🔐 fix: Invalid Key Length in 2FA Encryption (#6432)

* 🚀 feat: Implement v3 encryption and decryption methods for TOTP secrets * 🚀 feat: Refactor Two-Factor Authentication methods and enhance 2FA verification process * 🚀 feat: Update encryption methods to use hex decoding for legacy keys and improve error handling for AES-256-CTR * 🚀 feat: Update import paths in TwoFactorController for consistency and clarity
2025-12-17 17:00:15 +01:00 · 2025-03-20 21:46:11 +01:00 · 2025-03-20 21:46:11 +01:00 · e768a07738
commit e768a07738
parent 692fba51d8
5 changed files with 192 additions and 179 deletions
--- a/api/server/routes/auth.js
+++ b/api/server/routes/auth.js
@ -7,12 +7,13 @@ const {
 } = require('~/server/controllers/AuthController');
 const { loginController } = require('~/server/controllers/auth/LoginController');
 const { logoutController } = require('~/server/controllers/auth/LogoutController');
-const { verify2FA } = require('~/server/controllers/auth/TwoFactorAuthController');
+const { verify2FAWithTempToken } = require('~/server/controllers/auth/TwoFactorAuthController');
 const {
-  enable2FAController,
-  verify2FAController,
-  disable2FAController,
-  regenerateBackupCodesController, confirm2FAController,
+  enable2FA,
+  verify2FA,
+  disable2FA,
+  regenerateBackupCodes,
+  confirm2FA,
 } = require('~/server/controllers/TwoFactorController');
 const {
  checkBan,
@ -57,11 +58,11 @@ router.post(
 );
 router.post('/resetPassword', checkBan, validatePasswordReset, resetPasswordController);

-router.get('/2fa/enable', requireJwtAuth, enable2FAController);
-router.post('/2fa/verify', requireJwtAuth, verify2FAController);
-router.post('/2fa/verify-temp', checkBan, verify2FA);
-router.post('/2fa/confirm', requireJwtAuth, confirm2FAController);
-router.post('/2fa/disable', requireJwtAuth, disable2FAController);
-router.post('/2fa/backup/regenerate', requireJwtAuth, regenerateBackupCodesController);
+router.get('/2fa/enable', requireJwtAuth, enable2FA);
+router.post('/2fa/verify', requireJwtAuth, verify2FA);
+router.post('/2fa/verify-temp', checkBan, verify2FAWithTempToken);
+router.post('/2fa/confirm', requireJwtAuth, confirm2FA);
+router.post('/2fa/disable', requireJwtAuth, disable2FA);
+router.post('/2fa/backup/regenerate', requireJwtAuth, regenerateBackupCodes);

 module.exports = router;