login by password or totp

2025-05-05 14:21:13 +02:00 · 2025-05-05 14:21:13 +02:00 · be22c78372
commit be22c78372
parent a476bf6823
3 changed files with 39 additions and 12 deletions
--- a/src/controller/authController.ts
+++ b/src/controller/authController.ts
@ -8,6 +8,25 @@ import UserService from "../service/management/userService";
 import speakeasy from "speakeasy";
 import UnauthorizedRequestException from "../exceptions/unauthorizedRequestException";
 import RefreshService from "../service/refreshService";
+import { LoginRoutineEnum } from "../enums/loginRoutineEnum";
+
+/**
+ * @description Check authentication status by token
+ * @param req {Request} Express req object
+ * @param res {Response} Express res object
+ * @returns {Promise<*>}
+ */
+export async function kickof(req: Request, res: Response): Promise<any> {
+  let username = req.body.username;
+
+  let { routine } = await UserService.getByUsername(username).catch(() => {
+    throw new UnauthorizedRequestException("Username not found");
+  });
+
+  res.json({
+    routine,
+  });
+}

 /**
 * @description Check authentication status by token
@ -17,20 +36,25 @@ import RefreshService from "../service/refreshService";
 */
 export async function login(req: Request, res: Response): Promise<any> {
  let username = req.body.username;
-  let totp = req.body.totp;
+  let passedSecret = req.body.secret;

-  // TODO: change to first routine and later login password/totp
-  let { id, secret } = await UserService.getByUsername(username);
+  let { id } = await UserService.getByUsername(username);
+  let { secret, routine } = await UserService.getUserSecretAndRoutine(id);

-  let valid = speakeasy.totp.verify({
-    secret: secret,
-    encoding: "base32",
-    token: totp,
-    window: 2,
-  });
+  let valid = false;
+  if (routine == LoginRoutineEnum.totp) {
+    valid = speakeasy.totp.verify({
+      secret: secret,
+      encoding: "base32",
+      token: passedSecret,
+      window: 2,
+    });
+  } else {
+    valid = passedSecret == secret;
+  }

  if (!valid) {
-    throw new UnauthorizedRequestException("Token not valid or expired");
+    throw new UnauthorizedRequestException("Credentials not valid or expired");
  }

  let accessToken = await JWTHelper.buildToken(id);
--- a/src/routes/auth.ts
+++ b/src/routes/auth.ts
@ -1,8 +1,12 @@
 import express from "express";
-import { login, logout, refresh } from "../controller/authController";
+import { kickof, login, logout, refresh } from "../controller/authController";

 var router = express.Router({ mergeParams: true });

+router.post("/kickof", async (req, res) => {
+  await kickof(req, res);
+});
+
 router.post("/login", async (req, res) => {
  await login(req, res);
 });
--- a/src/service/management/userService.ts
+++ b/src/service/management/userService.ts
@ -136,7 +136,6 @@ export default abstract class UserService {
   * @returns {Promise<user>}
   */
  static async getUserSecretAndRoutine(userId: string): Promise<user> {
-    //TODO: not working yet
    return await dataSource
      .getRepository(user)
      .createQueryBuilder("user")