(userId)
| 610 | } |
| 611 | |
| 612 | async setup2faApp(userId) { |
| 613 | const user = await this.findById(userId); |
| 614 | if (!user) { |
| 615 | return new Promise((resolve, reject) => reject(new Error(404))); |
| 616 | } |
| 617 | |
| 618 | const secret = new TOTP().secret.base32; |
| 619 | |
| 620 | // Save secret to DB |
| 621 | await db.User2fa.create({ |
| 622 | user_id: userId, |
| 623 | secret, |
| 624 | method: "app", |
| 625 | isEnabled: false, // Enabled after verification only |
| 626 | }); |
| 627 | |
| 628 | // Generate QR Code URL |
| 629 | const qrCodeURL = this.generateQrCodeUrl(user.email, secret); |
| 630 | |
| 631 | // Generate QR code |
| 632 | try { |
| 633 | return await QRCode.toDataURL(qrCodeURL); |
| 634 | } catch (e) { |
| 635 | return new Promise((resolve, reject) => reject(e)); |
| 636 | } |
| 637 | } |
| 638 | |
| 639 | async verify2faApp(userId, { token, password }) { |
| 640 | const user = await this.findById(userId); |
no test coverage detected