feat: Refine 2fa (#11766)

* wip * Update 2fa.qrdialog.vue * Update 2fa.vue * Update CHANGELOG.md * tweak * :v:
author: syuilo <Syuilotan@yahoo.co.jp> 2023-08-28 18:25:31 +0900
committer: GitHub <noreply@github.com> 2023-08-28 18:25:31 +0900
commit: 257c4fccf1193f111686f039e06cc4d00b9dce37 (patch)
tree: b502d371495bc5a6c18349eb9fd9089cee4f4fa0 /packages/backend/src/server/api
parent: Merge branch 'develop' of https://github.com/misskey-dev/misskey into develop (diff)
download: sharkey-257c4fccf1193f111686f039e06cc4d00b9dce37.tar.gz
sharkey-257c4fccf1193f111686f039e06cc4d00b9dce37.tar.bz2
sharkey-257c4fccf1193f111686f039e06cc4d00b9dce37.zip
3 files changed, 15 insertions, 0 deletions
diff --git a/packages/backend/src/server/api/SigninApiService.ts b/packages/backend/src/server/api/SigninApiService.ts
index d68b2617e3..58a5cca4fc 100644
--- a/packages/backend/src/server/api/SigninApiService.ts
+++ b/packages/backend/src/server/api/SigninApiService.ts
@@ -160,6 +160,13 @@ export class SigninApiService {
 				});
 			}
 
+			if (profile.twoFactorBackupSecret?.includes(token)) {
+				await this.userProfilesRepository.update({ userId: profile.userId }, {
+					twoFactorBackupSecret: profile.twoFactorBackupSecret.filter((secret) => secret !== token),
+				});
+				return this.signinService.signin(request, reply, user);
+			}
+
 			const delta = OTPAuth.TOTP.validate({
 				secret: OTPAuth.Secret.fromBase32(profile.twoFactorSecret!),
 				digits: 6,
diff --git a/packages/backend/src/server/api/endpoints/i/2fa/done.ts b/packages/backend/src/server/api/endpoints/i/2fa/done.ts
index e508a28cc0..2d1457b9b5 100644
--- a/packages/backend/src/server/api/endpoints/i/2fa/done.ts
+++ b/packages/backend/src/server/api/endpoints/i/2fa/done.ts
@@ -54,8 +54,11 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				throw new Error('not verified');
 			}
 
+			const backupCodes = Array.from({ length: 5 }, () => new OTPAuth.Secret().base32);
+
 			await this.userProfilesRepository.update(me.id, {
 				twoFactorSecret: profile.twoFactorTempSecret,
+				twoFactorBackupSecret: backupCodes,
 				twoFactorEnabled: true,
 			});
 
@@ -64,6 +67,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				detail: true,
 				includeSecrets: true,
 			}));
+
+			return {
+				backupCodes: backupCodes,
+			};
 		});
 	}
 }
diff --git a/packages/backend/src/server/api/endpoints/i/2fa/unregister.ts b/packages/backend/src/server/api/endpoints/i/2fa/unregister.ts
index ee58fb2af4..e017e2ef53 100644
--- a/packages/backend/src/server/api/endpoints/i/2fa/unregister.ts
+++ b/packages/backend/src/server/api/endpoints/i/2fa/unregister.ts
@@ -46,6 +46,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 
 			await this.userProfilesRepository.update(me.id, {
 				twoFactorSecret: null,
+				twoFactorBackupSecret: null,
 				twoFactorEnabled: false,
 				usePasswordLessLogin: false,
 			});
author	syuilo <Syuilotan@yahoo.co.jp>	2023-08-28 18:25:31 +0900
committer	GitHub <noreply@github.com>	2023-08-28 18:25:31 +0900
commit	257c4fccf1193f111686f039e06cc4d00b9dce37 (patch)
tree	b502d371495bc5a6c18349eb9fd9089cee4f4fa0 /packages/backend/src/server/api
parent	Merge branch 'develop' of https://github.com/misskey-dev/misskey into develop (diff)
download	sharkey-257c4fccf1193f111686f039e06cc4d00b9dce37.tar.gz sharkey-257c4fccf1193f111686f039e06cc4d00b9dce37.tar.bz2 sharkey-257c4fccf1193f111686f039e06cc4d00b9dce37.zip