mythic-insight/calcom
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 5
calcom/apps/web/pages/api/auth/two-factor/totp/setup.ts
Omar López f536d1040c
App Store (#1869) 
* patch applied

* patch applied

* We shouldn't pollute global css

* Build fixes

* Updates typings

* WIP extracting zoom to package

* Revert "Upgrades next to 12.1 (#1895)" (#1903)

This reverts commit ede0e98e1f.

* Tweak/gitignore prisma zod (#1905)

* Extracts ignored createEventTypeBaseInput

* Adds postinstall script

* Revert "Tweak/gitignore prisma zod (#1905)" (#1906)

This reverts commit 15bfeb30d7.

* Eslint fixes (#1898)

* Eslint fixes

* Docs build fixes

* Upgrade to next 12.1 (#1904)

* Upgrades next to 12.1

* Fixes build

* Updaters e2e test pipelines

Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>

* Fix URL by removing slash and backslash (#1733)

* Fix URl by removing slash and backslash

* Implement slugify

* Add data type

* Fixing folder structure

* Solve zod-utils conflict

* Build fixes (#1929)

* Build fixes

* Fixes type error

* WIP

* Conflict fixes

* Removes unused file

* TODO

* WIP

* Type fixes

* Linting

* WIP

* Moved App definition to types

* WIP

* WIP

* WIP

* WIP WIP

* Renamed zoomvideo app

* Import fix

* Daily.co app (#2022)

* Daily.co app

* Update packages/app-store/dailyvideo/lib/VideoApiAdapter.ts

Co-authored-by: Omar López <zomars@me.com>

* Update packages/app-store/dailyvideo/lib/VideoApiAdapter.ts

Co-authored-by: Omar López <zomars@me.com>

* Missing deps for newly added contants to lib

Co-authored-by: Omar López <zomars@me.com>

* WIP

* WIP

* WIP

* Daily fixes

* Updated type info

* Slack Oauth integration - api route ideas

* Adds getLocationOptions

* Type fixes

* Adds location option for daily video

* Revert "Slack Oauth integration - api route ideas"

This reverts commit 35ffa78e929339c4badb98cdab4e4b953ecc7cca.

* Slack Oauth + verify sig

* Revert "Slack Oauth + verify sig"

This reverts commit ee95795e0f0ae6d06be4e0a423afb8c315d9af7d.

* Huddle01 migration to app store (#2038)

* Jitsi Video App migration

* Removing uneeded dependencies

* Missed unused reference

* Missing dependency

`@calcom/lib` is needed in the `locationOption.ts` file

* Huddle01 migration to app store

* Jitsi Video App migration (#2027)

* Jitsi Video App migration

* Removing uneeded dependencies

* Missed unused reference

* Missing dependency

`@calcom/lib` is needed in the `locationOption.ts` file

Co-authored-by: Omar López <zomars@me.com>

* Monorepo/app store MS Teams Integration (#2080)

* Create teamsvideo package

* Remove zoom specific refrences

* Add teams video files

* Rename to office365_video

* Add call back to add crednetial type office365_teams

* Rename to office_video to match type

* Add MS Teams as a location option

* Rename files

* Add teams reponse interface and create meeting

* Comment out Daily imports

* Add check for Teams integration

* Add token checking functions

* Change template to create event rather than meeting

* Add comment to test between create link and event

* Add teams URL to booking

* Ask for just onlineMeeting permission

* Add MS Teams logo

* Add message to have an enterprise account

* Remove comments

* Comment back hasDailyIntegration

* Comment back daily credentials

* Update link to MS Graph section of README

* Move API calls to package

Co-authored-by: Omar López <zomars@me.com>

* Re-adds missing module for transpiling

* Adds email as required field for app store metadata

* WIP: migrates tandem to app store

* Cleanup

* Migrates tandem api routes to app store

* Fixes tandem api handlers

* Big WIP WIP

* Build fixes

* WIP

* Fixes annoying circular dependency bug

I've spent a whole day on this....

* Location option cleanup

* Type fixes

* Update EventManager.ts

* Update CalendarManager.ts

* Moves CalendarService back to lib

* Moves apple calendar to App Store

* Cleanup

* More cleanup

* Migrates apple calendar

* Returns all connected calendars credentials

* No tsx needed in calcom/lib

* Update auth.ts

* Reordering

* Update i18n.utils.ts

* WIP: Google Meet

* Type fixes

* Type fixes

* Cleanup

* Update LinkIconButton.tsx

* Update TrialBanner.tsx

* Cleanup

* Cleanup

* Type fixes

* Update _appRegistry.ts

* Update fonts.css

* Update CalEventParser.ts

* Delete yarn.lock.rej

* Update eslint-preset.js

* Delete zoom.tsx

* Type fixes

* Migrates caldav to app store

* Cleanup

* Type fixes

* Adds caldav to app store

* Test fixes

* Updates integration tests

* Moar test fixes

* Redirection fixes

* Redirection fixes

* Update timeFormat.ts

* Update booking-pages.test.ts

* Connect button fixes

* Fix empty item

* Cal fixes andrea (#2234)

