1 files changed, 0 insertions, 95 deletions
diff --git a/server/controllers/api/users/two-factor.ts b/server/controllers/api/users/two-factor.ts
deleted file mode 100644
index e6ae9e4dd..000000000
--- a/server/controllers/api/users/two-factor.ts
+++ /dev/null
@@ -1,95 +0,0 @@
-import express from 'express'
-import { generateOTPSecret, isOTPValid } from '@server/helpers/otp'
-import { encrypt } from '@server/helpers/peertube-crypto'
-import { CONFIG } from '@server/initializers/config'
-import { Redis } from '@server/lib/redis'
-import { asyncMiddleware, authenticate, usersCheckCurrentPasswordFactory } from '@server/middlewares'
-import {
-  confirmTwoFactorValidator,
-  disableTwoFactorValidator,
-  requestOrConfirmTwoFactorValidator
-} from '@server/middlewares/validators/two-factor'
-import { HttpStatusCode, TwoFactorEnableResult } from '@shared/models'
-const twoFactorRouter = express.Router()
-twoFactorRouter.post('/:id/two-factor/request',
-  authenticate,
-  asyncMiddleware(usersCheckCurrentPasswordFactory(req => req.params.id)),
-  asyncMiddleware(requestOrConfirmTwoFactorValidator),
-  asyncMiddleware(requestTwoFactor)
-)
-twoFactorRouter.post('/:id/two-factor/confirm-request',
-  authenticate,
-  asyncMiddleware(requestOrConfirmTwoFactorValidator),
-  confirmTwoFactorValidator,
-  asyncMiddleware(confirmRequestTwoFactor)
-)
-twoFactorRouter.post('/:id/two-factor/disable',
-  authenticate,
-  asyncMiddleware(usersCheckCurrentPasswordFactory(req => req.params.id)),
-  asyncMiddleware(disableTwoFactorValidator),
-  asyncMiddleware(disableTwoFactor)
-)
-// ---------------------------------------------------------------------------
-export {
-  twoFactorRouter
-}
-// ---------------------------------------------------------------------------
-async function requestTwoFactor (req: express.Request, res: express.Response) {
-  const user = res.locals.user
-  const { secret, uri } = generateOTPSecret(user.email)
-  const encryptedSecret = await encrypt(secret, CONFIG.SECRETS.PEERTUBE)
-  const requestToken = await Redis.Instance.setTwoFactorRequest(user.id, encryptedSecret)
-  return res.json({
-    otpRequest: {
-      requestToken,
-      secret,
-      uri
-    }
-  } as TwoFactorEnableResult)
-}
-async function confirmRequestTwoFactor (req: express.Request, res: express.Response) {
-  const requestToken = req.body.requestToken
-  const otpToken = req.body.otpToken
-  const user = res.locals.user
-  const encryptedSecret = await Redis.Instance.getTwoFactorRequestToken(user.id, requestToken)
-  if (!encryptedSecret) {
-    return res.fail({
-      message: 'Invalid request token',
-      status: HttpStatusCode.FORBIDDEN_403
-    })
-  }
-  if (await isOTPValid({ encryptedSecret, token: otpToken }) !== true) {
-    return res.fail({
-      message: 'Invalid OTP token',
-      status: HttpStatusCode.FORBIDDEN_403
-    })
-  }
-  user.otpSecret = encryptedSecret
-  await user.save()
-  return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
-}
-async function disableTwoFactor (req: express.Request, res: express.Response) {
-  const user = res.locals.user
-  user.otpSecret = null
-  await user.save()
-  return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
-}

diff --git a/server/controllers/api/users/two-factor.ts b/server/controllers/api/users/two-factor.ts deleted file mode 100644 index e6ae9e4dd..000000000 --- a/server/controllers/api/users/two-factor.ts +++ /dev/null
@@ -1,95 +0,0 @@
1	import express from 'express'
2	import { generateOTPSecret, isOTPValid } from '@server/helpers/otp'
3	import { encrypt } from '@server/helpers/peertube-crypto'
4	import { CONFIG } from '@server/initializers/config'
5	import { Redis } from '@server/lib/redis'
6	import { asyncMiddleware, authenticate, usersCheckCurrentPasswordFactory } from '@server/middlewares'
7	import {
8	confirmTwoFactorValidator,
9	disableTwoFactorValidator,
10	requestOrConfirmTwoFactorValidator
11	} from '@server/middlewares/validators/two-factor'
12	import { HttpStatusCode, TwoFactorEnableResult } from '@shared/models'
13
14	const twoFactorRouter = express.Router()
15
16	twoFactorRouter.post('/:id/two-factor/request',
17	authenticate,
18	asyncMiddleware(usersCheckCurrentPasswordFactory(req => req.params.id)),
19	asyncMiddleware(requestOrConfirmTwoFactorValidator),
20	asyncMiddleware(requestTwoFactor)
21	)
22
23	twoFactorRouter.post('/:id/two-factor/confirm-request',
24	authenticate,
25	asyncMiddleware(requestOrConfirmTwoFactorValidator),
26	confirmTwoFactorValidator,
27	asyncMiddleware(confirmRequestTwoFactor)
28	)
29
30	twoFactorRouter.post('/:id/two-factor/disable',
31	authenticate,
32	asyncMiddleware(usersCheckCurrentPasswordFactory(req => req.params.id)),
33	asyncMiddleware(disableTwoFactorValidator),
34	asyncMiddleware(disableTwoFactor)
35	)
36
37	// ---------------------------------------------------------------------------
38
39	export {
40	twoFactorRouter
41	}
42
43	// ---------------------------------------------------------------------------
44
45	async function requestTwoFactor (req: express.Request, res: express.Response) {
46	const user = res.locals.user
47
48	const { secret, uri } = generateOTPSecret(user.email)
49
50	const encryptedSecret = await encrypt(secret, CONFIG.SECRETS.PEERTUBE)
51	const requestToken = await Redis.Instance.setTwoFactorRequest(user.id, encryptedSecret)
52
53	return res.json({
54	otpRequest: {
55	requestToken,
56	secret,
57	uri
58	}
59	} as TwoFactorEnableResult)
60	}
61
62	async function confirmRequestTwoFactor (req: express.Request, res: express.Response) {
63	const requestToken = req.body.requestToken
64	const otpToken = req.body.otpToken
65	const user = res.locals.user
66
67	const encryptedSecret = await Redis.Instance.getTwoFactorRequestToken(user.id, requestToken)
68	if (!encryptedSecret) {
69	return res.fail({
70	message: 'Invalid request token',
71	status: HttpStatusCode.FORBIDDEN_403
72	})
73	}
74
75	if (await isOTPValid({ encryptedSecret, token: otpToken }) !== true) {
76	return res.fail({
77	message: 'Invalid OTP token',
78	status: HttpStatusCode.FORBIDDEN_403
79	})
80	}
81
82	user.otpSecret = encryptedSecret
83	await user.save()
84
85	return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
86	}
87
88	async function disableTwoFactor (req: express.Request, res: express.Response) {
89	const user = res.locals.user
90
91	user.otpSecret = null
92	await user.save()
93
94	return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
95	}