diff --git a/src/@shared/src/database/mixin/user.ts b/src/@shared/src/database/mixin/user.ts index e0cd816..1fc54fc 100644 --- a/src/@shared/src/database/mixin/user.ts +++ b/src/@shared/src/database/mixin/user.ts @@ -104,7 +104,7 @@ export const UserImpl: Omit = { if (!isNullish(otp)) return otp; let otpGen = new Otp(); - const res: SqliteReturn = this.prepare("UPDATE OR IGNORE user SET otp = @otp WHERE id = @id RETURNING otp") + const res: any = this.prepare("UPDATE OR IGNORE user SET otp = @otp WHERE id = @id RETURNING otp") .get({ id, otp: otpGen.secret }); return res?.otp; }, diff --git a/src/auth/src/routes/otp.ts b/src/auth/src/routes/otp.ts index 8db0f92..8266d0e 100644 --- a/src/auth/src/routes/otp.ts +++ b/src/auth/src/routes/otp.ts @@ -40,14 +40,14 @@ const route: FastifyPluginAsync = async (fastify, _opts): Promise => { return makeResponse("failed", "otp.failed.timeout"); // get the Otp sercret from the db - let otpSecret = this.db.getUserOtpSecret(dJwt.who); - if (isNullish(otpSecret)) + let user = this.db.getUserFromName(dJwt.who); + if (isNullish(user?.otp)) // oops, either no user, or user without otpSecret // fuck off return makeResponse("failed", "otp.failed.noSecret"); // good lets now verify the token you gave us is the correct one... - let otpHandle = new Otp({ secret: otpSecret }); + let otpHandle = new Otp({ secret: user.otp }); let now = Date.now(); const tokens = [ diff --git a/src/auth/src/routes/whoami.ts b/src/auth/src/routes/whoami.ts index 60b0c76..5f88cc1 100644 --- a/src/auth/src/routes/whoami.ts +++ b/src/auth/src/routes/whoami.ts @@ -16,6 +16,7 @@ const route: FastifyPluginAsync = async (fastify, _opts): Promise => { "/api/auth/whoami", { schema: { response: { "2xx": WhoAmIRes } }, config: { requireAuth: true } }, async function(req, _res) { + if (isNullish(req.authUser)) return makeResponse("failure", "whoami.failure.generic") return makeResponse("success", "whoami.success", { name: req.authUser.name }) },