CoreID/app/controllers/auth/MFA.controller.js

const { Controller } = require('libflitter')

class MFAController extends Controller {
    static get services() {
        return [...super.services, 'Vue', 'configs', 'models']
    }

    async setup(req, res, next) {
        if ( req.user.mfa_enabled ) {
            // Already set up!
            return this.Vue.auth_message(res, {
                message: 'It looks like your account is already set up for multi-factor authentication. Unable to continue with MFA setup.',
                next_destination: '/', // TODO update this
                button_text: 'Okay',
            })
        }

        // Display the token setup page
        return res.page('auth:mfa:setup', {
            ...this.Vue.data()
        })
    }

    async challenge(req, res, next) {
        if ( !req.user.mfa_enabled ) {
            return this.Vue.auth_message(res, {
                message: 'Your account is not configured to use multi-factor authentication. Would you like to configure it now?',
                next_destination: '/auth/mfa/setup',
                button_text: 'Setup MFA',
            })
        }

        if ( !req.trap.has_trap('mfa_challenge') ) {
            return res.redirect(req.session.auth.flow)
        }

        // Display the MFA challenge page
        return res.page('auth:mfa:challenge', {
            ...this.Vue.data()
        })
    }

    async get_disable(req, res, next) {
        return this.Vue.confirm(res, {
            message: `You are about to disable multi-factor authentication for your account. This process will require you to re-authenticate to continue. <br><br> Proceed?`,
            yes: '/auth/mfa/disable/process',
            no: '/dash/profile',
        })
    }

    async do_disable(req, res, next) {
        return res.page('auth:mfa:disable', {
            ...this.Vue.data(),
            ...this.Vue.session(req),
        })
    }

    async get_recovery(req, res, next) {
        if (
            !req.user.mfa_enabled
            || !Array.isArray(req.user.mfa_token.recovery_codes)
            || req.user.mfa_token.recovery_codes.length < 1
        ) return this.Vue.auth_message(res, {
            message: 'Unfortunately, it looks like your account does not have any MFA recovery codes generated.',
            next_destination: '/auth/mfa/challenge',
            button_text: 'Go Back',
        })

        return res.page('auth:mfa:recovery', {
            ...this.Vue.data(),
            ...this.Vue.session(req),
        })
    }
}

module.exports = exports = MFAController