fix: totp login

server/authenticators/providers/providers.go

@@ -8,8 +8,10 @@ type AuthenticatorConfig struct {
 	ScannerImage string
 	// Secrets is the secret key
 	Secret string
-	// RecoveryCode is the secret key
+	// RecoveryCode is the list of recovery codes
 	RecoveryCodes []string
+	// RecoveryCodeMap is the map of recovery codes
+	RecoveryCodeMap map[string]bool
 }
 
 // Provider defines authenticators provider

server/authenticators/providers/totp/totp.go

@@ -4,12 +4,12 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
-	"fmt"
 	"image/png"
 	"time"
 
 	"github.com/google/uuid"
 	"github.com/pquerna/otp/totp"
+	log "github.com/sirupsen/logrus"
 
 	"github.com/authorizerdev/authorizer/server/authenticators/providers"
 	"github.com/authorizerdev/authorizer/server/constants"
@@ -22,30 +22,26 @@ import (
 // Generate generates a Time-Based One-Time Password (TOTP) for a user and returns the base64-encoded QR code for frontend display.
 func (p *provider) Generate(ctx context.Context, id string) (*providers.AuthenticatorConfig, error) {
 	var buf bytes.Buffer
-
 	//get user details
 	user, err := db.Provider.GetUserByID(ctx, id)
 	if err != nil {
-		return nil, fmt.Errorf("error while getting user details")
+		return nil, err
 	}
-
 	// generate totp, Authenticators hash is valid for 30 seconds
 	key, err := totp.Generate(totp.GenerateOpts{
 		Issuer:      "authorizer",
 		AccountName: refs.StringValue(user.Email),
 	})
 	if err != nil {
-		return nil, fmt.Errorf("error while genrating totp")
+		return nil, err
 	}
-
 	//generating image for key and encoding to base64 for displaying in frontend
 	img, err := key.Image(200, 200)
 	if err != nil {
-		return nil, fmt.Errorf("error while creating qr image for totp")
+		return nil, err
 	}
 	png.Encode(&buf, img)
 	encodedText := crypto.EncryptB64(buf.String())
-
 	secret := key.Secret()
 	recoveryCodes := []string{}
 	for i := 0; i < 10; i++ {
@@ -59,24 +55,40 @@ func (p *provider) Generate(ctx context.Context, id string) (*providers.Authenti
 	// Converting recoveryCodesMap to string
 	jsonData, err := json.Marshal(recoverCodesMap)
 	if err != nil {
-		return nil, fmt.Errorf("error while converting recoveryCodes to string")
+		return nil, err
 	}
 	recoveryCodesString := string(jsonData)
-
 	totpModel := &models.Authenticator{
 		Secret:        secret,
 		RecoveryCodes: refs.NewStringRef(recoveryCodesString),
 		UserID:        user.ID,
 		Method:        constants.EnvKeyTOTPAuthenticator,
 	}
-	_, err = db.Provider.AddAuthenticator(ctx, totpModel)
+	authenticator, err := db.Provider.GetAuthenticatorDetailsByUserId(ctx, user.ID, constants.EnvKeyTOTPAuthenticator)
 	if err != nil {
-		return nil, fmt.Errorf("error while inserting into totp table")
+		log.Debug("Failed to get authenticator details by user id, creating new record: ", err)
+		// continue
+	}
+	if authenticator == nil {
+		// if authenticator is nil then create new authenticator
+		_, err = db.Provider.AddAuthenticator(ctx, totpModel)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		authenticator.Secret = secret
+		authenticator.RecoveryCodes = refs.NewStringRef(recoveryCodesString)
+		// if authenticator is not nil then update authenticator
+		_, err = db.Provider.UpdateAuthenticator(ctx, authenticator)
+		if err != nil {
+			return nil, err
+		}
 	}
 	return &providers.AuthenticatorConfig{
-		ScannerImage:  encodedText,
-		Secret:        secret,
-		RecoveryCodes: recoveryCodes,
+		ScannerImage:    encodedText,
+		Secret:          secret,
+		RecoveryCodes:   recoveryCodes,
+		RecoveryCodeMap: recoverCodesMap,
 	}, nil
 }
 
@@ -85,22 +97,18 @@ func (p *provider) Validate(ctx context.Context, passcode string, userID string)
 	// get totp details
 	totpModel, err := db.Provider.GetAuthenticatorDetailsByUserId(ctx, userID, constants.EnvKeyTOTPAuthenticator)
 	if err != nil {
-		return false, fmt.Errorf("error while getting totp details from authenticators")
+		return false, err
 	}
-
+	// validate totp
 	status := totp.Validate(passcode, totpModel.Secret)
 	// checks if user not signed in for totp and totp code is correct then VerifiedAt will be stored in db
-	if totpModel.VerifiedAt == nil {
-		if status {
-			timeNow := time.Now().Unix()
-			totpModel.VerifiedAt = &timeNow
-			_, err = db.Provider.UpdateAuthenticator(ctx, totpModel)
-			if err != nil {
-				return false, fmt.Errorf("error while updaing authenticator table for totp")
-			}
-			return status, nil
+	if totpModel.VerifiedAt == nil && status {
+		timeNow := time.Now().Unix()
+		totpModel.VerifiedAt = &timeNow
+		_, err = db.Provider.UpdateAuthenticator(ctx, totpModel)
+		if err != nil {
+			return false, err
 		}
-		return status, nil
 	}
 	return status, nil
 }