Merge pull request #107 from PUFA-Computing/feat/2fa

fix: return 2fa column

Author: irfansaf

api/routes.go

@@ -56,7 +56,7 @@ func SetupRoutes() *gin.Engine {
 	versionUpdater := services.NewVersionUpdater(VersionService)
 	go versionUpdater.Run()
 
-	authHandlers := auth.NewAuthHandlers(authService, permissionService, MailgunService)
+	authHandlers := auth.NewAuthHandlers(authService, permissionService, MailgunService, userService)
 	userHandlers := user.NewUserHandlers(userService, permissionService, AWSService, R2Service)
 	eventHandlers := event.NewEventHandlers(eventService, permissionService, AWSService, R2Service)
 	newsHandlers := news.NewNewsHandler(newsService, permissionService, AWSService, R2Service)

internal/database/app/auth_database.go

@@ -35,7 +35,7 @@ func AuthenticateUser(usernameOrEmail string) (*models.User, error) {
 	var err error
 
 	query = `
-		SELECT id, username, password, first_name, middle_name, last_name, email, student_id, major, year, role_id, email_verification_token, institution_name, gender
+		SELECT id, username, password, first_name, middle_name, last_name, email, student_id, major, year, role_id, email_verification_token, institution_name, gender, email_verified, twofa_enabled, twofa_image, twofa_secret
 		FROM users
 		WHERE username = $1 OR email = $1`
 
@@ -46,7 +46,7 @@ func AuthenticateUser(usernameOrEmail string) (*models.User, error) {
 	).Scan(
 		&userID, &user.Username, &user.Password, &user.FirstName, &user.MiddleName, &user.LastName, &user.Email,
 		&user.StudentID, &user.Major, &user.Year, &user.RoleID, &user.EmailVerificationToken, &user.InstitutionName,
-		&user.Gender,
+		&user.Gender, &user.EmailVerified, &user.TwoFAEnabled, &user.TwoFAImage, &user.TwoFASecret,
 	)
 
 	if errors.Is(err, sql.ErrNoRows) {

internal/handlers/auth/auth_handlers.go

@@ -21,13 +21,15 @@ type Handlers struct {
 	AuthService       *services.AuthService
 	PermissionService *services.PermissionService
 	MailGunService    *services.MailgunService
+	UserService       *services.UserService
 }
 
-func NewAuthHandlers(authService *services.AuthService, permissionService *services.PermissionService, MailGunService *services.MailgunService) *Handlers {
+func NewAuthHandlers(authService *services.AuthService, permissionService *services.PermissionService, MailGunService *services.MailgunService, userService *services.UserService) *Handlers {
 	return &Handlers{
 		AuthService:       authService,
 		PermissionService: permissionService,
 		MailGunService:    MailGunService,
+		UserService:       userService,
 	}
 }
 
@@ -135,9 +137,11 @@ func validateEmail(email, suffix string) error {
 }
 
 func (h *Handlers) Login(c *gin.Context) {
-	var loginRequest models.User
-
-	log.Println("before bind json")
+	var loginRequest struct {
+		Username string  `json:"username"`
+		Password string  `json:"password"`
+		Passcode *string `json:"passcode"`
+	}
 
 	if err := c.BindJSON(&loginRequest); err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"success": false, "message": []string{err.Error()}})
@@ -153,6 +157,29 @@ func (h *Handlers) Login(c *gin.Context) {
 		return
 	}
 
+	// If there is no passcode, but 2FA is enabled, return otp required
+	if loginRequest.Passcode == nil {
+
+		if user.TwoFAEnabled {
+			c.JSON(http.StatusUnauthorized, gin.H{"success": false, "message": "Two Factor Authentication Required"})
+			return
+		}
+	}
+
+	if loginRequest.Passcode != nil {
+		if !user.TwoFAEnabled {
+			c.JSON(http.StatusBadRequest, gin.H{"success": false, "message": "2FA is not enabled for this account"})
+			return
+		}
+
+		_, err := h.UserService.VerifyTwoFA(user.ID, *loginRequest.Passcode)
+		if err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"success": false, "message": "Invalid 2FA Code"})
+			return
+		}
+
+	}
+
 	// Check if the usernameOrEmail is an email
 	if utils.IsEmail(loginRequest.Username) {
 		if err := h.AuthService.ValidateEmail(loginRequest.Username); err != nil {