lemmy/crates/api/src/local_user/generate_totp_secret.rs

use crate::{build_totp_2fa, generate_totp_2fa_secret};
use activitypub_federation::config::Data;
use actix_web::web::Json;
use lemmy_api_common::{context::LemmyContext, person::GenerateTotpSecretResponse};
use lemmy_db_schema::source::local_user::{LocalUser, LocalUserUpdateForm};
use lemmy_db_views::structs::{LocalUserView, SiteView};
use lemmy_utils::error::{LemmyErrorType, LemmyResult};

/// Generate a new secret for two-factor-authentication. Afterwards you need to call [toggle_totp]
/// to enable it. This can only be called if 2FA is currently disabled.
#[tracing::instrument(skip(context))]
pub async fn generate_totp_secret(
  local_user_view: LocalUserView,
  context: Data<LemmyContext>,
) -> LemmyResult<Json<GenerateTotpSecretResponse>> {
  let site_view = SiteView::read_local(&mut context.pool())
    .await?
    .ok_or(LemmyErrorType::LocalSiteNotSetup)?;

  if local_user_view.local_user.totp_2fa_enabled {
    return Err(LemmyErrorType::TotpAlreadyEnabled)?;
  }

  let secret = generate_totp_2fa_secret();
  let secret_url =
    build_totp_2fa(&site_view.site.name, &local_user_view.person.name, &secret)?.get_url();

  let local_user_form = LocalUserUpdateForm {
    totp_2fa_secret: Some(Some(secret)),
    ..Default::default()
  };
  LocalUser::update(
    &mut context.pool(),
    local_user_view.local_user.id,
    &local_user_form,
  )
  .await?;

  Ok(Json(GenerateTotpSecretResponse {
    totp_secret_url: secret_url.into(),
  }))
}
Rework the way 2FA is enabled/disabled (fixes #3309) (#3959) * Rework the way 2FA is enabled/disabled (fixes #3309) * postgres format * change algo to sha1 for better compat * review comments * review * clippy --------- Co-authored-by: Dessalines <dessalines@users.noreply.github.com> 2023-09-20 14:49:54 +00:00			`use crate::{build_totp_2fa, generate_totp_2fa_secret};`
			`use activitypub_federation::config::Data;`
			`use actix_web::web::Json;`
Mark database fields as sensitive so they dont show up in logs (#4720) * Mark database fields as sensitive so they dont show up in logs * add file * fix test * Update crates/apub/src/objects/person.rs Co-authored-by: SleeplessOne1917 <28871516+SleeplessOne1917@users.noreply.github.com> * Update crates/apub/src/objects/community.rs Co-authored-by: SleeplessOne1917 <28871516+SleeplessOne1917@users.noreply.github.com> * Update crates/apub/src/objects/instance.rs Co-authored-by: SleeplessOne1917 <28871516+SleeplessOne1917@users.noreply.github.com> --------- Co-authored-by: SleeplessOne1917 <28871516+SleeplessOne1917@users.noreply.github.com> Co-authored-by: Dessalines <dessalines@users.noreply.github.com> 2024-05-17 00:41:57 +00:00			`use lemmy_api_common::{context::LemmyContext, person::GenerateTotpSecretResponse};`
On registration, automatically set content languages from `accept-language` header (#4550) * On registration, automatically set content languages from accept header * no need to set site language or default language for new user anymore * fix test * fix langs * avoid duplicate writing of new user languages 2024-03-25 20:02:12 +00:00			`use lemmy_db_schema::source::local_user::{LocalUser, LocalUserUpdateForm};`
Rework the way 2FA is enabled/disabled (fixes #3309) (#3959) * Rework the way 2FA is enabled/disabled (fixes #3309) * postgres format * change algo to sha1 for better compat * review comments * review * clippy --------- Co-authored-by: Dessalines <dessalines@users.noreply.github.com> 2023-09-20 14:49:54 +00:00			`use lemmy_db_views::structs::{LocalUserView, SiteView};`
Convert all Result<..., LemmyError> into LemmyResult<...> Fixes #4613 (#4614) * Convert all Result<..., LemmyError> into LemmyResult<...> Fixes #4613 * Fixing clippy. 2024-04-10 14:14:11 +00:00			`use lemmy_utils::error::{LemmyErrorType, LemmyResult};`
Rework the way 2FA is enabled/disabled (fixes #3309) (#3959) * Rework the way 2FA is enabled/disabled (fixes #3309) * postgres format * change algo to sha1 for better compat * review comments * review * clippy --------- Co-authored-by: Dessalines <dessalines@users.noreply.github.com> 2023-09-20 14:49:54 +00:00
			`/// Generate a new secret for two-factor-authentication. Afterwards you need to call [toggle_totp]`
			`/// to enable it. This can only be called if 2FA is currently disabled.`
			`#[tracing::instrument(skip(context))]`
			`pub async fn generate_totp_secret(`
			`local_user_view: LocalUserView,`
			`context: Data<LemmyContext>,`
Convert all Result<..., LemmyError> into LemmyResult<...> Fixes #4613 (#4614) * Convert all Result<..., LemmyError> into LemmyResult<...> Fixes #4613 * Fixing clippy. 2024-04-10 14:14:11 +00:00			`) -> LemmyResult<Json<GenerateTotpSecretResponse>> {`
Make all single-fetch database calls return an Option. (#4617) - Diesel ordinarily throws an error when no results are returned for a single fetch, which is a bit confusing. This PR ensures that the missing value cases are all caught, and wrapped with new LemmyErrors, rather than diesel errors. - Fixes #4601 2024-04-16 12:48:15 +00:00			`let site_view = SiteView::read_local(&mut context.pool())`
			`.await?`
			`.ok_or(LemmyErrorType::LocalSiteNotSetup)?;`
Rework the way 2FA is enabled/disabled (fixes #3309) (#3959) * Rework the way 2FA is enabled/disabled (fixes #3309) * postgres format * change algo to sha1 for better compat * review comments * review * clippy --------- Co-authored-by: Dessalines <dessalines@users.noreply.github.com> 2023-09-20 14:49:54 +00:00
			`if local_user_view.local_user.totp_2fa_enabled {`
			`return Err(LemmyErrorType::TotpAlreadyEnabled)?;`
			`}`

