diff --git a/packages/auth/src/Bootstrap/Container.ts b/packages/auth/src/Bootstrap/Container.ts index b84b76330..1a0f580db 100644 --- a/packages/auth/src/Bootstrap/Container.ts +++ b/packages/auth/src/Bootstrap/Container.ts @@ -573,7 +573,6 @@ export class ContainerConfigLoader { new GenerateAuthenticatorRegistrationOptions( container.get(TYPES.AuthenticatorRepository), container.get(TYPES.AuthenticatorChallengeRepository), - container.get(TYPES.SettingService), container.get(TYPES.U2F_RELYING_PARTY_NAME), container.get(TYPES.U2F_RELYING_PARTY_ID), ), @@ -584,7 +583,6 @@ export class ContainerConfigLoader { new VerifyAuthenticatorRegistrationResponse( container.get(TYPES.AuthenticatorRepository), container.get(TYPES.AuthenticatorChallengeRepository), - container.get(TYPES.SettingService), container.get(TYPES.U2F_RELYING_PARTY_ID), container.get(TYPES.U2F_EXPECTED_ORIGIN), container.get(TYPES.U2F_REQUIRE_USER_VERIFICATION), diff --git a/packages/auth/src/Domain/UseCase/GenerateAuthenticatorRegistrationOptions/GenerateAuthenticatorRegistrationOptions.spec.ts b/packages/auth/src/Domain/UseCase/GenerateAuthenticatorRegistrationOptions/GenerateAuthenticatorRegistrationOptions.spec.ts index 9113e5087..0ae9f5f66 100644 --- a/packages/auth/src/Domain/UseCase/GenerateAuthenticatorRegistrationOptions/GenerateAuthenticatorRegistrationOptions.spec.ts +++ b/packages/auth/src/Domain/UseCase/GenerateAuthenticatorRegistrationOptions/GenerateAuthenticatorRegistrationOptions.spec.ts @@ -4,20 +4,16 @@ import { Authenticator } from '../../Authenticator/Authenticator' import { AuthenticatorChallenge } from '../../Authenticator/AuthenticatorChallenge' import { AuthenticatorChallengeRepositoryInterface } from '../../Authenticator/AuthenticatorChallengeRepositoryInterface' import { AuthenticatorRepositoryInterface } from '../../Authenticator/AuthenticatorRepositoryInterface' -import { Setting } from '../../Setting/Setting' -import { SettingServiceInterface } from '../../Setting/SettingServiceInterface' import { GenerateAuthenticatorRegistrationOptions } from './GenerateAuthenticatorRegistrationOptions' describe('GenerateAuthenticatorRegistrationOptions', () => { let authenticatorRepository: AuthenticatorRepositoryInterface let authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface - let settingService: SettingServiceInterface const createUseCase = () => new GenerateAuthenticatorRegistrationOptions( authenticatorRepository, authenticatorChallengeRepository, - settingService, 'Standard Notes', 'standardnotes.com', ) @@ -40,11 +36,6 @@ describe('GenerateAuthenticatorRegistrationOptions', () => { authenticatorChallengeRepository = {} as jest.Mocked authenticatorChallengeRepository.save = jest.fn() - - settingService = {} as jest.Mocked - settingService.findSettingWithDecryptedValue = jest.fn().mockReturnValue({ - value: 'secret', - } as jest.Mocked) }) it('should return error if userUuid is invalid', async () => { @@ -61,40 +52,6 @@ describe('GenerateAuthenticatorRegistrationOptions', () => { ) }) - it('should return error if user does not have 2FA enabled', async () => { - settingService.findSettingWithDecryptedValue = jest.fn().mockReturnValue({ - value: null, - } as jest.Mocked) - - const useCase = createUseCase() - - const result = await useCase.execute({ - userUuid: '00000000-0000-0000-0000-000000000000', - username: 'username', - }) - - expect(result.isFailed()).toBe(true) - expect(result.getError()).toBe( - 'Could not verify authenticator registration response: Fallback 2FA not enabled for user.', - ) - }) - - it('should return error if user has 2FA disabled', async () => { - settingService.findSettingWithDecryptedValue = jest.fn().mockReturnValue(null) - - const useCase = createUseCase() - - const result = await useCase.execute({ - userUuid: '00000000-0000-0000-0000-000000000000', - username: 'username', - }) - - expect(result.isFailed()).toBe(true) - expect(result.getError()).toBe( - 'Could not verify authenticator registration response: Fallback 2FA