[mfa] allow faking MFA in development

2022-01-15 21:50:52 +01:00 · 2022-01-15 21:50:52 +01:00 · da70790ec0
parent 70716e72a2
commit da70790ec0
1 changed files with 5 additions and 1 deletions
--- a/server/routes/mfa.js
+++ b/server/routes/mfa.js
@ -98,13 +98,17 @@ router.post('/mfa/validate', handleErrorAsync(async (req, res) => {

    const authenticator = (await findAuthenticatorsByUser(req.db, req.rawUser, 'mfa_secret'))[0];

-    const tokenValidates = speakeasy.totp.verify({
+    let tokenValidates = speakeasy.totp.verify({
        secret: authenticator.payload,
        encoding: 'base32',
        token: normalise(req.body.code),
        window: 6
    });

+    if (process.env.NODE_ENV === 'development' && normalise(req.body.code) === '999999') {
+        tokenValidates = true;
+    }
+
    if (!tokenValidates) {
        return res.json({error: 'user.code.invalid'});
    }