql
+++ b/server/graph/schemas/user.graphql
@@ -78,6 +78,14 @@ type UserMutation {
    id: Int!
  ): DefaultResponse @auth(requires: ["manage:users", "manage:system"])

+  enableTFA(
+    id: Int!
+  ): DefaultResponse @auth(requires: ["manage:users", "manage:system"])
+
+  disableTFA(
+    id: Int!
+  ): DefaultResponse @auth(requires: ["manage:users", "manage:system"])
+
  resetPassword(
    id: Int!
  ): DefaultResponse
@@ -130,6 +138,7 @@ type User {
  providerKey: String!
  providerName: String
  providerId: String
+  providerIs2FACapable: Boolean
  isSystem: Boolean!
  isActive: Boolean!
  isVerified: Boolean!
--- a/server/models/users.js
+++ b/server/models/users.js
@@ -28,7 +28,7 @@ module.exports = class User extends Model {
        providerId: {type: 'string'},
        password: {type: 'string'},
        tfaIsActive: {type: 'boolean', default: false},
-        tfaSecret: {type: 'string'},
+        tfaSecret: {type: ['string', null]},
        jobTitle: {type: 'string'},
        location: {type: 'string'},
        pictureUrl: {type: 'string'},