From d396d5b58a2be0efa307e0e656efb40fa12c024d Mon Sep 17 00:00:00 2001 From: vnugent Date: Sun, 21 Jan 2024 16:45:46 -0500 Subject: optional origin check, make config public, and create bundle package --- .../src/Endpoints/PasswordResetEndpoint.cs | 38 ++++++++++------------ 1 file changed, 18 insertions(+), 20 deletions(-) (limited to 'plugins/VNLib.Plugins.Essentials.Accounts/src/Endpoints/PasswordResetEndpoint.cs') diff --git a/plugins/VNLib.Plugins.Essentials.Accounts/src/Endpoints/PasswordResetEndpoint.cs b/plugins/VNLib.Plugins.Essentials.Accounts/src/Endpoints/PasswordResetEndpoint.cs index 33c72a7..60c99e3 100644 --- a/plugins/VNLib.Plugins.Essentials.Accounts/src/Endpoints/PasswordResetEndpoint.cs +++ b/plugins/VNLib.Plugins.Essentials.Accounts/src/Endpoints/PasswordResetEndpoint.cs @@ -1,5 +1,5 @@ /* -* Copyright (c) 2023 Vaughn Nugent +* Copyright (c) 2024 Vaughn Nugent * * Library: VNLib * Package: VNLib.Plugins.Essentials.Accounts @@ -60,7 +60,7 @@ namespace VNLib.Plugins.Essentials.Accounts.Endpoints internal sealed class PasswordChangeEndpoint : ProtectedWebEndpoint { private readonly IUserManager Users; - private readonly MFAConfig? mFAConfig; + private readonly MFAConfig mFAConfig; private readonly IValidator ResetMessValidator; public PasswordChangeEndpoint(PluginBase pbase, IConfigScope config) @@ -87,7 +87,7 @@ namespace VNLib.Plugins.Essentials.Accounts.Endpoints .NotEmpty() .NotEqual(static pm => pm.Current) .WithMessage("Your new password may not equal your new current password") - .SetValidator(AccountValidations.PasswordValidator!); + .SetValidator(AccountValidations.PasswordValidator); return rules; } @@ -134,29 +134,27 @@ namespace VNLib.Plugins.Essentials.Accounts.Endpoints } //Check if totp is enabled - if (user.MFATotpEnabled()) + if (mFAConfig.TOTPEnabled && user.MFATotpEnabled()) { - if(mFAConfig != null) + //TOTP code is required + if (webm.Assert(pwReset.TotpCode.HasValue, "TOTP is enabled on this user account, you must enter your TOTP code.")) { - //TOTP code is required - if(webm.Assert(pwReset.TotpCode.HasValue, "TOTP is enabled on this user account, you must enter your TOTP code.")) - { - return VirtualOk(entity, webm); - } - - //Veriy totp code - bool verified = mFAConfig.VerifyTOTP(user, pwReset.TotpCode.Value); - - if (webm.Assert(verified, "Please check your TOTP code and try again")) - { - return VirtualOk(entity, webm); - } + return VirtualOk(entity, webm); } + + //Veriy totp code + bool verified = mFAConfig.VerifyTOTP(user, pwReset.TotpCode.Value); + + if (webm.Assert(verified, "Please check your TOTP code and try again")) + { + return VirtualOk(entity, webm); + } + //continue } //Update the user's password - if (!await Users.UpdatePasswordAsync(user, pwReset.NewPassword!, entity.EventCancellation)) + if (await Users.UpdatePasswordAsync(user, pwReset.NewPassword!, entity.EventCancellation) == 1) { //error webm.Result = "Your password could not be updated"; @@ -164,7 +162,7 @@ namespace VNLib.Plugins.Essentials.Accounts.Endpoints } //Publish to user database - await user.ReleaseAsync(); + await user.ReleaseAsync(entity.EventCancellation); //delete the user's MFA entry so they can re-enable it webm.Result = "Your password has been updated"; -- cgit