allow backup code input for totp

2026-01-29 06:10:47 +00:00 · 2024-12-22 17:20:24 -05:00
parent 11cbafb92a
commit 4b34353354
4 changed files with 10 additions and 5 deletions
--- a/server/auth/2fa.ts
+++ b/server/auth/2fa.ts
@@ -11,7 +11,9 @@ export async function verifyTotpCode(
    secret: string,
    userId: string
 ): Promise<boolean> {
-    if (code.length !== 6) {
+    // if code is digits only, it's totp
+    const isTotp = /^\d+$/.test(code);
+    if (!isTotp) {
        const validBackupCode = await verifyBackUpCode(code, userId);
        return validBackupCode;
    } else {
--- a/server/routers/auth/verifyTotp.ts
+++ b/server/routers/auth/verifyTotp.ts
@@ -118,7 +118,7 @@ export async function verifyTotp(
 async function generateBackupCodes(): Promise<string[]> {
    const codes = [];
    for (let i = 0; i < 10; i++) {
-        const code = generateRandomString(8, alphabet("0-9", "A-Z", "a-z"));
+        const code = generateRandomString(6, alphabet("0-9", "A-Z", "a-z"));
        codes.push(code);
    }
    return codes;