From 49cdbf247813b17220184f765da26c737ccc07b5 Mon Sep 17 00:00:00 2001 From: Diego Sampaio Date: Thu, 10 Sep 2020 21:13:49 -0300 Subject: [PATCH 1/2] Remember users' 2FA right after registration --- app/2fa/server/code/index.ts | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/app/2fa/server/code/index.ts b/app/2fa/server/code/index.ts index 7da600862962..6bf56df20d66 100644 --- a/app/2fa/server/code/index.ts +++ b/app/2fa/server/code/index.ts @@ -43,6 +43,7 @@ export function getUserForCheck(userId: string): IUser { fields: { emails: 1, language: 1, + createdAt: 1, 'services.totp': 1, 'services.email2fa': 1, 'services.emailCode': 1, @@ -61,6 +62,19 @@ export function getFingerprintFromConnection(connection: IMethodConnection): str return crypto.createHash('md5').update(data).digest('hex'); } +function getRememberDate(from: Date = new Date()): Date | undefined { + const rememberFor = parseInt(settings.get('Accounts_TwoFactorAuthentication_RememberFor') as string, 10); + + if (rememberFor <= 0) { + return; + } + + const expires = new Date(from); + expires.setSeconds(expires.getSeconds() + rememberFor); + + return expires; +} + export function isAuthorizedForToken(connection: IMethodConnection, user: IUser, options: ITwoFactorOptions): boolean { const currentToken = Accounts._getLoginToken(connection.id); const tokenObject = user.services?.resume?.loginTokens?.find((i) => i.hashedToken === currentToken); @@ -77,6 +91,12 @@ export function isAuthorizedForToken(connection: IMethodConnection, user: IUser, return false; } + // remember user right after their registration + const rememberAfterRegistration = user.createdAt && getRememberDate(user.createdAt); + if (rememberAfterRegistration && rememberAfterRegistration >= new Date()) { + return true; + } + if (!tokenObject.twoFactorAuthorizedUntil || !tokenObject.twoFactorAuthorizedHash) { return false; } @@ -95,15 +115,11 @@ export function isAuthorizedForToken(connection: IMethodConnection, user: IUser, export function rememberAuthorization(connection: IMethodConnection, user: IUser): void { const currentToken = Accounts._getLoginToken(connection.id); - const rememberFor = parseInt(settings.get('Accounts_TwoFactorAuthentication_RememberFor') as string, 10); - - if (rememberFor <= 0) { + const expires = getRememberDate(); + if (!expires) { return; } - const expires = new Date(); - expires.setSeconds(expires.getSeconds() + rememberFor); - Users.setTwoFactorAuthorizationHashAndUntilForUserIdAndToken(user._id, currentToken, getFingerprintFromConnection(connection), expires); } From b41e57ac6aae7370274f9c7fb8cc63d1bcdfdc58 Mon Sep 17 00:00:00 2001 From: Diego Sampaio Date: Thu, 10 Sep 2020 21:14:05 -0300 Subject: [PATCH 2/2] Change register server to false by default --- app/lib/server/startup/settings.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/lib/server/startup/settings.js b/app/lib/server/startup/settings.js index ca9c21c0c7df..af11aabf4b33 100644 --- a/app/lib/server/startup/settings.js +++ b/app/lib/server/startup/settings.js @@ -2679,7 +2679,7 @@ settings.addGroup('Setup_Wizard', function() { this.add('Allow_Marketing_Emails', true, { type: 'boolean', }); - this.add('Register_Server', true, { + this.add('Register_Server', false, { type: 'boolean', }); this.add('Organization_Email', '', {