* Fixes #2178

* Fixes #2178

* Update apps/web/components/availability/Schedule.tsx

* Update apps/web/components/availability/Schedule.tsx

Co-authored-by: Peer Richelsen <peeroke@gmail.com>
Co-authored-by: Peer Richelsen <peer@cal.com>

* added meta viewport to disable zoom on input focus on mobile (#2238)

* Update lint.yml (#2211)

Co-authored-by: Peer Richelsen <peeroke@gmail.com>

* Fix prisma client bundle makes app slow (#2237)

Co-authored-by: Omar López <zomars@me.com>

* Slider fixes

* Removed unused code

* Full Shell when unauthed

* App sidebar responsive fixes

* Adds dynamic install button

* Fix for duplicate connected calendars

* Various fixes

* Display notification on app delete

* Reuse connect button

* Adds CalDav button

* Deprecates ConnectIntegration

* Simplify install button

* Adds Google Calendar connect button

* Adds Office 365 Install button

* Migrates Stripe to App Store

* Zoom Install Button (#2244)

* Fix minor css, app image load from static path

* Fix app logos remote img src (#2252)

* Adds missing exports

* Cleanup

* Disables install button for globally enabled apps

* Update EventManager.ts

* Stripe fixes

* Disables example app

Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
Co-authored-by: Juan Esteban Nieto Cifuentes <89233604+Jenietoc@users.noreply.github.com>
Co-authored-by: Leo Giovanetti <hello@leog.me>
Co-authored-by: Sean Brydon <seanbrydon.me@gmail.com>
Co-authored-by: Joe Au-Yeung <65426560+joeauyeung@users.noreply.github.com>
Co-authored-by: Peer Richelsen <peeroke@gmail.com>
Co-authored-by: Bailey Pumfleet <pumfleet@hey.com>
Co-authored-by: Syed Ali Shahbaz <52925846+alishaz-polymath@users.noreply.github.com>
Co-authored-by: andreaestefania12 <andreaestefania12@hotmail.com>
Co-authored-by: Peer Richelsen <peer@cal.com>
Co-authored-by: Demian Caldelas <denik.works@protonmail.com>
Co-authored-by: Alan <alannnc@gmail.com>
2022-03-23 15:00:30 -07:00

73 lines
2.4 KiB
TypeScript
Raw Blame History

import { IdentityProvider } from "@prisma/client";
import { NextApiRequest, NextApiResponse } from "next";
import { authenticator } from "otplib";
import qrcode from "qrcode";
import { symmetricEncrypt } from "@calcom/lib/crypto";
import { ErrorCode, getSession, verifyPassword } from "@lib/auth";
import prisma from "@lib/prisma";
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
if (req.method !== "POST") {
return res.status(405).json({ message: "Method not allowed" });
}
const session = await getSession({ req });
if (!session) {
return res.status(401).json({ message: "Not authenticated" });
}
if (!session.user?.id) {
console.error("Session is missing a user id.");
return res.status(500).json({ error: ErrorCode.InternalServerError });
}
const user = await prisma.user.findUnique({ where: { id: session.user.id } });
if (!user) {
console.error(`Session references user that no longer exists.`);
return res.status(401).json({ message: "Not authenticated" });
}
if (user.identityProvider !== IdentityProvider.CAL) {
return res.status(400).json({ error: ErrorCode.ThirdPartyIdentityProviderEnabled });
}
if (!user.password) {
return res.status(400).json({ error: ErrorCode.UserMissingPassword });
}
if (user.twoFactorEnabled) {
return res.status(400).json({ error: ErrorCode.TwoFactorAlreadyEnabled });
}
if (!process.env.CALENDSO_ENCRYPTION_KEY) {
console.error("Missing encryption key; cannot proceed with two factor setup.");
return res.status(500).json({ error: ErrorCode.InternalServerError });
}
const isCorrectPassword = await verifyPassword(req.body.password, user.password);
if (!isCorrectPassword) {
return res.status(400).json({ error: ErrorCode.IncorrectPassword });
}
// This generates a secret 32 characters in length. Do not modify the number of
// bytes without updating the sanity checks in the enable and login endpoints.
const secret = authenticator.generateSecret(20);
await prisma.user.update({
where: {
id: session.user.id,
},
data: {
twoFactorEnabled: false,
twoFactorSecret: symmetricEncrypt(secret, process.env.CALENDSO_ENCRYPTION_KEY),
},
});
const name = user.email || user.username || user.id.toString();
const keyUri = authenticator.keyuri(name, "Cal", secret);
const dataUri = await qrcode.toDataURL(keyUri);
return res.json({ secret, keyUri, dataUri });
}
Reference in a new issue View git blame Copy permalink