diff --git a/packages/auth/src/Domain/UseCase/VerifyMFA.spec.ts b/packages/auth/src/Domain/UseCase/VerifyMFA.spec.ts index 324629bde..35611c748 100644 --- a/packages/auth/src/Domain/UseCase/VerifyMFA.spec.ts +++ b/packages/auth/src/Domain/UseCase/VerifyMFA.spec.ts @@ -257,7 +257,7 @@ describe('VerifyMFA', () => { }) it('should not pass if user is not found and pseudo u2f is required', async () => { - booleanSelector.select = jest.fn().mockReturnValueOnce(false).mockReturnValueOnce(true) + booleanSelector.select = jest.fn().mockReturnValueOnce(true).mockReturnValueOnce(true) userRepository.findOneByUsernameOrEmail = jest.fn().mockReturnValue(null) expect( diff --git a/packages/auth/src/Domain/UseCase/VerifyMFA.ts b/packages/auth/src/Domain/UseCase/VerifyMFA.ts index 02eaab058..d849fd2a5 100644 --- a/packages/auth/src/Domain/UseCase/VerifyMFA.ts +++ b/packages/auth/src/Domain/UseCase/VerifyMFA.ts @@ -48,33 +48,33 @@ export class VerifyMFA implements UseCaseInterface { const user = await this.userRepository.findOneByUsernameOrEmail(username) if (user == null) { - const mfaSelectorHash = crypto + const secondFactorSelectorHash = crypto .createHash('sha256') - .update(`mfa-selector-${dto.email}${this.pseudoKeyParamsKey}`) - .digest('hex') - const u2fSelectorHash = crypto - .createHash('sha256') - .update(`u2f-selector-${dto.email}${this.pseudoKeyParamsKey}`) + .update(`second-factor-selector-${dto.email}${this.pseudoKeyParamsKey}`) .digest('hex') - const isPseudoMFARequired = this.booleanSelector.select(mfaSelectorHash, [true, false]) + const isPseudoSecondFactorRequired = this.booleanSelector.select(secondFactorSelectorHash, [true, false]) + if (isPseudoSecondFactorRequired) { + const u2fSelectorHash = crypto + .createHash('sha256') + .update(`u2f-selector-${dto.email}${this.pseudoKeyParamsKey}`) + .digest('hex') - const isPseudoU2FRequired = this.booleanSelector.select(u2fSelectorHash, [true, false]) + const isPseudoU2FRequired = this.booleanSelector.select(u2fSelectorHash, [true, false]) - if (isPseudoMFARequired) { - return { - success: false, - errorTag: ErrorTag.MfaRequired, - errorMessage: 'Please enter your two-factor authentication code.', - errorPayload: { mfa_key: `mfa_${uuidv4()}` }, - } - } - - if (isPseudoU2FRequired) { - return { - success: false, - errorTag: ErrorTag.U2FRequired, - errorMessage: 'Please authenticate with your U2F device.', + if (isPseudoU2FRequired) { + return { + success: false, + errorTag: ErrorTag.U2FRequired, + errorMessage: 'Please authenticate with your U2F device.', + } + } else { + return { + success: false, + errorTag: ErrorTag.MfaRequired, + errorMessage: 'Please enter your two-factor authentication code.', + errorPayload: { mfa_key: `mfa_${uuidv4()}` }, + } } }