From 6bc499f6579a9a248430748f9a69f3e5873a5ed3 Mon Sep 17 00:00:00 2001 From: syuilo Date: Fri, 8 Dec 2017 22:57:58 +0900 Subject: #967 --- src/api/endpoints/i/2fa/done.ts | 37 ++++++++++++++++++++++++++++ src/api/endpoints/i/2fa/register.ts | 48 +++++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+) create mode 100644 src/api/endpoints/i/2fa/done.ts create mode 100644 src/api/endpoints/i/2fa/register.ts (limited to 'src/api/endpoints/i/2fa') diff --git a/src/api/endpoints/i/2fa/done.ts b/src/api/endpoints/i/2fa/done.ts new file mode 100644 index 0000000000..0b36033bb6 --- /dev/null +++ b/src/api/endpoints/i/2fa/done.ts @@ -0,0 +1,37 @@ +/** + * Module dependencies + */ +import $ from 'cafy'; +import * as speakeasy from 'speakeasy'; +import User from '../../../models/user'; + +module.exports = async (params, user) => new Promise(async (res, rej) => { + // Get 'token' parameter + const [token, tokenErr] = $(params.token).string().$; + if (tokenErr) return rej('invalid token param'); + + const _token = token.replace(/\s/g, ''); + + if (user.two_factor_temp_secret == null) { + return rej('二段階認証の設定が開始されていません'); + } + + const verified = (speakeasy as any).totp.verify({ + secret: user.two_factor_temp_secret, + encoding: 'base32', + token: _token + }); + + if (!verified) { + return rej('not verified'); + } + + await User.update(user._id, { + $set: { + two_factor_secret: user.two_factor_temp_secret, + two_factor_enabled: true + } + }); + + res(); +}); diff --git a/src/api/endpoints/i/2fa/register.ts b/src/api/endpoints/i/2fa/register.ts new file mode 100644 index 0000000000..c2b5037a29 --- /dev/null +++ b/src/api/endpoints/i/2fa/register.ts @@ -0,0 +1,48 @@ +/** + * Module dependencies + */ +import $ from 'cafy'; +import * as bcrypt from 'bcryptjs'; +import * as speakeasy from 'speakeasy'; +import * as QRCode from 'qrcode'; +import User from '../../../models/user'; +import config from '../../../../conf'; + +module.exports = async (params, user) => new Promise(async (res, rej) => { + // Get 'password' parameter + const [password, passwordErr] = $(params.password).string().$; + if (passwordErr) return rej('invalid password param'); + + // Compare password + const same = await bcrypt.compare(password, user.password); + + if (!same) { + return rej('incorrect password'); + } + + // Generate user's secret key + const secret = speakeasy.generateSecret({ + length: 32 + }); + + await User.update(user._id, { + $set: { + two_factor_temp_secret: secret.base32 + } + }); + + // Get the data URL of the authenticator URL + QRCode.toDataURL(speakeasy.otpauthURL({ + secret: secret.base32, + encoding: 'base32', + label: user.username, + issuer: config.host + }), (err, data_url) => { + res({ + qr: data_url, + secret: secret.base32, + label: user.username, + issuer: config.host + }); + }); +}); -- cgit v1.3.1-freya From d0cfe112e11c52acaeebb42c3229a37af23c846a Mon Sep 17 00:00:00 2001 From: syuilo Date: Sun, 10 Dec 2017 02:45:32 +0900 Subject: #973 --- locales/en.yml | 3 +++ locales/ja.yml | 3 +++ src/api/endpoints.ts | 17 +++++++++++++---- src/api/endpoints/i/2fa/unregister.ts | 28 ++++++++++++++++++++++++++++ src/web/app/desktop/tags/settings.tag | 21 ++++++++++++++++++++- 5 files changed, 67 insertions(+), 5 deletions(-) create mode 100644 src/api/endpoints/i/2fa/unregister.ts (limited to 'src/api/endpoints/i/2fa') diff --git a/locales/en.yml b/locales/en.yml index 4dadcb8065..8392e170c4 100644 --- a/locales/en.yml +++ b/locales/en.yml @@ -311,6 +311,9 @@ desktop: url: "https://www.google.com/landing/2step/" caution: "As a caveat, security improves, but you can not sign in to Misskey if you lose a registered device, etc." register: "Register a device" + already-registered: "The setting has already been completed." + unregister: "Disable" + unregistered: "Two-step authentication has been disabled." enter-password: "Enter the password" authenticator: "First, you need install Google Authenticator to your device:" howtoinstall: "How to install" diff --git a/locales/ja.yml b/locales/ja.yml index d38ae682ed..f9d41d9092 100644 --- a/locales/ja.yml +++ b/locales/ja.yml @@ -311,6 +311,9 @@ desktop: url: "https://www.google.co.jp/intl/ja/landing/2step/" caution: "登録したデバイスを紛失するなどした場合、Misskeyにサインインできなくなりますのでご注意ください。" register: "デバイスを登録する" + already-registered: "既に設定は完了しています。" + unregister: "設定を解除" + unregistered: "二段階認証が無効になりました。" enter-password: "パスワードを入力してください" authenticator: "まず、Google Authenticatorをお使いのデバイスにインストールします:" howtoinstall: "インストール方法はこちら" diff --git a/src/api/endpoints.ts b/src/api/endpoints.ts index 49871c0ce3..1138df193b 100644 --- a/src/api/endpoints.ts +++ b/src/api/endpoints.ts @@ -157,11 +157,18 @@ const endpoints: Endpoint[] = [ }, { name: 'i/2fa/register', - withCredential: true + withCredential: true, + secure: true + }, + { + name: 'i/2fa/unregister', + withCredential: true, + secure: true }, { name: 'i/2fa/done', - withCredential: true + withCredential: true, + secure: true }, { name: 'i/update', @@ -179,11 +186,13 @@ const endpoints: Endpoint[] = [ }, { name: 'i/change_password', - withCredential: true + withCredential: true, + secure: true }, { name: 'i/regenerate_token', - withCredential: true + withCredential: true, + secure: true }, { name: 'i/pin', diff --git a/src/api/endpoints/i/2fa/unregister.ts b/src/api/endpoints/i/2fa/unregister.ts new file mode 100644 index 0000000000..6bee6a26f2 --- /dev/null +++ b/src/api/endpoints/i/2fa/unregister.ts @@ -0,0 +1,28 @@ +/** + * Module dependencies + */ +import $ from 'cafy'; +import * as bcrypt from 'bcryptjs'; +import User from '../../../models/user'; + +module.exports = async (params, user) => new Promise(async (res, rej) => { + // Get 'password' parameter + const [password, passwordErr] = $(params.password).string().$; + if (passwordErr) return rej('invalid password param'); + + // Compare password + const same = await bcrypt.compare(password, user.password); + + if (!same) { + return rej('incorrect password'); + } + + await User.update(user._id, { + $set: { + two_factor_secret: null, + two_factor_enabled: false + } + }); + + res(); +}); diff --git a/src/web/app/desktop/tags/settings.tag b/src/web/app/desktop/tags/settings.tag index 9f71da6876..3fa1f50fce 100644 --- a/src/web/app/desktop/tags/settings.tag +++ b/src/web/app/desktop/tags/settings.tag @@ -266,7 +266,11 @@

