✨ Disable the totp code when used

package.json

@@ -56,7 +56,7 @@
     "file-type-checker": "^1.0.8",
     "fp-ts": "^2.16.1",
     "jsonwebtoken": "^9.0.0",
-    "le-coffre-resources": "git@github.com:smart-chain-fr/leCoffre-resources.git#v2.98",
+    "le-coffre-resources": "git@github.com:smart-chain-fr/leCoffre-resources.git#v2.99",
     "module-alias": "^2.2.2",
     "monocle-ts": "^2.3.13",
     "multer": "^1.4.5-lts.1",

src/common/repositories/TotpCodesRepository.ts

@@ -40,7 +40,7 @@ export default class TotpCodesRepository extends BaseRepository {
 	}
 
 	/**
-	 * @description : Create a customer
+	 * @description : Create a totp code
 	 */
 	public async create(totpCode: TotpCode, excludedVars: IExcludedTotpCodesVars): Promise<TotpCodes> {
 		const createArgs: Prisma.TotpCodesCreateArgs = {
@@ -58,4 +58,18 @@ export default class TotpCodesRepository extends BaseRepository {
 
 		return this.model.create({ ...createArgs });
 	}
+
+	/**
+	 * Disable a totp code
+	 */
+	public async disable(totpCode: TotpCode): Promise<TotpCodes> {
+		return this.model.update({
+			where: {
+				uid: totpCode.uid!,
+			},
+			data: {
+				expire_at: new Date(),
+			},
+		});
+	}
 }

src/services/customer/CustomersService/CustomersService.ts

@@ -108,8 +108,9 @@ export default class CustomersService extends BaseService {
 	 * 2: Check if the password is already set
 	 * 3: Check if a totp code is existing and is not expired in the array
 	 * 4: Check if the SMS code is valid
-	 * 5: Hash the password
+	 * 5: Disable the totp code used
-	 * 6: Set the password in database and return the result of the update
+	 * 6: Hash the password
+	 * 7: Set the password in database and return the result of the update
 	 * @param email
 	 * @param totpCode
 	 * @param password
@@ -133,10 +134,13 @@ export default class CustomersService extends BaseService {
 		// 4: Check if the SMS code is valid
 		if (validTotpCode.code !== totpCode) throw new InvalidTotpCodeError();
 
-		// 5: Hash the password
+		// 5: Disable the totp code used
+		await this.totpCodesRepository.disable(validTotpCode);
+
+		// 6: Hash the password
 		const hashedPassword = await this.authService.hashPassword(password);
 
-		// 6: Set the password in database and return the result of the update
+		// 7: Set the password in database and return the result of the update
 		return await this.setPassword(customer, hashedPassword);
 	}
 
@@ -148,7 +152,8 @@ export default class CustomersService extends BaseService {
 	 * 3: Check if the SMS code is valid
 	 * 4: Check if the user has a password or it's their first login
 	 * 5: Check if the password is valid
-	 * 6: Return the customer
+	 * 6: Disable the totp code used
+	 * 7: Return the customer
 	 * @param email
 	 * @param totpCode
 	 * @param password
@@ -176,6 +181,10 @@ export default class CustomersService extends BaseService {
 		const isPasswordValid = await this.authService.comparePassword(password, customer.password);
 		if (!isPasswordValid) throw new InvalidPasswordError();
 
+		// 6: Disable the totp code used
+		await this.totpCodesRepository.disable(validTotpCode);
+
+		// 7: Return the customer
 		return await this.customerRepository.update(
 			customer.uid as string,
 			Customer.hydrate<Customer>({