More preparations for 2 factor authentication

src/api/middlewares/user.ts

@@ -21,11 +21,11 @@ export function GetUserMiddleware(json = false, special_token: boolean = false,
       }
       try {
          let { login, special } = req.cookies
-
          if (!login) invalid()
 
          let token = await LoginToken.findOne({ token: login, valid: true })
          if (!token) invalid()
+         if (!token.validated) invalid();
 
          let user = await User.findById(token.user);
          if (!user) {
@@ -43,7 +43,7 @@ export function GetUserMiddleware(json = false, special_token: boolean = false,
          if (special) {
             Logging.debug("Special found")
             let st = await LoginToken.findOne({ token: special, special: true, valid: true })
-            if (st && st.valid && st.user.toHexString() === token.user.toHexString()) {
+            if (st && st.validated && st.valid && st.user.toHexString() === token.user.toHexString()) {
                if (st.validTill.getTime() < new Date().getTime()) { //Token expired
                   Logging.debug("Special expired")
                   st.valid = false;

src/api/user/login.ts

@@ -1,5 +1,5 @@
 import { Request, Response } from "express"
-import User, { IUser } from "../../models/user";
+import User, { IUser, TokenTypes } from "../../models/user";
 import { randomBytes } from "crypto";
 import moment = require("moment");
 import LoginToken from "../../models/login_token";
@@ -19,14 +19,16 @@ const Login = promiseMiddleware(async (req: Request, res: Response) => {
       return;
    }
 
-   const sendToken = async (user: IUser) => {
+   const sendToken = async (user: IUser, tfa?: TokenTypes[]) => {
       let token_str = randomBytes(16).toString("hex");
+      let tfa_exp = moment().add(5, "minutes").toDate()
       let token_exp = moment().add(6, "months").toDate()
       let token = LoginToken.new({
          token: token_str,
          valid: true,
-         validTill: token_exp,
-         user: user._id
+         validTill: tfa ? tfa_exp : token_exp,
+         user: user._id,
+         validated: tfa ? false : true
       });
       await LoginToken.save(token);
 
@@ -35,15 +37,17 @@ const Login = promiseMiddleware(async (req: Request, res: Response) => {
       let special = LoginToken.new({
          token: special_str,
          valid: true,
-         validTill: special_exp,
+         validTill: tfa ? tfa_exp : special_exp,
          special: true,
-         user: user._id
+         user: user._id,
+         validated: tfa ? false : true
       });
       await LoginToken.save(special);
 
       res.json({
-         login: { token: token_str, expires: token_exp.toUTCString() },
-         special: { token: special_str, expires: special_exp.toUTCString() }
+         login: { token: token_str, expires: token.validTill.toUTCString() },
+         special: { token: special_str, expires: special.validTill.toUTCString() },
+         tfa
       });
    }
 
@@ -61,12 +65,8 @@ const Login = promiseMiddleware(async (req: Request, res: Response) => {
 
             } else {
                if (user.twofactor && user.twofactor.length > 0) {
-                  let types = user.twofactor.map(f => {
-                     return { type: f.type };
-                  })
-                  res.json({
-                     types: types
-                  });
+                  let types = user.twofactor.filter(f => f.valid).map(f => f.type)
+                  await sendToken(user, types);
                } else {
                   await sendToken(user);
                }

src/config.ts

@@ -1,11 +1,6 @@
 export interface DatabaseConfig {
    host: string
    database: string
-   dialect: "sqlite" | "mysql" | "postgres" | "mssql"
-   username: string
-   password: string
-   storage: string
-   benchmark: "true" | "false" | undefined
 }
 
 export interface WebConfig {
@@ -37,7 +32,7 @@ import { Logging } from "@hibas123/nodelogging";
 dotenv.config();
 
 const config: Config = ini.parse(readFileSync("./config.ini").toString())
-
+if (config.dev) config.dev = Boolean(config.dev);
 if (process.env.DEV === "true") {
    config.dev = true;
    Logging.warning("DEV mode active. This can cause major performance issues, data loss and vulnerabilities! ")

src/database.ts

@@ -1,3 +1,11 @@
 import SafeMongo from "@hibas123/safe_mongo";
-const DB = new SafeMongo("mongodb://localhost", "openauth");
+import Config from "./config"
+let dbname = "openauth"
+let host = "localhost"
+if (Config.database) {
+   if (Config.database.database) dbname = Config.database.database;
+   if (Config.database.host) host = Config.database.host;
+}
+if (Config.dev) dbname += "_dev";
+const DB = new SafeMongo("mongodb://" + host, dbname);
 export default DB;

src/models/login_token.ts

@@ -8,6 +8,7 @@ export interface ILoginToken extends ModelDataBase {
    user: ObjectID;
    validTill: Date;
    valid: boolean;
+   validated: boolean;
 }
 const LoginToken = DB.addModel<ILoginToken>({
    name: "login_token",
@@ -20,6 +21,16 @@ const LoginToken = DB.addModel<ILoginToken>({
          validTill: { type: Date },
          valid: { type: Boolean }
       }
+   }, {
+      migration: (doc: ILoginToken) => { doc.validated = true; },
+      schema: {
+         token: { type: String },
+         special: { type: Boolean, default: () => false },
+         user: { type: ObjectID },
+         validTill: { type: Date },
+         valid: { type: Boolean },
+         validated: { type: Boolean, default: false }
+      }
    }]
 })
 

src/web.ts

@@ -9,7 +9,6 @@ import * as cookieparser from "cookie-parser"
 
 import * as i18n from "i18n"
 import * as compression from "compression";
-import { BADHINTS } from "dns";
 import ApiRouter from "./api/api";
 import ViewRouter from "./views/views";
 import RequestError, { HttpStatusCode } from "./helper/request_error";