From e8cfc90365d27dd388fc7ed19f4ce3feabf9faaa Mon Sep 17 00:00:00 2001
From: Kang Ming <kang.ming1996@gmail.com>
Date: Mon, 19 Sep 2022 10:50:00 +0800
Subject: [PATCH 1/2] refactor enroll

---
 api/mfa.go | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/api/mfa.go b/api/mfa.go
index d41e864d3..339d5b8b0 100644
--- a/api/mfa.go
+++ b/api/mfa.go
@@ -7,6 +7,8 @@ import (
 	"time"
 
 	"fmt"
+	"net/url"
+
 	"github.com/aaronarduino/goqrsvg"
 	svg "github.com/ajstarks/svgo"
 	"github.com/boombuler/barcode/qr"
@@ -15,7 +17,6 @@ import (
 	"github.com/netlify/gotrue/models"
 	"github.com/netlify/gotrue/storage"
 	"github.com/pquerna/otp/totp"
-	"net/url"
 )
 
 type EnrollFactorParams struct {
@@ -86,11 +87,11 @@ func (a *API) EnrollFactor(w http.ResponseWriter, r *http.Request) error {
 	// Read from DB for certainty
 	factors, err := models.FindVerifiedFactorsByUser(a.db, user)
 	if err != nil {
-		return internalServerError("Error validating number of factors in system")
+		return internalServerError("error validating number of factors in system").WithInternalError(err)
 	}
 	// Remove this at v2
 	if len(factors) >= 1 {
-		return forbiddenError("Only one factor can be enrolled at a time, please unenroll to continue")
+		return forbiddenError("only one factor can be enrolled at a time, please unenroll to continue")
 	}
 
 	key, err := totp.Generate(totp.GenerateOpts{
@@ -98,22 +99,21 @@ func (a *API) EnrollFactor(w http.ResponseWriter, r *http.Request) error {
 		AccountName: user.GetEmail(),
 	})
 	if err != nil {
-		return internalServerError("Error generating QR Code secret key").WithInternalError(err)
+		return internalServerError("error generating QR Code secret key").WithInternalError(err)
 	}
 	var buf bytes.Buffer
 	s := svg.New(&buf)
 	qrCode, _ := qr.Encode(key.String(), qr.M, qr.Auto)
 	qs := goqrsvg.NewQrSVG(qrCode, DefaultQRSize)
 	qs.StartQrSVG(s)
-	err = qs.WriteQrSVG(s)
-	if err != nil {
-		return internalServerError("Error writing to QR Code").WithInternalError(err)
+	if err = qs.WriteQrSVG(s); err != nil {
+		return internalServerError("error writing to QR Code").WithInternalError(err)
 	}
 	s.End()
 
 	factor, terr := models.NewFactor(user, params.FriendlyName, params.FactorType, models.FactorUnverifiedState, key.Secret())
 	if terr != nil {
-		return internalServerError("Database error creating factor").WithInternalError(err)
+		return internalServerError("database error creating factor").WithInternalError(err)
 	}
 	terr = a.db.Transaction(func(tx *storage.Connection) error {
 		if terr = tx.Create(factor); terr != nil {

From b92b2fe28a63a06ab21027beb9402488660b977d Mon Sep 17 00:00:00 2001
From: Kang Ming <kang.ming1996@gmail.com>
Date: Mon, 19 Sep 2022 11:10:11 +0800
Subject: [PATCH 2/2] fix: omit user, user_id & empty friendly_name from
 response

---
 models/factor.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/models/factor.go b/models/factor.go
index 172accb04..33fee9160 100644
--- a/models/factor.go
+++ b/models/factor.go
@@ -2,10 +2,11 @@ package models
 
 import (
 	"database/sql"
+	"time"
+
 	"github.com/gofrs/uuid"
 	"github.com/netlify/gotrue/storage"
 	"github.com/pkg/errors"
-	"time"
 )
 
 const FactorUnverifiedState = "unverified"
@@ -16,12 +17,12 @@ const Webauthn = "webauthn"
 
 type Factor struct {
 	ID           uuid.UUID `json:"id" db:"id"`
-	User         User      `belongs_to:"user"`
-	UserID       uuid.UUID `json:"user_id" db:"user_id"`
+	User         User      `json:"-" belongs_to:"user"`
+	UserID       uuid.UUID `json:"-" db:"user_id"`
 	CreatedAt    time.Time `json:"created_at" db:"created_at"`
 	UpdatedAt    time.Time `json:"updated_at" db:"updated_at"`
 	Status       string    `json:"status" db:"status"`
-	FriendlyName string    `json:"friendly_name" db:"friendly_name"`
+	FriendlyName string    `json:"friendly_name,omitempty" db:"friendly_name"`
 	TOTPSecret   string    `json:"-" db:"totp_secret"`
 	FactorType   string    `json:"factor_type" db:"factor_type"`
 }