-
Notifications
You must be signed in to change notification settings - Fork 13.5k
Expand file tree
/
Copy pathloginHandler.ts
More file actions
110 lines (90 loc) · 2.58 KB
/
loginHandler.ts
File metadata and controls
110 lines (90 loc) · 2.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
import { Accounts } from 'meteor/accounts-base';
import { check } from 'meteor/check';
import { Meteor } from 'meteor/meteor';
import { OAuth } from 'meteor/oauth';
import { checkCodeForUser } from './code/index';
import { callbacks } from '../../../server/lib/callbacks';
const isMeteorError = (error: any): error is Meteor.Error => {
return error?.meteorError !== undefined;
};
const isCredentialWithError = (credential: any): credential is { error: Error } => {
return credential?.error !== undefined;
};
Accounts.registerLoginHandler('totp', function (options) {
if (!options.totp?.code) {
return;
}
// @ts-expect-error - not sure how to type this yet
return Accounts._runLoginHandlers(this, options.totp.login);
});
callbacks.add(
'onValidateLogin',
async (login) => {
if (
!login.user ||
login.type === 'resume' ||
login.type === 'proxy' ||
login.type === 'cas' ||
(login.type === 'password' && login.methodName === 'resetPassword') ||
login.methodName === 'verifyEmail'
) {
return login;
}
const [loginArgs] = login.methodArguments;
const { totp } = loginArgs;
await checkCodeForUser({
user: login.user,
code: totp?.code,
options: { disablePasswordFallback: true },
});
return login;
},
callbacks.priority.MEDIUM,
'2fa',
);
const copyTo = <T extends Error>(from: T, to: T): T => {
Object.getOwnPropertyNames(to).forEach((key) => {
const idx: keyof T = key as keyof T;
to[idx] = from[idx];
});
return to;
};
const recreateError = (errorDoc: Error | Meteor.Error): Error | Meteor.Error => {
if (isMeteorError(errorDoc)) {
const error = new Meteor.Error('');
return copyTo(errorDoc, error);
}
const error = new Error();
return copyTo(errorDoc, error);
};
OAuth._retrievePendingCredential = async function (key, ...args): Promise<string | Error | void> {
const credentialSecret = args.length > 0 && args[0] !== undefined ? args[0] : undefined;
check(key, String);
const pendingCredential = await OAuth._pendingCredentials.findOneAsync({
key,
credentialSecret,
});
if (!pendingCredential) {
return;
}
if (isCredentialWithError(pendingCredential.credential)) {
await OAuth._pendingCredentials.removeAsync({
_id: pendingCredential._id,
});
return recreateError(pendingCredential.credential.error);
}
// Work-around to make the credentials reusable for 2FA
const future = new Date();
future.setMinutes(future.getMinutes() + 2);
await OAuth._pendingCredentials.updateAsync(
{
_id: pendingCredential._id,
},
{
$set: {
createdAt: future,
},
},
);
return OAuth.openSecret(pendingCredential.credential);
};