-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(2fa): implement two factor authentication using google authentic…
…ator (#82) * chore(twofa): add input on front to enable twofa, endpoint in back started * feat(back): qr code generated in front and works with google authenticator app * chore(twofa): verification code failed, try to know why * fix(2fa): two fa works ! * enhancement(2fa): better lisibility on back by splitting 2fa in other controller
- Loading branch information
Showing
27 changed files
with
534 additions
and
5,258 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
backend/prisma/migrations/20230326102148_two_fa_authenticated/migration.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
-- AlterTable | ||
ALTER TABLE "User" ADD COLUMN "twoFAAuthenticated" BOOLEAN DEFAULT false; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
import { Body, Controller, Post, Req, Res } from '@nestjs/common'; | ||
import { AuthService } from '../auth.service'; | ||
import { RequestWithUser } from '../../interfaces/request-with-user.interface'; | ||
import { Response } from 'express'; | ||
import { TwoFaService } from './twofa.service'; | ||
|
||
@Controller('2fa') | ||
export class TwoFaController { | ||
constructor( | ||
private readonly authService: AuthService, | ||
private readonly twoFaService: TwoFaService | ||
) {} | ||
|
||
@Post('verify') | ||
async verify2fa( | ||
@Req() req: RequestWithUser, | ||
@Res() res: Response, | ||
@Body() datas: { code: string } | ||
){ | ||
const user = req.user; | ||
console.log(user); | ||
try { | ||
await this.twoFaService.verifyTwoFactorAuthCode(user, datas.code); | ||
|
||
if (req.cookies[process.env.JWT_COOKIE]) | ||
res.clearCookie(process.env.JWT_COOKIE); | ||
|
||
this.authService.storeTokenInCookie(user, res); | ||
|
||
res.status(200).send({ twoFAAuthenticated: true }); | ||
} | ||
catch (e) { | ||
res.status(500).send(e); | ||
} | ||
} | ||
|
||
@Post('generate') | ||
async generate2fa(@Req() req: RequestWithUser, @Res() res: Response) { | ||
const user = req.user; | ||
if (user.twoFA) { | ||
const otpauthUrl = await this.twoFaService.generateTwoFactorAuthSecret(req.user); | ||
const qrCodeImage = await this.twoFaService.generateQrCode(res, otpauthUrl); | ||
res.status(200).json({ qrCodeImage: qrCodeImage }); | ||
} else { | ||
res.status(400).send('2FA already enabled'); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
import { BadRequestException, Injectable } from '@nestjs/common'; | ||
import { PrismaService } from '../../prisma/prisma.service'; | ||
import { UsersService } from '../../users/users.service'; | ||
import { User } from '@prisma/client'; | ||
import { Response } from 'express'; | ||
import * as speakeasy from 'speakeasy'; | ||
import * as QRCode from 'qrcode'; | ||
|
||
@Injectable() | ||
export class TwoFaService { | ||
constructor( | ||
private readonly prismaService: PrismaService, | ||
private readonly usersService: UsersService | ||
) {} | ||
|
||
async verifyTwoFactorAuthCode(user: User, code: string) { | ||
const verified = speakeasy.totp.verify({ | ||
secret: user.twoFASecret, | ||
encoding: 'base32', | ||
token: code | ||
}); | ||
if (!verified) { | ||
throw new BadRequestException('Invalid code'); | ||
} | ||
this.prismaService.user.update({ | ||
where: { | ||
id: user.id | ||
}, | ||
data: { | ||
twoFAAuthenticated: true | ||
}, | ||
}); | ||
} | ||
|
||
async generateTwoFactorAuthSecret(user: User) { | ||
const secret = speakeasy.generateSecret(); | ||
const otpauthUrl = speakeasy.otpauthURL({ | ||
secret: secret.base32, | ||
encoding: 'base32', | ||
label: 'Transcendence', | ||
issuer: 'Transcendence', | ||
}); | ||
|
||
await this.usersService.setTwoFaSecret(user.id, secret.base32); | ||
|
||
return otpauthUrl; | ||
} | ||
|
||
async generateQrCode(res: Response, otpauthUrl: string) { | ||
return QRCode.toDataURL(otpauthUrl); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.