[FIX] Showing alerts during setup wizard (#18862)

* Remember users' 2FA right after registration

* Change register server to false by default
pull/18867/head
Diego Sampaio 5 years ago
parent 679efbb927
commit b877cbcd45
No known key found for this signature in database
GPG Key ID: E060152B30502562
  1. 28
      app/2fa/server/code/index.ts
  2. 2
      app/lib/server/startup/settings.js

@ -43,6 +43,7 @@ export function getUserForCheck(userId: string): IUser {
fields: {
emails: 1,
language: 1,
createdAt: 1,
'services.totp': 1,
'services.email2fa': 1,
'services.emailCode': 1,
@ -61,6 +62,19 @@ export function getFingerprintFromConnection(connection: IMethodConnection): str
return crypto.createHash('md5').update(data).digest('hex');
}
function getRememberDate(from: Date = new Date()): Date | undefined {
const rememberFor = parseInt(settings.get('Accounts_TwoFactorAuthentication_RememberFor') as string, 10);
if (rememberFor <= 0) {
return;
}
const expires = new Date(from);
expires.setSeconds(expires.getSeconds() + rememberFor);
return expires;
}
export function isAuthorizedForToken(connection: IMethodConnection, user: IUser, options: ITwoFactorOptions): boolean {
const currentToken = Accounts._getLoginToken(connection.id);
const tokenObject = user.services?.resume?.loginTokens?.find((i) => i.hashedToken === currentToken);
@ -77,6 +91,12 @@ export function isAuthorizedForToken(connection: IMethodConnection, user: IUser,
return false;
}
// remember user right after their registration
const rememberAfterRegistration = user.createdAt && getRememberDate(user.createdAt);
if (rememberAfterRegistration && rememberAfterRegistration >= new Date()) {
return true;
}
if (!tokenObject.twoFactorAuthorizedUntil || !tokenObject.twoFactorAuthorizedHash) {
return false;
}
@ -95,15 +115,11 @@ export function isAuthorizedForToken(connection: IMethodConnection, user: IUser,
export function rememberAuthorization(connection: IMethodConnection, user: IUser): void {
const currentToken = Accounts._getLoginToken(connection.id);
const rememberFor = parseInt(settings.get('Accounts_TwoFactorAuthentication_RememberFor') as string, 10);
if (rememberFor <= 0) {
const expires = getRememberDate();
if (!expires) {
return;
}
const expires = new Date();
expires.setSeconds(expires.getSeconds() + rememberFor);
Users.setTwoFactorAuthorizationHashAndUntilForUserIdAndToken(user._id, currentToken, getFingerprintFromConnection(connection), expires);
}

@ -2679,7 +2679,7 @@ settings.addGroup('Setup_Wizard', function() {
this.add('Allow_Marketing_Emails', true, {
type: 'boolean',
});
this.add('Register_Server', true, {
this.add('Register_Server', false, {
type: 'boolean',
});
this.add('Organization_Email', '', {

Loading…
Cancel
Save