LibreChat

mirror of https://github.com/danny-avila/LibreChat.git synced 2026-03-15 20:26:33 +01:00

History

Danny Avila 71a3b48504 🔑 fix: Require OTP Verification for 2FA Re-Enrollment and Backup Code Regeneration (#12223 ) * fix: require OTP verification for 2FA re-enrollment and backup code regeneration * fix: require OTP verification for account deletion when 2FA is enabled * refactor: Improve code formatting and readability in TwoFactorController and UserController - Reformatted code in TwoFactorController and UserController for better readability by aligning parameters and breaking long lines. - Updated test cases in deleteUser.spec.js and TwoFactorController.spec.js to enhance clarity by formatting object parameters consistently. * refactor: Consolidate OTP and backup code verification logic in TwoFactorController and UserController - Introduced a new `verifyOTPOrBackupCode` function to streamline the verification process for TOTP tokens and backup codes across multiple controllers. - Updated the `enable2FA`, `disable2FA`, and `deleteUserController` methods to utilize the new verification function, enhancing code reusability and readability. - Adjusted related tests to reflect the changes in verification logic, ensuring consistent behavior across different scenarios. - Improved error handling and response messages for verification failures, providing clearer feedback to users. * chore: linting * refactor: Update BackupCodesItem component to enhance OTP verification logic - Consolidated OTP input handling by moving the 2FA verification UI logic to a more consistent location within the component. - Improved the state management for OTP readiness, ensuring the regenerate button is only enabled when the OTP is ready. - Cleaned up imports by removing redundant type imports, enhancing code clarity and maintainability. * chore: lint * fix: stage 2FA re-enrollment in pending fields to prevent disarmament window enable2FA now writes to pendingTotpSecret/pendingBackupCodes instead of overwriting the live fields. confirm2FA performs the atomic swap only after the new TOTP code is verified. If the user abandons mid-flow, their existing 2FA remains active and intact.		2026-03-14 01:51:31 -04:00
..
controllers	🔑 fix: Require OTP Verification for 2FA Re-Enrollment and Backup Code Regeneration (#12223 )	2026-03-14 01:51:31 -04:00
middleware	🚦 fix: Add Rate Limiting to Conversation Duplicate Endpoint (#12218 )	2026-03-13 23:40:44 -04:00
routes	🔑 fix: Require OTP Verification for 2FA Re-Enrollment and Backup Code Regeneration (#12223 )	2026-03-14 01:51:31 -04:00
services	🔑 fix: Require OTP Verification for 2FA Re-Enrollment and Backup Code Regeneration (#12223 )	2026-03-14 01:51:31 -04:00
utils	🚦 fix: Add Rate Limiting to Conversation Duplicate Endpoint (#12218 )	2026-03-13 23:40:44 -04:00
cleanup.js	🪣 fix: Prevent Memory Retention from AsyncLocalStorage Context Propagation (#11942 )	2026-02-25 17:41:23 -05:00
experimental.js	🚦 fix: 404 JSON Responses for Unmatched API Routes (#11976 )	2026-02-27 22:49:54 -05:00
index.js	🚦 fix: 404 JSON Responses for Unmatched API Routes (#11976 )	2026-02-27 22:49:54 -05:00
index.spec.js	🚦 fix: 404 JSON Responses for Unmatched API Routes (#11976 )	2026-02-27 22:49:54 -05:00
socialLogins.js	🔒 fix: Secure Cookie Localhost Bypass and OpenID Token Selection in AuthService (#11782 )	2026-02-13 10:35:51 -05:00