%i18n:desktop.tags.mk-2fa-setting.intro%%i18n:desktop.tags.mk-2fa-setting.detail%

%fa:exclamation-triangle%%i18n:desktop.tags.mk-2fa-setting.caution%

-

+

+ +

%i18n:desktop.tags.mk-2fa-setting.already-registered%

+ +
  1. %i18n:desktop.tags.mk-2fa-setting.authenticator% %i18n:desktop.tags.mk-2fa-setting.howtoinstall%
    2. @@ -288,6 +292,7 @@ import passwordDialog from '../scripts/password-dialog'; import notify from '../scripts/notify'; + this.mixin('i'); this.mixin('api'); this.register = () => { @@ -302,11 +307,25 @@ }); }; + this.unregister = () => { + passwordDialog('%i18n:desktop.tags.mk-2fa-setting.enter-password%', password => { + this.api('i/2fa/unregister', { + password: password + }).then(data => { + notify('%i18n:desktop.tags.mk-2fa-setting.unregistered%'); + this.I.two_factor_enabled = false; + this.I.update(); + }); + }); + }; + this.submit = () => { this.api('i/2fa/done', { token: this.refs.token.value }).then(() => { notify('%i18n:desktop.tags.mk-2fa-setting.success%'); + this.I.two_factor_enabled = true; + this.I.update(); }).catch(() => { notify('%i18n:desktop.tags.mk-2fa-setting.failed%'); }); -- cgit v1.3.1-freya