cal.pub0.org/packages/trpc/server/routers/viewer/auth.tsx

92 lines
2.4 KiB
TypeScript
Raw Normal View History

import { IdentityProvider } from "@prisma/client";
import { z } from "zod";
Improve 2fa: ask for code before account removal and 2fa disabling (#3817) * fix conflicts * fix remove separate function and call mutation directly * feat: add new react-otp-input to enable 2fa flow * fix: comment out * fix: remove next-auth 4.9.0 from yarn.lock * fix: delete account test fill password before submit * fix: test delete accc * fix typo in delete acc test * Update apps/web/components/security/EnableTwoFactorModal.tsx Co-authored-by: Omar López <zomars@me.com> * feat: remove react-otp-input reuse TwoFactor * feat: add center props to TwoFactor * fix: no v2 * feat: disable 2fa requires 2fa api * feat: make 2fa required to disable 2fa * fix: FormEvent instead of SyntheticEvent * fix: types * fix: move disable 2fa form to fully use RHF * fix if (e) e.preventDefault(); * feat: fix remove account * fix: remove react-otp-input types * fix: separate onConfirm to add to form handleSubmit * fix: types e:SyntethicEvent * fix: types * fix: import packages lib not web lib * Update apps/web/components/security/EnableTwoFactorModal.tsx Co-authored-by: Omar López <zomars@me.com> * Update apps/web/components/security/EnableTwoFactorModal.tsx Co-authored-by: Omar López <zomars@me.com> * fix: no import from web * fix: import * fix: remove duplicate FormEvent * fix: upgrade ErrorCode imports * fix profile types totpCode not optional * fix: build pass * fix: dont touch test delete-account * fix: type * fix: add data-testid to password field * fix: conflicts w syncServices * Build fixes * Fixes delete account e2e test Co-authored-by: Agusti Fernandez Pardo <git@agusti.me> Co-authored-by: Omar López <zomars@me.com> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
2022-08-31 20:57:53 +00:00
import { hashPassword, validPassword, verifyPassword } from "@calcom/lib/auth";
import prisma from "@calcom/prisma";
import { TRPCError } from "@trpc/server";
import { router, authedProcedure } from "../../trpc";
export const authRouter = router({
changePassword: authedProcedure
.input(
z.object({
oldPassword: z.string(),
newPassword: z.string(),
})
)
.mutation(async ({ input, ctx }) => {
const { oldPassword, newPassword } = input;
const { user } = ctx;
if (user.identityProvider !== IdentityProvider.CAL) {
throw new TRPCError({ code: "FORBIDDEN", message: "THIRD_PARTY_IDENTITY_PROVIDER_ENABLED" });
}
const currentPasswordQuery = await prisma.user.findFirst({
where: {
id: user.id,
},
select: {
password: true,
},
});
const currentPassword = currentPasswordQuery?.password;
if (!currentPassword) {
throw new TRPCError({ code: "NOT_FOUND", message: "MISSING_PASSWORD" });
}
const passwordsMatch = await verifyPassword(oldPassword, currentPassword);
if (!passwordsMatch) {
throw new TRPCError({ code: "BAD_REQUEST", message: "INCORRECT_PASSWORD" });
}
if (oldPassword === newPassword) {
throw new TRPCError({ code: "BAD_REQUEST", message: "PASSWORD_MATCHES_OLD" });
}
if (!validPassword(newPassword)) {
throw new TRPCError({ code: "BAD_REQUEST", message: "INVALID_PASSWORD" });
}
const hashedPassword = await hashPassword(newPassword);
await prisma.user.update({
where: {
id: user.id,
},
data: {
password: hashedPassword,
},
});
}),
verifyPassword: authedProcedure
.input(
z.object({
passwordInput: z.string(),
})
)
.mutation(async ({ input, ctx }) => {
const user = await prisma.user.findUnique({
where: {
id: ctx.user.id,
},
});
if (!user?.password) {
throw new TRPCError({ code: "INTERNAL_SERVER_ERROR" });
}
const passwordsMatch = await verifyPassword(input.passwordInput, user.password);
if (!passwordsMatch) {
throw new TRPCError({ code: "UNAUTHORIZED" });
}
return;
}),
});