mirror of
https://github.com/directus/directus.git
synced 2026-04-25 03:00:53 -04:00
ca3e7f521f
* Typecheck across packages that are built with esbuild * Boilerplate new Errors package * No need, tsup checks with --dts * Switch to tsup * Setup dev script * Add readme * More boilerplaty things * Finish createError function * Install @directus/random * Downgrade node types * Add utility function to check if an error is a DirectusError * Use new is-error check * Install errors package * Add failed validation common error * Export common errors * Move joi convertion to utils * Export failed validation * Use new failed validation error in validate-batch * Enhance typing output of createError * Remove outdir (handled by tsup now) * Replace Exception with Error * Replace exception in test * Remove exceptions from app * Remove exceptions from app * Remove failed validation exception from users service * Remove old failed validation exception from shared * Remove exceptions package in favor of errors * Uninstall exceptions * Replace baseexception check * Migrate content too large error * Critical detail * Replace ForbiddenException * WIP remove exceptions * Add ForbiddenError to errors * HitRateLimitError * Move validation related error/helper to new validation package * Add index * Add docs * Install random * Convert TokenExpired * Convert user-suspended * Convert invalid-credentials * Move UnsupportedMediaType * Replace wrong imports for forbidden * Convert invalid-ip * Move invalid provider * Move InvalidOtp * Convert InvalidToken * Move MethodNotAllowed * Convert range not satisfiable * Move unexpect response * Move UnprocessableContent * Move IllegalAssetTransformation * Move RouteNotFound * Finalize not found * Various db errors * Move value too long * Move not null * Move record-not-unique * Move value out of range * Finish db errors * Service unavailable * GQL errors * Update packages/validation/src/errors/failed-validation.ts Co-authored-by: Azri Kahar <42867097+azrikahar@users.noreply.github.com> * Update packages/validation/src/errors/failed-validation.ts Co-authored-by: Azri Kahar <42867097+azrikahar@users.noreply.github.com> * InvalidQuery * Add test for invalid query message constructor * Invalid Payload * Finalize exceptions move * Improve type of isDirectusError * Various fixes * Fix build in api * Update websocket exceptions use * Allow optional reason for invalid config * Update errors usage in utils * Remove unused package from errors * Update lockfile * Update api/src/auth/drivers/ldap.ts Co-authored-by: Azri Kahar <42867097+azrikahar@users.noreply.github.com> * Update packages/validation/src/utils/joi-to-error-extensions.ts Co-authored-by: Azri Kahar <42867097+azrikahar@users.noreply.github.com> * Put error codes in shared enum * Replace instanceof checks in api * Fix tests I think * Tweak override names * Fix linter warnings * Set snapshots * Start fixing BB tests * Fix blackbox tests * Add changeset * Update changeset * Update extension docs to use new createError abstraction * 🙄 * Fix graphql validation error name * 🥳 * use ErrorCode.Forbidden * fix blackbox auth login test * Add license files * Rename preMutationException to preMutationError * Remove unused ms dep & sort package.json * Remove periods from error messages for consistency Co-authored-by: Azri Kahar <42867097+azrikahar@users.noreply.github.com> * Add optional code check * Use updated error code checker * Rename InvalidConfigError to InvalidProviderConfigError --------- Co-authored-by: Azri Kahar <42867097+azrikahar@users.noreply.github.com> Co-authored-by: Pascal Jufer <pascal-jufer@bluewin.ch> Co-authored-by: ian <licitdev@gmail.com>
69 lines
2.2 KiB
TypeScript
69 lines
2.2 KiB
TypeScript
import type { Knex } from 'knex';
|
|
import { authenticator } from 'otplib';
|
|
import getDatabase from '../database/index.js';
|
|
import { InvalidPayloadError } from '../errors/index.js';
|
|
import type { AbstractServiceOptions, PrimaryKey } from '../types/index.js';
|
|
import { ItemsService } from './items.js';
|
|
|
|
export class TFAService {
|
|
knex: Knex;
|
|
itemsService: ItemsService;
|
|
|
|
constructor(options: AbstractServiceOptions) {
|
|
this.knex = options.knex || getDatabase();
|
|
this.itemsService = new ItemsService('directus_users', options);
|
|
}
|
|
|
|
async verifyOTP(key: PrimaryKey, otp: string, secret?: string): Promise<boolean> {
|
|
if (secret) {
|
|
return authenticator.check(otp, secret);
|
|
}
|
|
|
|
const user = await this.knex.select('tfa_secret').from('directus_users').where({ id: key }).first();
|
|
|
|
if (!user?.tfa_secret) {
|
|
throw new InvalidPayloadError({ reason: `User "${key}" doesn't have TFA enabled` });
|
|
}
|
|
|
|
return authenticator.check(otp, user.tfa_secret);
|
|
}
|
|
|
|
async generateTFA(key: PrimaryKey): Promise<Record<string, string>> {
|
|
const user = await this.knex.select('email', 'tfa_secret').from('directus_users').where({ id: key }).first();
|
|
|
|
if (user?.tfa_secret !== null) {
|
|
throw new InvalidPayloadError({ reason: 'TFA Secret is already set for this user' });
|
|
}
|
|
|
|
if (!user?.email) {
|
|
throw new InvalidPayloadError({ reason: 'User must have a valid email to enable TFA' });
|
|
}
|
|
|
|
const secret = authenticator.generateSecret();
|
|
const project = await this.knex.select('project_name').from('directus_settings').limit(1).first();
|
|
|
|
return {
|
|
secret,
|
|
url: authenticator.keyuri(user.email, project?.project_name || 'Directus', secret),
|
|
};
|
|
}
|
|
|
|
async enableTFA(key: PrimaryKey, otp: string, secret: string): Promise<void> {
|
|
const user = await this.knex.select('tfa_secret').from('directus_users').where({ id: key }).first();
|
|
|
|
if (user?.tfa_secret !== null) {
|
|
throw new InvalidPayloadError({ reason: 'TFA Secret is already set for this user' });
|
|
}
|
|
|
|
if (!authenticator.check(otp, secret)) {
|
|
throw new InvalidPayloadError({ reason: `"otp" is invalid` });
|
|
}
|
|
|
|
await this.itemsService.updateOne(key, { tfa_secret: secret });
|
|
}
|
|
|
|
async disableTFA(key: PrimaryKey): Promise<void> {
|
|
await this.itemsService.updateOne(key, { tfa_secret: null });
|
|
}
|
|
}
|