| 702 | } |
| 703 | |
| 704 | validate2faToken(userId, token) { |
| 705 | const user2FA = db.User2fa.findOne({ where: { user_id: userId, isEnabled: true } }); |
| 706 | |
| 707 | if (!user2FA) { |
| 708 | return new Promise((resolve, reject) => reject(new Error(404))); |
| 709 | } |
| 710 | |
| 711 | const totp = new TOTP({ |
| 712 | secret: user2FA.secret |
| 713 | }); |
| 714 | |
| 715 | const delta = totp.validate({ token, window: 1 }); |
| 716 | |
| 717 | if (delta !== null) { |
| 718 | return this.findById(userId); |
| 719 | } else { |
| 720 | return new Promise((resolve, reject) => reject(new Error(401))); |
| 721 | } |
| 722 | } |
| 723 | |
| 724 | async pinDashboard(projectId, userId) { |
| 725 | const project = await db.Project.findByPk(projectId); |