mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-03-15 12:16:33 +01:00
71a3b48504
* fix: require OTP verification for 2FA re-enrollment and backup code regeneration * fix: require OTP verification for account deletion when 2FA is enabled * refactor: Improve code formatting and readability in TwoFactorController and UserController - Reformatted code in TwoFactorController and UserController for better readability by aligning parameters and breaking long lines. - Updated test cases in deleteUser.spec.js and TwoFactorController.spec.js to enhance clarity by formatting object parameters consistently. * refactor: Consolidate OTP and backup code verification logic in TwoFactorController and UserController - Introduced a new `verifyOTPOrBackupCode` function to streamline the verification process for TOTP tokens and backup codes across multiple controllers. - Updated the `enable2FA`, `disable2FA`, and `deleteUserController` methods to utilize the new verification function, enhancing code reusability and readability. - Adjusted related tests to reflect the changes in verification logic, ensuring consistent behavior across different scenarios. - Improved error handling and response messages for verification failures, providing clearer feedback to users. * chore: linting * refactor: Update BackupCodesItem component to enhance OTP verification logic - Consolidated OTP input handling by moving the 2FA verification UI logic to a more consistent location within the component. - Improved the state management for OTP readiness, ensuring the regenerate button is only enabled when the OTP is ready. - Cleaned up imports by removing redundant type imports, enhancing code clarity and maintainability. * chore: lint * fix: stage 2FA re-enrollment in pending fields to prevent disarmament window enable2FA now writes to pendingTotpSecret/pendingBackupCodes instead of overwriting the live fields. confirm2FA performs the atomic swap only after the new TOTP code is verified. If the user abandons mid-flow, their existing 2FA remains active and intact.
75 lines
2.3 KiB
JavaScript
75 lines
2.3 KiB
JavaScript
const express = require('express');
|
|
const { createSetBalanceConfig } = require('@librechat/api');
|
|
const {
|
|
resetPasswordRequestController,
|
|
resetPasswordController,
|
|
registrationController,
|
|
graphTokenController,
|
|
refreshController,
|
|
} = require('~/server/controllers/AuthController');
|
|
const {
|
|
regenerateBackupCodes,
|
|
disable2FA,
|
|
confirm2FA,
|
|
enable2FA,
|
|
verify2FA,
|
|
} = require('~/server/controllers/TwoFactorController');
|
|
const { verify2FAWithTempToken } = require('~/server/controllers/auth/TwoFactorAuthController');
|
|
const { logoutController } = require('~/server/controllers/auth/LogoutController');
|
|
const { loginController } = require('~/server/controllers/auth/LoginController');
|
|
const { getAppConfig } = require('~/server/services/Config');
|
|
const middleware = require('~/server/middleware');
|
|
const { Balance } = require('~/db/models');
|
|
|
|
const setBalanceConfig = createSetBalanceConfig({
|
|
getAppConfig,
|
|
Balance,
|
|
});
|
|
|
|
const router = express.Router();
|
|
|
|
const ldapAuth = !!process.env.LDAP_URL && !!process.env.LDAP_USER_SEARCH_BASE;
|
|
//Local
|
|
router.post('/logout', middleware.requireJwtAuth, logoutController);
|
|
router.post(
|
|
'/login',
|
|
middleware.logHeaders,
|
|
middleware.loginLimiter,
|
|
middleware.checkBan,
|
|
ldapAuth ? middleware.requireLdapAuth : middleware.requireLocalAuth,
|
|
setBalanceConfig,
|
|
loginController,
|
|
);
|
|
router.post('/refresh', refreshController);
|
|
router.post(
|
|
'/register',
|
|
middleware.registerLimiter,
|
|
middleware.checkBan,
|
|
middleware.checkInviteUser,
|
|
middleware.validateRegistration,
|
|
registrationController,
|
|
);
|
|
router.post(
|
|
'/requestPasswordReset',
|
|
middleware.resetPasswordLimiter,
|
|
middleware.checkBan,
|
|
middleware.validatePasswordReset,
|
|
resetPasswordRequestController,
|
|
);
|
|
router.post(
|
|
'/resetPassword',
|
|
middleware.checkBan,
|
|
middleware.validatePasswordReset,
|
|
resetPasswordController,
|
|
);
|
|
|
|
router.post('/2fa/enable', middleware.requireJwtAuth, enable2FA);
|
|
router.post('/2fa/verify', middleware.requireJwtAuth, verify2FA);
|
|
router.post('/2fa/verify-temp', middleware.checkBan, verify2FAWithTempToken);
|
|
router.post('/2fa/confirm', middleware.requireJwtAuth, confirm2FA);
|
|
router.post('/2fa/disable', middleware.requireJwtAuth, disable2FA);
|
|
router.post('/2fa/backup/regenerate', middleware.requireJwtAuth, regenerateBackupCodes);
|
|
|
|
router.get('/graph-token', middleware.requireJwtAuth, graphTokenController);
|
|
|
|
module.exports = router;
|