fix: change invalid backup code status

Bekacru · Bekacru · commit f691d5ee867f · 2024-11-09T00:58:05.000+03:00
diff --git a/packages/better-auth/src/plugins/two-factor/backup-codes/index.ts b/packages/better-auth/src/plugins/two-factor/backup-codes/index.ts
@@ -132,7 +132,7 @@ export const backupCode2fa = (
 						ctx.context.secret,
 					);
 					if (!validate.status) {
-						throw new APIError("BAD_REQUEST", {
+						throw new APIError("UNAUTHORIZED", {
 							message: "Invalid backup code",
 						});
 					}
diff --git a/packages/better-auth/src/plugins/two-factor/two-factor.test.ts b/packages/better-auth/src/plugins/two-factor/two-factor.test.ts
@@ -218,6 +218,21 @@ describe("two factor", async () => {
 		});
 		expect(currentBackupCodes.backupCodes).toBeDefined();
 		expect(currentBackupCodes.backupCodes).not.toContain(backupCode);
+
+		const res = await client.twoFactor.verifyBackupCode({
+			code: "invalid-code",
+			fetchOptions: {
+				headers,
+				onSuccess(context) {
+					const parsed = parseSetCookieHeader(
+						context.response.headers.get("Set-Cookie") || "",
+					);
+					const token = parsed.get("better-auth.session_token")?.value;
+					expect(token?.length).toBeGreaterThan(0);
+				},
+			},
+		});
+		expect(res.error?.message).toBe("Invalid backup code");
 	});
 
 	it("should trust device", async () => {

Original file line number	Diff line number	Diff line change
`@@ -132,7 +132,7 @@ export const backupCode2fa = (`
`132`	`132`	`ctx.context.secret,`
`133`	`133`	`);`
`134`	`134`	`if (!validate.status) {`
`135`		`- throw new APIError("BAD_REQUEST", {`
	`135`	`+ throw new APIError("UNAUTHORIZED", {`
`136`	`136`	`message: "Invalid backup code",`
`137`	`137`	`});`
`138`	`138`	`}`