Skip to content

Commit 35938db

Browse files
committed
Added MFA to model and internal user
1 parent 69f7920 commit 35938db

File tree

2 files changed

+75
-0
lines changed

2 files changed

+75
-0
lines changed

backend/internal/user.js

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,8 @@ const authModel = require('../models/auth');
77
const gravatar = require('gravatar');
88
const internalToken = require('./token');
99
const internalAuditLog = require('./audit-log');
10+
const authenticator = require('authenticator');
11+
const qrcode = require('qrcode');
1012

1113
function omissions () {
1214
return ['is_deleted'];
@@ -507,6 +509,36 @@ const internalUser = {
507509
.then((user) => {
508510
return internalToken.getTokenFromUser(user);
509511
});
512+
},
513+
514+
createMFAKey: (access, data) => {
515+
return access.can('users:activate_mfa', data.id)
516+
.then(() => {
517+
return internalUser.get(access, {id: data.id});
518+
})
519+
.then((user) => {
520+
let secret = authenticator.generateKey();
521+
return userModel
522+
.query()
523+
.patchAndFetchById(user.id, { mfa_key: secret })
524+
.then(() => {
525+
let uri = authenticator.generateTotpUri(secret, user.email, 'NginxProxyManager');
526+
return qrcode.toDataURL(uri);
527+
})
528+
.then((qrCode) => {
529+
return { user, qrCode };
530+
});
531+
})
532+
.then(({ user, qrCode }) => {
533+
return internalAuditLog.add(access, {
534+
action: 'updated',
535+
object_type: 'user',
536+
object_id: user.id,
537+
meta: data
538+
539+
})
540+
.then(() => ({ user, qrCode }));
541+
});
510542
}
511543
};
512544

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
const migrate_name = 'identifier_for_migrate';
2+
const logger = require('../logger').migrate;
3+
4+
/**
5+
* Migrate
6+
*
7+
* @see http://knexjs.org/#Schema
8+
*
9+
* @param {Object} knex
10+
* @param {Promise} Promise
11+
* @returns {Promise}
12+
*/
13+
exports.up = function (knex/*, Promise*/) {
14+
15+
logger.info('[' + migrate_name + '] Migrating Up...');
16+
17+
return knex.schema.alterTable('user', (table) => {
18+
table.string('mfa_secret');
19+
})
20+
.then(() => {
21+
logger.info('[' + migrate_name + '] User Table altered');
22+
logger.info('[' + migrate_name + '] Migrating Up Complete');
23+
});
24+
};
25+
26+
/**
27+
* Undo Migrate
28+
*
29+
* @param {Object} knex
30+
* @param {Promise} Promise
31+
* @returns {Promise}
32+
*/
33+
exports.down = function (knex/*, Promise*/) {
34+
logger.info('[' + migrate_name + '] Migrating Down...');
35+
36+
return knex.schema.alterTable('user', (table) => {
37+
table.dropColumn('mfa_key');
38+
})
39+
.then(() => {
40+
logger.info('[' + migrate_name + '] User Table altered');
41+
logger.info('[' + migrate_name + '] Migrating Down Complete');
42+
});
43+
};

0 commit comments

Comments
 (0)