diff options
| author | syuilo <Syuilotan@yahoo.co.jp> | 2019-07-07 05:13:21 +0900 |
|---|---|---|
| committer | syuilo <Syuilotan@yahoo.co.jp> | 2019-07-07 05:13:21 +0900 |
| commit | 351b2360145e0322705b3085a23d4e07029eeaf6 (patch) | |
| tree | 03e3f5db0fb770b0a9e9f7c580b1dd9be2f02e3a /src/server | |
| parent | イベント送信時に指定の変数の値を添付出来るように (diff) | |
| parent | Support password-less login with WebAuthn (#5112) (diff) | |
| download | sharkey-351b2360145e0322705b3085a23d4e07029eeaf6.tar.gz sharkey-351b2360145e0322705b3085a23d4e07029eeaf6.tar.bz2 sharkey-351b2360145e0322705b3085a23d4e07029eeaf6.zip | |
Merge branch 'develop' of https://github.com/syuilo/misskey into develop
Diffstat (limited to 'src/server')
| -rw-r--r-- | src/server/api/endpoints/i/2fa/password-less.ts | 21 | ||||
| -rw-r--r-- | src/server/api/private/signin.ts | 36 |
2 files changed, 49 insertions, 8 deletions
diff --git a/src/server/api/endpoints/i/2fa/password-less.ts b/src/server/api/endpoints/i/2fa/password-less.ts new file mode 100644 index 0000000000..19e75ca1c5 --- /dev/null +++ b/src/server/api/endpoints/i/2fa/password-less.ts @@ -0,0 +1,21 @@ +import $ from 'cafy'; +import define from '../../../define'; +import { UserProfiles } from '../../../../../models'; + +export const meta = { + requireCredential: true, + + secure: true, + + params: { + value: { + validator: $.boolean + } + } +}; + +export default define(meta, async (ps, user) => { + await UserProfiles.update(user.id, { + usePasswordLessLogin: ps.value + }); +}); diff --git a/src/server/api/private/signin.ts b/src/server/api/private/signin.ts index bc9346d088..67afed760b 100644 --- a/src/server/api/private/signin.ts +++ b/src/server/api/private/signin.ts @@ -72,19 +72,25 @@ export default async (ctx: Koa.BaseContext) => { } } - if (!same) { - await fail(403, { - error: 'incorrect password' - }); - return; - } - if (!profile.twoFactorEnabled) { - signin(ctx, user); + if (same) { + signin(ctx, user); + } else { + await fail(403, { + error: 'incorrect password' + }); + } return; } if (token) { + if (!same) { + await fail(403, { + error: 'incorrect password' + }); + return; + } + const verified = (speakeasy as any).totp.verify({ secret: profile.twoFactorSecret, encoding: 'base32', @@ -101,6 +107,13 @@ export default async (ctx: Koa.BaseContext) => { return; } } else if (body.credentialId) { + if (!same && !profile.usePasswordLessLogin) { + await fail(403, { + error: 'incorrect password' + }); + return; + } + const clientDataJSON = Buffer.from(body.clientDataJSON, 'hex'); const clientData = JSON.parse(clientDataJSON.toString('utf-8')); const challenge = await AttestationChallenges.findOne({ @@ -163,6 +176,13 @@ export default async (ctx: Koa.BaseContext) => { return; } } else { + if (!same && !profile.usePasswordLessLogin) { + await fail(403, { + error: 'incorrect password' + }); + return; + } + const keys = await UserSecurityKeys.find({ userId: user.id }); |