Support two factor authentication in backend

author: Chocobozzz <me@florianbigard.com> 2022-10-05 15:37:15 +0200
committer: Chocobozzz <me@florianbigard.com> 2022-10-07 10:51:16 +0200
commit: 56f47830758ff8e92abcfcc5f35d474ab12fe215 (patch)
tree: 854e57ec1b800d6ad740c8e42bee00cbd21e1724 /shared/server-commands/users/two-factor-command.ts
parent: 7dd7ff4cebc290b09fe00d82046bb58e4e8a800d (diff)
download: PeerTube-56f47830758ff8e92abcfcc5f35d474ab12fe215.tar.gz
PeerTube-56f47830758ff8e92abcfcc5f35d474ab12fe215.tar.zst
PeerTube-56f47830758ff8e92abcfcc5f35d474ab12fe215.zip
1 files changed, 75 insertions, 0 deletions
diff --git a/shared/server-commands/users/two-factor-command.ts b/shared/server-commands/users/two-factor-command.ts
new file mode 100644
index 000000000..6c9d270ae
--- /dev/null
+++ b/shared/server-commands/users/two-factor-command.ts
@@ -0,0 +1,75 @@
+import { TOTP } from 'otpauth'
+import { HttpStatusCode, TwoFactorEnableResult } from '@shared/models'
+import { unwrapBody } from '../requests'
+import { AbstractCommand, OverrideCommandOptions } from '../shared'
+export class TwoFactorCommand extends AbstractCommand {
+  static buildOTP (options: {
+    secret: string
+  }) {
+    const { secret } = options
+    return new TOTP({
+      issuer: 'PeerTube',
+      algorithm: 'SHA1',
+      digits: 6,
+      period: 30,
+      secret
+    })
+  }
+  request (options: OverrideCommandOptions & {
+    userId: number
+    currentPassword: string
+  }) {
+    const { currentPassword, userId } = options
+    const path = '/api/v1/users/' + userId + '/two-factor/request'
+    return unwrapBody<TwoFactorEnableResult>(this.postBodyRequest({
+      ...options,
+      path,
+      fields: { currentPassword },
+      implicitToken: true,
+      defaultExpectedStatus: HttpStatusCode.OK_200
+    }))
+  }
+  confirmRequest (options: OverrideCommandOptions & {
+    userId: number
+    requestToken: string
+    otpToken: string
+  }) {
+    const { userId, requestToken, otpToken } = options
+    const path = '/api/v1/users/' + userId + '/two-factor/confirm-request'
+    return this.postBodyRequest({
+      ...options,
+      path,
+      fields: { requestToken, otpToken },
+      implicitToken: true,
+      defaultExpectedStatus: HttpStatusCode.NO_CONTENT_204
+    })
+  }
+  disable (options: OverrideCommandOptions & {
+    userId: number
+    currentPassword: string
+  }) {
+    const { userId, currentPassword } = options
+    const path = '/api/v1/users/' + userId + '/two-factor/disable'
+    return this.postBodyRequest({
+      ...options,
+      path,
+      fields: { currentPassword },
+      implicitToken: true,
+      defaultExpectedStatus: HttpStatusCode.NO_CONTENT_204
+    })
+  }
+}
author	Chocobozzz <me@florianbigard.com>	2022-10-05 15:37:15 +0200
committer	Chocobozzz <me@florianbigard.com>	2022-10-07 10:51:16 +0200
commit	56f47830758ff8e92abcfcc5f35d474ab12fe215 (patch)
tree	854e57ec1b800d6ad740c8e42bee00cbd21e1724 /shared/server-commands/users/two-factor-command.ts
parent	7dd7ff4cebc290b09fe00d82046bb58e4e8a800d (diff)
download	PeerTube-56f47830758ff8e92abcfcc5f35d474ab12fe215.tar.gz PeerTube-56f47830758ff8e92abcfcc5f35d474ab12fe215.tar.zst PeerTube-56f47830758ff8e92abcfcc5f35d474ab12fe215.zip

diff --git a/shared/server-commands/users/two-factor-command.ts b/shared/server-commands/users/two-factor-command.ts new file mode 100644 index 000000000..6c9d270ae --- /dev/null +++ b/shared/server-commands/users/two-factor-command.ts
@@ -0,0 +1,75 @@
	1	import { TOTP } from 'otpauth'
	2	import { HttpStatusCode, TwoFactorEnableResult } from '@shared/models'
	3	import { unwrapBody } from '../requests'
	4	import { AbstractCommand, OverrideCommandOptions } from '../shared'
	5
	6	export class TwoFactorCommand extends AbstractCommand {
	7
	8	static buildOTP (options: {
	9	secret: string
	10	}) {
	11	const { secret } = options
	12
	13	return new TOTP({
	14	issuer: 'PeerTube',
	15	algorithm: 'SHA1',
	16	digits: 6,
	17	period: 30,
	18	secret
	19	})
	20	}
	21
	22	request (options: OverrideCommandOptions & {
	23	userId: number
	24	currentPassword: string
	25	}) {
	26	const { currentPassword, userId } = options
	27
	28	const path = '/api/v1/users/' + userId + '/two-factor/request'
	29
	30	return unwrapBody<TwoFactorEnableResult>(this.postBodyRequest({
	31	...options,
	32
	33	path,
	34	fields: { currentPassword },
	35	implicitToken: true,
	36	defaultExpectedStatus: HttpStatusCode.OK_200
	37	}))
	38	}
	39
	40	confirmRequest (options: OverrideCommandOptions & {
	41	userId: number
	42	requestToken: string
	43	otpToken: string
	44	}) {
	45	const { userId, requestToken, otpToken } = options
	46
	47	const path = '/api/v1/users/' + userId + '/two-factor/confirm-request'
	48
	49	return this.postBodyRequest({
	50	...options,
	51
	52	path,
	53	fields: { requestToken, otpToken },
	54	implicitToken: true,
	55	defaultExpectedStatus: HttpStatusCode.NO_CONTENT_204
	56	})
	57	}
	58
	59	disable (options: OverrideCommandOptions & {
	60	userId: number
	61	currentPassword: string
	62	}) {
	63	const { userId, currentPassword } = options
	64	const path = '/api/v1/users/' + userId + '/two-factor/disable'
	65
	66	return this.postBodyRequest({
	67	...options,
	68
	69	path,
	70	fields: { currentPassword },
	71	implicitToken: true,
	72	defaultExpectedStatus: HttpStatusCode.NO_CONTENT_204
	73	})
	74	}
	75	}