mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-03-15 04:06:33 +01:00
71a3b48504
* fix: require OTP verification for 2FA re-enrollment and backup code regeneration * fix: require OTP verification for account deletion when 2FA is enabled * refactor: Improve code formatting and readability in TwoFactorController and UserController - Reformatted code in TwoFactorController and UserController for better readability by aligning parameters and breaking long lines. - Updated test cases in deleteUser.spec.js and TwoFactorController.spec.js to enhance clarity by formatting object parameters consistently. * refactor: Consolidate OTP and backup code verification logic in TwoFactorController and UserController - Introduced a new `verifyOTPOrBackupCode` function to streamline the verification process for TOTP tokens and backup codes across multiple controllers. - Updated the `enable2FA`, `disable2FA`, and `deleteUserController` methods to utilize the new verification function, enhancing code reusability and readability. - Adjusted related tests to reflect the changes in verification logic, ensuring consistent behavior across different scenarios. - Improved error handling and response messages for verification failures, providing clearer feedback to users. * chore: linting * refactor: Update BackupCodesItem component to enhance OTP verification logic - Consolidated OTP input handling by moving the 2FA verification UI logic to a more consistent location within the component. - Improved the state management for OTP readiness, ensuring the regenerate button is only enabled when the OTP is ready. - Cleaned up imports by removing redundant type imports, enhancing code clarity and maintainability. * chore: lint * fix: stage 2FA re-enrollment in pending fields to prevent disarmament window enable2FA now writes to pendingTotpSecret/pendingBackupCodes instead of overwriting the live fields. confirm2FA performs the atomic swap only after the new TOTP code is verified. If the user abandons mid-flow, their existing 2FA remains active and intact.
173 lines
3.2 KiB
TypeScript
173 lines
3.2 KiB
TypeScript
import { Schema } from 'mongoose';
|
|
import { SystemRoles } from 'librechat-data-provider';
|
|
import { IUser } from '~/types';
|
|
|
|
// Session sub-schema
|
|
const SessionSchema = new Schema(
|
|
{
|
|
refreshToken: {
|
|
type: String,
|
|
default: '',
|
|
},
|
|
},
|
|
{ _id: false },
|
|
);
|
|
|
|
// Backup code sub-schema
|
|
const BackupCodeSchema = new Schema(
|
|
{
|
|
codeHash: { type: String, required: true },
|
|
used: { type: Boolean, default: false },
|
|
usedAt: { type: Date, default: null },
|
|
},
|
|
{ _id: false },
|
|
);
|
|
|
|
const userSchema = new Schema<IUser>(
|
|
{
|
|
name: {
|
|
type: String,
|
|
},
|
|
username: {
|
|
type: String,
|
|
lowercase: true,
|
|
default: '',
|
|
},
|
|
email: {
|
|
type: String,
|
|
required: [true, "can't be blank"],
|
|
lowercase: true,
|
|
unique: true,
|
|
match: [/\S+@\S+\.\S+/, 'is invalid'],
|
|
index: true,
|
|
},
|
|
emailVerified: {
|
|
type: Boolean,
|
|
required: true,
|
|
default: false,
|
|
},
|
|
password: {
|
|
type: String,
|
|
trim: true,
|
|
minlength: 8,
|
|
maxlength: 128,
|
|
select: false,
|
|
},
|
|
avatar: {
|
|
type: String,
|
|
required: false,
|
|
},
|
|
provider: {
|
|
type: String,
|
|
required: true,
|
|
default: 'local',
|
|
},
|
|
role: {
|
|
type: String,
|
|
default: SystemRoles.USER,
|
|
},
|
|
googleId: {
|
|
type: String,
|
|
unique: true,
|
|
sparse: true,
|
|
},
|
|
facebookId: {
|
|
type: String,
|
|
unique: true,
|
|
sparse: true,
|
|
},
|
|
openidId: {
|
|
type: String,
|
|
unique: true,
|
|
sparse: true,
|
|
},
|
|
samlId: {
|
|
type: String,
|
|
unique: true,
|
|
sparse: true,
|
|
},
|
|
ldapId: {
|
|
type: String,
|
|
unique: true,
|
|
sparse: true,
|
|
},
|
|
githubId: {
|
|
type: String,
|
|
unique: true,
|
|
sparse: true,
|
|
},
|
|
discordId: {
|
|
type: String,
|
|
unique: true,
|
|
sparse: true,
|
|
},
|
|
appleId: {
|
|
type: String,
|
|
unique: true,
|
|
sparse: true,
|
|
},
|
|
plugins: {
|
|
type: Array,
|
|
},
|
|
twoFactorEnabled: {
|
|
type: Boolean,
|
|
default: false,
|
|
},
|
|
totpSecret: {
|
|
type: String,
|
|
select: false,
|
|
},
|
|
backupCodes: {
|
|
type: [BackupCodeSchema],
|
|
select: false,
|
|
},
|
|
pendingTotpSecret: {
|
|
type: String,
|
|
select: false,
|
|
},
|
|
pendingBackupCodes: {
|
|
type: [BackupCodeSchema],
|
|
select: false,
|
|
default: undefined,
|
|
},
|
|
refreshToken: {
|
|
type: [SessionSchema],
|
|
},
|
|
expiresAt: {
|
|
type: Date,
|
|
expires: 604800, // 7 days in seconds
|
|
},
|
|
termsAccepted: {
|
|
type: Boolean,
|
|
default: false,
|
|
},
|
|
personalization: {
|
|
type: {
|
|
memories: {
|
|
type: Boolean,
|
|
default: true,
|
|
},
|
|
},
|
|
default: {},
|
|
},
|
|
favorites: {
|
|
type: [
|
|
{
|
|
_id: false,
|
|
agentId: String, // for agent
|
|
model: String, // for model
|
|
endpoint: String, // for model
|
|
},
|
|
],
|
|
default: [],
|
|
},
|
|
/** Field for external source identification (for consistency with TPrincipal schema) */
|
|
idOnTheSource: {
|
|
type: String,
|
|
sparse: true,
|
|
},
|
|
},
|
|
{ timestamps: true },
|
|
);
|
|
|
|
export default userSchema;
|