jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add passkey support

Browse Source
This commit is contained in:
Johannes Zellner
2026-02-12 21:10:51 +01:00
parent 3e09bef613
commit 5724ca73b4
16 changed files with 992 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/users.js
+5
View File
@@ -84,6 +84,7 @@ const appPasswords = require('./apppasswords.js'),
mysql = require('mysql2'),
notifications = require('./notifications'),
oidcClients = require('./oidcclients.js'),
passkeys = require('./passkeys.js'),
qrcode = require('qrcode'),
safe = require('safetydance'),
settings = require('./settings.js'),
@@ -977,6 +978,10 @@ async function enableTwoFactorAuthentication(user, totpToken, auditSource) {
const externalLdapConfig = await externalLdap.getConfig();
if (user.source === 'ldap' && externalLdap.supports2FA(externalLdapConfig)) throw new BoxError(BoxError.BAD_STATE, 'Cannot enable 2FA of external auth user');
// Cannot enable TOTP if user has a passkey (user must choose one or the other)
const userPasskeys = await passkeys.list(user.id);
if (userPasskeys.length > 0) throw new BoxError(BoxError.ALREADY_EXISTS, 'Cannot enable TOTP when passkey is registered');
const verified = speakeasy.totp.verify({ secret: user.twoFactorAuthenticationSecret, encoding: 'base32', token: totpToken, window: 2 });
if (!verified) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'Invalid 2FA code');