packages/lib/server-only/2fa/disable-2fa.ts

import { prisma } from '@documenso/prisma';
import type { User } from '@documenso/prisma/client';
import { UserSecurityAuditLogType } from '@documenso/prisma/client';

import { AppError, AppErrorCode } from '../../errors/app-error';
import type { RequestMetadata } from '../../universal/extract-request-metadata';
import { validateTwoFactorAuthentication } from './validate-2fa';

type DisableTwoFactorAuthenticationOptions = {
  user: User;
  totpCode?: string;
  backupCode?: string;
  requestMetadata?: RequestMetadata;
};

export const disableTwoFactorAuthentication = async ({
  totpCode,
  backupCode,
  user,
  requestMetadata,
}: DisableTwoFactorAuthenticationOptions) => {
  let isValid = false;

  if (!totpCode && !backupCode) {
    throw new AppError(AppErrorCode.INVALID_REQUEST);
  }

  if (totpCode) {
    isValid = await validateTwoFactorAuthentication({ totpCode, user });
  } else if (backupCode) {
    isValid = await validateTwoFactorAuthentication({ backupCode, user });
  }

  if (!isValid) {
    throw new AppError('INCORRECT_TWO_FACTOR_CODE');
  }

  await prisma.$transaction(async (tx) => {
    await tx.user.update({
      where: {
        id: user.id,
      },
      data: {
        twoFactorEnabled: false,
        twoFactorBackupCodes: null,
        twoFactorSecret: null,
      },
    });

    await tx.userSecurityAuditLog.create({
      data: {
        userId: user.id,
        type: UserSecurityAuditLogType.AUTH_2FA_DISABLE,
        userAgent: requestMetadata?.userAgent,
        ipAddress: requestMetadata?.ipAddress,
      },
    });
  });

  return true;
};
feat: add two factor auth (#643) Add two factor authentication for users who wish to enhance the security of their accounts. 2023-12-01 05:52:16 +05:30			`import { prisma } from '@documenso/prisma';`
feat: add user security audit logs 2024-01-30 17:31:27 +11:00			`import type { User } from '@documenso/prisma/client';`
			`import { UserSecurityAuditLogType } from '@documenso/prisma/client';`
feat: add two factor auth (#643) Add two factor authentication for users who wish to enhance the security of their accounts. 2023-12-01 05:52:16 +05:30
feat: disable 2fa with backup codes (#1314) Allow disabling two-factor authentication (2FA) by using either their authenticator app (TOTP) or a backup code. 2024-08-29 01:00:57 +00:00			`import { AppError, AppErrorCode } from '../../errors/app-error';`
feat: add user security audit logs 2024-01-30 17:31:27 +11:00			`import type { RequestMetadata } from '../../universal/extract-request-metadata';`
feat: add two factor auth (#643) Add two factor authentication for users who wish to enhance the security of their accounts. 2023-12-01 05:52:16 +05:30			`import { validateTwoFactorAuthentication } from './validate-2fa';`

			`type DisableTwoFactorAuthenticationOptions = {`
			`user: User;`
feat: disable 2fa with backup codes (#1314) Allow disabling two-factor authentication (2FA) by using either their authenticator app (TOTP) or a backup code. 2024-08-29 01:00:57 +00:00			`totpCode?: string;`
			`backupCode?: string;`
feat: add user security audit logs 2024-01-30 17:31:27 +11:00			`requestMetadata?: RequestMetadata;`
feat: add two factor auth (#643) Add two factor authentication for users who wish to enhance the security of their accounts. 2023-12-01 05:52:16 +05:30			`};`

			`export const disableTwoFactorAuthentication = async ({`
feat: disable 2fa with backup codes (#1314) Allow disabling two-factor authentication (2FA) by using either their authenticator app (TOTP) or a backup code. 2024-08-29 01:00:57 +00:00			`totpCode,`
			`backupCode,`
feat: add two factor auth (#643) Add two factor authentication for users who wish to enhance the security of their accounts. 2023-12-01 05:52:16 +05:30			`user,`
feat: add user security audit logs 2024-01-30 17:31:27 +11:00			`requestMetadata,`
feat: add two factor auth (#643) Add two factor authentication for users who wish to enhance the security of their accounts. 2023-12-01 05:52:16 +05:30			`}: DisableTwoFactorAuthenticationOptions) => {`
feat: disable 2fa with backup codes (#1314) Allow disabling two-factor authentication (2FA) by using either their authenticator app (TOTP) or a backup code. 2024-08-29 01:00:57 +00:00			`let isValid = false;`
feat: add two factor auth (#643) Add two factor authentication for users who wish to enhance the security of their accounts. 2023-12-01 05:52:16 +05:30
feat: disable 2fa with backup codes (#1314) Allow disabling two-factor authentication (2FA) by using either their authenticator app (TOTP) or a backup code. 2024-08-29 01:00:57 +00:00			`if (!totpCode && !backupCode) {`
			`throw new AppError(AppErrorCode.INVALID_REQUEST);`
			`}`

			`if (totpCode) {`
			`isValid = await validateTwoFactorAuthentication({ totpCode, user });`
			`} else if (backupCode) {`
			`isValid = await validateTwoFactorAuthentication({ backupCode, user });`
feat: add two factor auth (#643) Add two factor authentication for users who wish to enhance the security of their accounts. 2023-12-01 05:52:16 +05:30			`}`

			`if (!isValid) {`
feat: remove 2FA password requirement (#1053) 2024-03-25 11:34:50 +08:00			`throw new AppError('INCORRECT_TWO_FACTOR_CODE');`
feat: add two factor auth (#643) Add two factor authentication for users who wish to enhance the security of their accounts. 2023-12-01 05:52:16 +05:30			`}`

feat: add user security audit logs 2024-01-30 17:31:27 +11:00			`await prisma.$transaction(async (tx) => {`
			`await tx.user.update({`
			`where: {`
			`id: user.id,`
			`},`
			`data: {`
			`twoFactorEnabled: false,`
			`twoFactorBackupCodes: null,`
			`twoFactorSecret: null,`
			`},`
			`});`

			`await tx.userSecurityAuditLog.create({`
			`data: {`
			`userId: user.id,`
			`type: UserSecurityAuditLogType.AUTH_2FA_DISABLE,`
			`userAgent: requestMetadata?.userAgent,`
			`ipAddress: requestMetadata?.ipAddress,`
			`},`
			`});`
feat: add two factor auth (#643) Add two factor authentication for users who wish to enhance the security of their accounts. 2023-12-01 05:52:16 +05:30			`});`

			`return true;`
			`};`