Require a otp to disable 2fa

2025-06-22 02:18:26 +00:00 · 2021-09-22 23:06:59 +02:00
parent bbfc5b56d8
commit e31107eb49
7 changed files with 84 additions and 41 deletions
--- a/modules/restserver/src/main/scala/docspell/restserver/conv/Conversions.scala
+++ b/modules/restserver/src/main/scala/docspell/restserver/conv/Conversions.scala
@ -695,7 +695,7 @@ trait Conversions {
      case UpdateResult.Success  => BasicResult(true, successMsg)
      case UpdateResult.NotFound => BasicResult(false, "Not found")
      case UpdateResult.Failure(ex) =>
-        BasicResult(false, s"Internal error: ${ex.getMessage}")
+        BasicResult(false, s"Error: ${ex.getMessage}")
    }

  def basicResult(ur: OUpload.UploadResult): BasicResult =
--- a/modules/restserver/src/main/scala/docspell/restserver/routes/TotpRoutes.scala
+++ b/modules/restserver/src/main/scala/docspell/restserver/routes/TotpRoutes.scala
@ -68,9 +68,13 @@ object TotpRoutes {
          }
        } yield resp

-      case POST -> Root / "disable" =>
+      case req @ POST -> Root / "disable" =>
        for {
-          result <- backend.totp.disable(user.account)
+          data <- req.as[OtpConfirm]
+          result <- backend.totp.disable(
+            user.account,
+            OnetimePassword(data.otp.pass).some
+          )
          resp <- Ok(Conversions.basicResult(result, "TOTP setup disabled."))
        } yield resp
    }
@ -83,7 +87,7 @@ object TotpRoutes {
    HttpRoutes.of { case req @ POST -> Root / "resetOTP" =>
      for {
        data <- req.as[ResetPassword]
-        result <- backend.totp.disable(data.account)
+        result <- backend.totp.disable(data.account, None)
        resp <- Ok(Conversions.basicResult(result, "TOTP setup disabled."))
      } yield resp
    }