calcom/apps/web/pages/api/auth/two-factor/totp/disable.ts

import { NextApiRequest, NextApiResponse } from "next";

import { ErrorCode, getSession, verifyPassword } from "@lib/auth";
import prisma from "@lib/prisma";

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  if (req.method !== "POST") {
    return res.status(405).json({ message: "Method not allowed" });
  }

  const session = await getSession({ req });
  if (!session) {
    return res.status(401).json({ message: "Not authenticated" });
  }

  if (!session.user?.id) {
    console.error("Session is missing a user id.");
    return res.status(500).json({ error: ErrorCode.InternalServerError });
  }

  const user = await prisma.user.findUnique({ where: { id: session.user.id } });
  if (!user) {
    console.error(`Session references user that no longer exists.`);
    return res.status(401).json({ message: "Not authenticated" });
  }

  if (!user.password) {
    return res.status(400).json({ error: ErrorCode.UserMissingPassword });
  }

  if (!user.twoFactorEnabled) {
    return res.json({ message: "Two factor disabled" });
  }

  const isCorrectPassword = await verifyPassword(req.body.password, user.password);
  if (!isCorrectPassword) {
    return res.status(400).json({ error: ErrorCode.IncorrectPassword });
  }

  await prisma.user.update({
    where: {
      id: session.user.id,
    },
    data: {
      twoFactorEnabled: false,
      twoFactorSecret: null,
    },
  });

  return res.json({ message: "Two factor disabled" });
}
Add two-factor authentication (#692) Co-authored-by: Bailey Pumfleet <pumfleet@hey.com> 2021-09-21 09:29:20 +00:00			`import { NextApiRequest, NextApiResponse } from "next";`

Suggestion: let prettier sort imports order (#673) * Suggestion: let prettier sort imports order # Conflicts: # yarn.lock * AUTO SORT ALL THE IMPORTS * Linting * Fixes test 2021-09-22 19:52:38 +00:00			`import { ErrorCode, getSession, verifyPassword } from "@lib/auth";`
			`import prisma from "@lib/prisma";`

Add two-factor authentication (#692) Co-authored-by: Bailey Pumfleet <pumfleet@hey.com> 2021-09-21 09:29:20 +00:00			`export default async function handler(req: NextApiRequest, res: NextApiResponse) {`
			`if (req.method !== "POST") {`
			`return res.status(405).json({ message: "Method not allowed" });`
			`}`

			`const session = await getSession({ req });`
			`if (!session) {`
			`return res.status(401).json({ message: "Not authenticated" });`
			`}`

			`if (!session.user?.id) {`
			`console.error("Session is missing a user id.");`
			`return res.status(500).json({ error: ErrorCode.InternalServerError });`
			`}`

			`const user = await prisma.user.findUnique({ where: { id: session.user.id } });`
			`if (!user) {`
			console.error(`Session references user that no longer exists.`);
			`return res.status(401).json({ message: "Not authenticated" });`
			`}`

			`if (!user.password) {`
			`return res.status(400).json({ error: ErrorCode.UserMissingPassword });`
			`}`

			`if (!user.twoFactorEnabled) {`
			`return res.json({ message: "Two factor disabled" });`
			`}`

			`const isCorrectPassword = await verifyPassword(req.body.password, user.password);`
			`if (!isCorrectPassword) {`
			`return res.status(400).json({ error: ErrorCode.IncorrectPassword });`
			`}`

			`await prisma.user.update({`
			`where: {`
			`id: session.user.id,`
			`},`
			`data: {`
			`twoFactorEnabled: false,`
			`twoFactorSecret: null,`
			`},`
			`});`

			`return res.json({ message: "Two factor disabled" });`
			`}`