not enabled for user.', - ) - }) - it('should return error if username is invalid', async () => { const useCase = createUseCase() diff --git a/packages/auth/src/Domain/UseCase/GenerateAuthenticatorRegistrationOptions/GenerateAuthenticatorRegistrationOptions.ts b/packages/auth/src/Domain/UseCase/GenerateAuthenticatorRegistrationOptions/GenerateAuthenticatorRegistrationOptions.ts index 262a224e8..12aea2ca2 100644 --- a/packages/auth/src/Domain/UseCase/GenerateAuthenticatorRegistrationOptions/GenerateAuthenticatorRegistrationOptions.ts +++ b/packages/auth/src/Domain/UseCase/GenerateAuthenticatorRegistrationOptions/GenerateAuthenticatorRegistrationOptions.ts @@ -5,14 +5,11 @@ import { GenerateAuthenticatorRegistrationOptionsDTO } from './GenerateAuthentic import { AuthenticatorRepositoryInterface } from '../../Authenticator/AuthenticatorRepositoryInterface' import { AuthenticatorChallengeRepositoryInterface } from '../../Authenticator/AuthenticatorChallengeRepositoryInterface' import { AuthenticatorChallenge } from '../../Authenticator/AuthenticatorChallenge' -import { SettingServiceInterface } from '../../Setting/SettingServiceInterface' -import { SettingName } from '@standardnotes/settings' export class GenerateAuthenticatorRegistrationOptions implements UseCaseInterface> { constructor( private authenticatorRepository: AuthenticatorRepositoryInterface, private authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface, - private settingService: SettingServiceInterface, private relyingPartyName: string, private relyingPartyId: string, ) {} @@ -24,15 +21,6 @@ export class GenerateAuthenticatorRegistrationOptions implements UseCaseInterfac } const userUuid = userUuidOrError.getValue() - const mfaSecret = await this.settingService.findSettingWithDecryptedValue({ - userUuid: userUuid.value, - settingName: SettingName.MfaSecret, - }) - const twoFactorEnabled = mfaSecret !== null && mfaSecret.value !== null - if (!twoFactorEnabled) { - return Result.fail('Could not verify authenticator registration response: Fallback 2FA not enabled for user.') - } - const usernameOrError = Username.create(dto.username) if (usernameOrError.isFailed()) { return Result.fail(`Could not generate authenticator registration options: ${usernameOrError.getError()}`) diff --git a/packages/auth/src/Domain/UseCase/VerifyAuthenticatorRegistrationResponse/VerifyAuthenticatorRegistrationResponse.spec.ts b/packages/auth/src/Domain/UseCase/VerifyAuthenticatorRegistrationResponse/VerifyAuthenticatorRegistrationResponse.spec.ts index d62a1a634..1f20033c0 100644 --- a/packages/auth/src/Domain/UseCase/VerifyAuthenticatorRegistrationResponse/VerifyAuthenticatorRegistrationResponse.spec.ts +++ b/packages/auth/src/Domain/UseCase/VerifyAuthenticatorRegistrationResponse/VerifyAuthenticatorRegistrationResponse.spec.ts @@ -6,20 +6,16 @@ import { Authenticator } from '../../Authenticator/Authenticator' import { AuthenticatorChallenge } from '../../Authenticator/AuthenticatorChallenge' import { AuthenticatorChallengeRepositoryInterface } from '../../Authenticator/AuthenticatorChallengeRepositoryInterface' import { AuthenticatorRepositoryInterface } from '../../Authenticator/AuthenticatorRepositoryInterface' -import { Setting } from '../../Setting/Setting' -import { SettingServiceInterface } from '../../Setting/SettingServiceInterface' import { VerifyAuthenticatorRegistrationResponse } from './VerifyAuthenticatorRegistrationResponse' describe('VerifyAuthenticatorRegistrationResponse', () => { let authenticatorRepository: AuthenticatorRepositoryInterface let authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface - let settingService: SettingServiceInterface const createUseCase = () => new VerifyAuthenticatorRegistrationResponse( authenticatorRepository, authenticatorChallengeRepository, - settingService, 'standardnotes.com', ['localhost', 'https://app.standardnotes.com'], true, @@ -35,11 +31,6 @@ describe('VerifyAuthenticatorRegistrationResponse', () => { challenge: Buffer.from('challenge'), }, } as