rmorawski/standardnotes-app-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: Add serverPassword param to endpoints (#2919) [skip e2e]

Browse Source 
* chore: send server password param to delete account endpoint

* chore: send server password param to disable mfa endpoint

* chore: modify tests

* chore: force challenge prompt for mfa disable

* chore: fix eslint errors

* chore: add server passsword to get recovery codes

* chore: fix tests

* chore: pass server password as header
This commit is contained in:
Antonella Sgarlatta
2025-08-26 09:04:03 -03:00
committed by GitHub
parent cf4d2196de
commit 54af28aa04
29 changed files with 298 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
packages/snjs/lib/Services/Mfa/MfaService.ts
View File

@@ -6,9 +6,12 @@ import {
InternalEventBusInterface,
MfaServiceInterface,
ProtectionsClientInterface,
EncryptionService,
SignInStrings,
ChallengeValidation,
} from '@standardnotes/services'
import { SettingName } from '@standardnotes/domain-core'
import { SNRootKeyParams } from '@standardnotes/encryption'
export class MfaService extends AbstractService implements MfaServiceInterface {
constructor(
@@ -16,6 +19,7 @@ export class MfaService extends AbstractService implements MfaServiceInterface {
private crypto: PureCryptoInterface,
private featuresService: FeaturesService,
private protections: ProtectionsClientInterface,
private encryption: EncryptionService,
protected override internalEventBus: InternalEventBusInterface,
) {
super(internalEventBus)
@@ -55,11 +59,23 @@ export class MfaService extends AbstractService implements MfaServiceInterface {
}
async disableMfa(): Promise<void> {
if (!(await this.protections.authorizeMfaDisable())) {
const { success, challengeResponse } = await this.protections.authorizeMfaDisable()
if (!success) {
return
}
return await this.settingsService.deleteSetting(SettingName.create(SettingName.NAMES.MfaSecret).getValue())
const password = challengeResponse?.getValueForType(ChallengeValidation.AccountPassword).value as string
const currentRootKey = await this.encryption.computeRootKey(
password,
this.encryption.getRootKeyParams() as SNRootKeyParams,
)
const serverPassword = currentRootKey.serverPassword
return await this.settingsService.deleteSetting(
SettingName.create(SettingName.NAMES.MfaSecret).getValue(),
serverPassword,
)
}
override deinit(): void {