Fix player error modal size

[github/Chocobozzz/PeerTube.git] / server / controllers / api / users / two-factor.ts

diff --git a/server/controllers/api/users/two-factor.ts b/server/controllers/api/users/two-factor.ts
index 1725294e78e479d42f2b96c04eff0f8c4934a10b..e6ae9e4dd42b855528ce1feb9b2265ef6f5093e0 100644 (file)
--- a/server/controllers/api/users/two-factor.ts
+++ b/server/controllers/api/users/two-factor.ts
@@ -1,7 +1,9 @@
 import express from 'express'
 import { generateOTPSecret, isOTPValid } from '@server/helpers/otp'
+import { encrypt } from '@server/helpers/peertube-crypto'
+import { CONFIG } from '@server/initializers/config'
 import { Redis } from '@server/lib/redis'
-import { asyncMiddleware, authenticate, usersCheckCurrentPassword } from '@server/middlewares'
+import { asyncMiddleware, authenticate, usersCheckCurrentPasswordFactory } from '@server/middlewares'
 import {
   confirmTwoFactorValidator,
   disableTwoFactorValidator,
@@ -13,7 +15,7 @@ const twoFactorRouter = express.Router()
 
 twoFactorRouter.post('/:id/two-factor/request',
   authenticate,
-  asyncMiddleware(usersCheckCurrentPassword),
+  asyncMiddleware(usersCheckCurrentPasswordFactory(req => req.params.id)),
   asyncMiddleware(requestOrConfirmTwoFactorValidator),
   asyncMiddleware(requestTwoFactor)
 )
@@ -27,7 +29,7 @@ twoFactorRouter.post('/:id/two-factor/confirm-request',
 
 twoFactorRouter.post('/:id/two-factor/disable',
   authenticate,
-  asyncMiddleware(usersCheckCurrentPassword),
+  asyncMiddleware(usersCheckCurrentPasswordFactory(req => req.params.id)),
   asyncMiddleware(disableTwoFactorValidator),
   asyncMiddleware(disableTwoFactor)
 )
@@ -44,7 +46,9 @@ async function requestTwoFactor (req: express.Request, res: express.Response) {
   const user = res.locals.user
 
   const { secret, uri } = generateOTPSecret(user.email)
-  const requestToken = await Redis.Instance.setTwoFactorRequest(user.id, secret)
+
+  const encryptedSecret = await encrypt(secret, CONFIG.SECRETS.PEERTUBE)
+  const requestToken = await Redis.Instance.setTwoFactorRequest(user.id, encryptedSecret)
 
   return res.json({
     otpRequest: {
@@ -60,22 +64,22 @@ async function confirmRequestTwoFactor (req: express.Request, res: express.Respo
   const otpToken = req.body.otpToken
   const user = res.locals.user
 
-  const secret = await Redis.Instance.getTwoFactorRequestToken(user.id, requestToken)
-  if (!secret) {
+  const encryptedSecret = await Redis.Instance.getTwoFactorRequestToken(user.id, requestToken)
+  if (!encryptedSecret) {
     return res.fail({
       message: 'Invalid request token',
       status: HttpStatusCode.FORBIDDEN_403
     })
   }
 
-  if (isOTPValid({ secret, token: otpToken }) !== true) {
+  if (await isOTPValid({ encryptedSecret, token: otpToken }) !== true) {
     return res.fail({
       message: 'Invalid OTP token',
       status: HttpStatusCode.FORBIDDEN_403
     })
   }
 
-  user.otpSecret = secret
+  user.otpSecret = encryptedSecret
   await user.save()
 
   return res.sendStatus(HttpStatusCode.NO_CONTENT_204)