jest.Mocked) - - settingService = {} as jest.Mocked - settingService.findSettingWithDecryptedValue = jest.fn().mockReturnValue({ - value: 'secret', - } as jest.Mocked) }) it('should return error if user uuid is invalid', async () => { @@ -65,58 +56,6 @@ describe('VerifyAuthenticatorRegistrationResponse', () => { ) }) - it('should return error if user does not have 2FA enabled', async () => { - settingService.findSettingWithDecryptedValue = jest.fn().mockReturnValue(null) - - const useCase = createUseCase() - - const result = await useCase.execute({ - userUuid: '00000000-0000-0000-0000-000000000000', - name: 'name', - attestationResponse: { - id: Buffer.from('id'), - rawId: Buffer.from('rawId'), - response: { - attestationObject: Buffer.from('attestationObject'), - clientDataJSON: Buffer.from('clientDataJSON'), - }, - type: 'type', - }, - }) - - expect(result.isFailed()).toBeTruthy() - expect(result.getError()).toEqual( - 'Could not verify authenticator registration response: Fallback 2FA not enabled for user.', - ) - }) - - it('should return error if user has 2FA disabled', async () => { - settingService.findSettingWithDecryptedValue = jest.fn().mockReturnValue({ - value: null, - } as jest.Mocked) - - const useCase = createUseCase() - - const result = await useCase.execute({ - userUuid: '00000000-0000-0000-0000-000000000000', - name: 'name', - attestationResponse: { - id: Buffer.from('id'), - rawId: Buffer.from('rawId'), - response: { - attestationObject: Buffer.from('attestationObject'), - clientDataJSON: Buffer.from('clientDataJSON'), - }, - type: 'type', - }, - }) - - expect(result.isFailed()).toBeTruthy() - expect(result.getError()).toEqual( - 'Could not verify authenticator registration response: Fallback 2FA not enabled for user.', - ) - }) - it('should return error if name is invalid', async () => { const useCase = createUseCase() diff --git a/packages/auth/src/Domain/UseCase/VerifyAuthenticatorRegistrationResponse/VerifyAuthenticatorRegistrationResponse.ts b/packages/auth/src/Domain/UseCase/VerifyAuthenticatorRegistrationResponse/VerifyAuthenticatorRegistrationResponse.ts index 44241b06e..5d71406e2 100644 --- a/packages/auth/src/Domain/UseCase/VerifyAuthenticatorRegistrationResponse/VerifyAuthenticatorRegistrationResponse.ts +++ b/packages/auth/src/Domain/UseCase/VerifyAuthenticatorRegistrationResponse/VerifyAuthenticatorRegistrationResponse.ts @@ -5,14 +5,11 @@ import { AuthenticatorChallengeRepositoryInterface } from '../../Authenticator/A import { AuthenticatorRepositoryInterface } from '../../Authenticator/AuthenticatorRepositoryInterface' import { Authenticator } from '../../Authenticator/Authenticator' import { VerifyAuthenticatorRegistrationResponseDTO } from './VerifyAuthenticatorRegistrationResponseDTO' -import { SettingName } from '@standardnotes/settings' -import { SettingServiceInterface } from '../../Setting/SettingServiceInterface' export class VerifyAuthenticatorRegistrationResponse implements UseCaseInterface { constructor( private authenticatorRepository: AuthenticatorRepositoryInterface, private authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface, - private settingService: SettingServiceInterface, private relyingPartyId: string, private expectedOrigin: string[], private requireUserVerification: boolean, @@ -25,15 +22,6 @@ export class VerifyAuthenticatorRegistrationResponse implements UseCaseInterface } const userUuid = userUuidOrError.getValue() - const mfaSecret = await this.settingService.findSettingWithDecryptedValue({ - userUuid: userUuid.value, - settingName: SettingName.MfaSecret, - }) - const twoFactorEnabled = mfaSecret !== null && mfaSecret.value !== null - if (!twoFactorEnabled) { - return Result.fail('Could not verify authenticator registration response: Fallback 2FA not enabled for user.') - } - const nameValidation = Validator.isNotEmpty(dto.name) if (nameValidation.isFailed()) { return Result.fail(`Could not verify authenticator registration response: ${nameValidation.getError()}`)