			`let secret = generate_totp_2fa_secret();`
			`let secret_url =`
			`build_totp_2fa(&site_view.site.name, &local_user_view.person.name, &secret)?.get_url();`

			`let local_user_form = LocalUserUpdateForm {`
			`totp_2fa_secret: Some(Some(secret)),`
			`..Default::default()`
			`};`
			`LocalUser::update(`
			`&mut context.pool(),`
			`local_user_view.local_user.id,`
			`&local_user_form,`
			`)`
			`.await?;`

			`Ok(Json(GenerateTotpSecretResponse {`
Mark database fields as sensitive so they dont show up in logs (#4720) * Mark database fields as sensitive so they dont show up in logs * add file * fix test * Update crates/apub/src/objects/person.rs Co-authored-by: SleeplessOne1917 <28871516+SleeplessOne1917@users.noreply.github.com> * Update crates/apub/src/objects/community.rs Co-authored-by: SleeplessOne1917 <28871516+SleeplessOne1917@users.noreply.github.com> * Update crates/apub/src/objects/instance.rs Co-authored-by: SleeplessOne1917 <28871516+SleeplessOne1917@users.noreply.github.com> --------- Co-authored-by: SleeplessOne1917 <28871516+SleeplessOne1917@users.noreply.github.com> Co-authored-by: Dessalines <dessalines@users.noreply.github.com> 2024-05-17 00:41:57 +00:00			`totp_secret_url: secret_url.into(),`
Rework the way 2FA is enabled/disabled (fixes #3309) (#3959) * Rework the way 2FA is enabled/disabled (fixes #3309) * postgres format * change algo to sha1 for better compat * review comments * review * clippy --------- Co-authored-by: Dessalines <dessalines@users.noreply.github.com> 2023-09-20 14:49:54 +00:00			`}))`
			`}`