From b877cbcd45c0806d52e71002eb4858dfd8cbe2f5 Mon Sep 17 00:00:00 2001 From: Diego Sampaio Date: Fri, 11 Sep 2020 10:08:05 -0300 Subject: [PATCH] [FIX] Showing alerts during setup wizard (#18862) * Remember users' 2FA right after registration * Change register server to false by default --- app/2fa/server/code/index.ts | 28 ++++++++++++++++++++++------ app/lib/server/startup/settings.js | 2 +- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/app/2fa/server/code/index.ts b/app/2fa/server/code/index.ts index 7da600862962..6bf56df20d66 100644 --- a/app/2fa/server/code/index.ts +++ b/app/2fa/server/code/index.ts @@ -43,6 +43,7 @@ export function getUserForCheck(userId: string): IUser { fields: { emails: 1, language: 1, + createdAt: 1, 'services.totp': 1, 'services.email2fa': 1, 'services.emailCode': 1, @@ -61,6 +62,19 @@ export function getFingerprintFromConnection(connection: IMethodConnection): str return crypto.createHash('md5').update(data).digest('hex'); } +function getRememberDate(from: Date = new Date()): Date | undefined { + const rememberFor = parseInt(settings.get('Accounts_TwoFactorAuthentication_RememberFor') as string, 10); + + if (rememberFor <= 0) { + return; + } + + const expires = new Date(from); + expires.setSeconds(expires.getSeconds() + rememberFor); + + return expires; +} + export function isAuthorizedForToken(connection: IMethodConnection, user: IUser, options: ITwoFactorOptions): boolean { const currentToken = Accounts._getLoginToken(connection.id); const tokenObject = user.services?.resume?.loginTokens?.find((i) => i.hashedToken === currentToken); @@ -77,6 +91,12 @@ export function isAuthorizedForToken(connection: IMethodConnection, user: IUser, return false; } + // remember user right after their registration + const rememberAfterRegistration = user.createdAt && getRememberDate(user.createdAt); + if (rememberAfterRegistration && rememberAfterRegistration >= new Date()) { + return true; + } + if (!tokenObject.twoFactorAuthorizedUntil || !tokenObject.twoFactorAuthorizedHash) { return false; } @@ -95,15 +115,11 @@ export function isAuthorizedForToken(connection: IMethodConnection, user: IUser, export function rememberAuthorization(connection: IMethodConnection, user: IUser): void { const currentToken = Accounts._getLoginToken(connection.id); - const rememberFor = parseInt(settings.get('Accounts_TwoFactorAuthentication_RememberFor') as string, 10); - - if (rememberFor <= 0) { + const expires = getRememberDate(); + if (!expires) { return; } - const expires = new Date(); - expires.setSeconds(expires.getSeconds() + rememberFor); - Users.setTwoFactorAuthorizationHashAndUntilForUserIdAndToken(user._id, currentToken, getFingerprintFromConnection(connection), expires); } diff --git a/app/lib/server/startup/settings.js b/app/lib/server/startup/settings.js index ca9c21c0c7df..af11aabf4b33 100644 --- a/app/lib/server/startup/settings.js +++ b/app/lib/server/startup/settings.js @@ -2679,7 +2679,7 @@ settings.addGroup('Setup_Wizard', function() { this.add('Allow_Marketing_Emails', true, { type: 'boolean', }); - this.add('Register_Server', true, { + this.add('Register_Server', false, { type: 'boolean', }); this.add('Organization_Email', '', {