feat: add mfa session to secure otp login

2023-07-20 15:11:39 +08:00
parent 87a962504f
commit 5018462559
9 changed files with 185 additions and 9 deletions
--- a/server/resolvers/login.go
+++ b/server/resolvers/login.go
@@ -113,16 +113,25 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
 	// If email service is not enabled continue the process in any way
 	if refs.BoolValue(user.IsMultiFactorAuthEnabled) && isEmailServiceEnabled && !isMFADisabled {
 		otp := utils.GenerateOTP()
+		expires := time.Now().Add(1 * time.Minute).Unix()
 		otpData, err := db.Provider.UpsertOTP(ctx, &models.OTP{
 			Email:     user.Email,
 			Otp:       otp,
-			ExpiresAt: time.Now().Add(1 * time.Minute).Unix(),
+			ExpiresAt: expires,
 		})
 		if err != nil {
 			log.Debug("Failed to add otp: ", err)
 			return nil, err
 		}

+		mfaSession := uuid.NewString()
+		err = memorystore.Provider.SetMfaSession(params.Email, mfaSession, expires)
+		if err != nil {
+			log.Debug("Failed to add mfasession: ", err)
+			return nil, err
+		}
+		cookie.SetMfaSession(gc, mfaSession)
+
 		go func() {
 			// exec it as go routine so that we can reduce the api latency
 			go email.SendEmail([]string{params.Email}, constants.VerificationTypeOTP, map[string]interface{}{