diff --git a/package.json b/package.json index 645340ef..7c3fdd93 100644 --- a/package.json +++ b/package.json @@ -56,7 +56,7 @@ "file-type-checker": "^1.0.8", "fp-ts": "^2.16.1", "jsonwebtoken": "^9.0.0", - "le-coffre-resources": "git@github.com:smart-chain-fr/leCoffre-resources.git#v2.98", + "le-coffre-resources": "git@github.com:smart-chain-fr/leCoffre-resources.git#v2.99", "module-alias": "^2.2.2", "monocle-ts": "^2.3.13", "multer": "^1.4.5-lts.1", diff --git a/src/common/repositories/TotpCodesRepository.ts b/src/common/repositories/TotpCodesRepository.ts index f70f55ce..6e84eba0 100644 --- a/src/common/repositories/TotpCodesRepository.ts +++ b/src/common/repositories/TotpCodesRepository.ts @@ -40,7 +40,7 @@ export default class TotpCodesRepository extends BaseRepository { } /** - * @description : Create a customer + * @description : Create a totp code */ public async create(totpCode: TotpCode, excludedVars: IExcludedTotpCodesVars): Promise { const createArgs: Prisma.TotpCodesCreateArgs = { @@ -58,4 +58,18 @@ export default class TotpCodesRepository extends BaseRepository { return this.model.create({ ...createArgs }); } + + /** + * Disable a totp code + */ + public async disable(totpCode: TotpCode): Promise { + return this.model.update({ + where: { + uid: totpCode.uid!, + }, + data: { + expire_at: new Date(), + }, + }); + } } diff --git a/src/services/customer/CustomersService/CustomersService.ts b/src/services/customer/CustomersService/CustomersService.ts index 496967e1..062687f6 100644 --- a/src/services/customer/CustomersService/CustomersService.ts +++ b/src/services/customer/CustomersService/CustomersService.ts @@ -108,8 +108,9 @@ export default class CustomersService extends BaseService { * 2: Check if the password is already set * 3: Check if a totp code is existing and is not expired in the array * 4: Check if the SMS code is valid - * 5: Hash the password - * 6: Set the password in database and return the result of the update + * 5: Disable the totp code used + * 6: Hash the password + * 7: Set the password in database and return the result of the update * @param email * @param totpCode * @param password @@ -133,10 +134,13 @@ export default class CustomersService extends BaseService { // 4: Check if the SMS code is valid if (validTotpCode.code !== totpCode) throw new InvalidTotpCodeError(); - // 5: Hash the password + // 5: Disable the totp code used + await this.totpCodesRepository.disable(validTotpCode); + + // 6: Hash the password const hashedPassword = await this.authService.hashPassword(password); - // 6: Set the password in database and return the result of the update + // 7: Set the password in database and return the result of the update return await this.setPassword(customer, hashedPassword); } @@ -148,7 +152,8 @@ export default class CustomersService extends BaseService { * 3: Check if the SMS code is valid * 4: Check if the user has a password or it's their first login * 5: Check if the password is valid - * 6: Return the customer + * 6: Disable the totp code used + * 7: Return the customer * @param email * @param totpCode * @param password @@ -176,6 +181,10 @@ export default class CustomersService extends BaseService { const isPasswordValid = await this.authService.comparePassword(password, customer.password); if (!isPasswordValid) throw new InvalidPasswordError(); + // 6: Disable the totp code used + await this.totpCodesRepository.disable(validTotpCode); + + // 7: Return the customer return await this.customerRepository.update( customer.uid as string, Customer.hydrate({