Address 2FA PR feedback

DJAndries · DJAndries · commit 103d501a68b0 · 2025-05-28T18:14:09.000-07:00
diff --git a/controllers/accounts.go b/controllers/accounts.go
@@ -395,7 +395,7 @@ func (ac *AccountsController) SetupPasswordFinalize2FA(w http.ResponseWriter, r
 		return
 	}
 
-	if err := ac.twoFAService.ProcessAuthRequest(registrationState, &requestData); err != nil {
+	if err := ac.twoFAService.ProcessChallenge(registrationState, &requestData); err != nil {
 		if errors.Is(err, util.ErrBadTOTPCode) || errors.Is(err, util.ErrBadRecoveryKey) {
 			util.RenderErrorResponse(w, r, http.StatusUnauthorized, err)
 			return
diff --git a/controllers/auth.go b/controllers/auth.go
@@ -460,7 +460,7 @@ func (ac *AuthController) LoginFinalize2FA(w http.ResponseWriter, r *http.Reques
 	}
 
 	// Process the 2FA authentication request
-	if err := ac.twoFAService.ProcessAuthRequest(loginState, &requestData); err != nil {
+	if err := ac.twoFAService.ProcessChallenge(loginState, &requestData); err != nil {
 		if errors.Is(err, util.ErrBadTOTPCode) || errors.Is(err, util.ErrBadRecoveryKey) || errors.Is(err, util.ErrTOTPCodeAlreadyUsed) {
 			util.RenderErrorResponse(w, r, http.StatusUnauthorized, err)
 			return
@@ -469,11 +469,6 @@ func (ac *AuthController) LoginFinalize2FA(w http.ResponseWriter, r *http.Reques
 		return
 	}
 
-	if err := ac.ds.DeleteInterimPasswordState(loginState.ID); err != nil {
-		util.RenderErrorResponse(w, r, http.StatusInternalServerError, err)
-		return
-	}
-
 	// Create a session and return an auth token
 	authToken, err := ac.createSessionAndToken(*loginState.AccountID, r.UserAgent())
 	if err != nil {
diff --git a/services/twofa.go b/services/twofa.go
@@ -101,8 +101,8 @@ func (t *TwoFAService) DisableTwoFA(accountID uuid.UUID) error {
 	return nil
 }
 
-// ProcessAuthRequest verifies either TOTP code or recovery key for an account
-func (t *TwoFAService) ProcessAuthRequest(loginState *datastore.InterimPasswordState, req *TwoFAAuthRequest) error {
+// ProcessChallenge verifies either TOTP code or recovery key for an account
+func (t *TwoFAService) ProcessChallenge(loginState *datastore.InterimPasswordState, req *TwoFAAuthRequest) error {
 	// Verify either TOTP code or recovery key
 	if req.TOTPCode != nil {
 		// Verify TOTP code
@@ -119,6 +119,10 @@ func (t *TwoFAService) ProcessAuthRequest(loginState *datastore.InterimPasswordS
 		}
 	}
 
+	if err := t.ds.DeleteInterimPasswordState(loginState.ID); err != nil {
+		return err
+	}
+
 	return nil
 }
 

Original file line number	Diff line number	Diff line change
`@@ -395,7 +395,7 @@ func (ac *AccountsController) SetupPasswordFinalize2FA(w http.ResponseWriter, r`
`395`	`395`	`return`
`396`	`396`	`}`
`397`	`397`
`398`		`- if err := ac.twoFAService.ProcessAuthRequest(registrationState, &requestData); err != nil {`
	`398`	`+ if err := ac.twoFAService.ProcessChallenge(registrationState, &requestData); err != nil {`
`399`	`399`	`if errors.Is(err, util.ErrBadTOTPCode) \|\| errors.Is(err, util.ErrBadRecoveryKey) {`
`400`	`400`	`util.RenderErrorResponse(w, r, http.StatusUnauthorized, err)`
`401`	`401`	`return`
Original file line number	Diff line number	Diff line change
`@@ -101,8 +101,8 @@ func (t *TwoFAService) DisableTwoFA(accountID uuid.UUID) error {`
`101`	`101`	`return nil`
`102`	`102`	`}`
`103`	`103`
`104`		`-// ProcessAuthRequest verifies either TOTP code or recovery key for an account`
`105`		`-func (t TwoFAService) ProcessAuthRequest(loginState datastore.InterimPasswordState, req *TwoFAAuthRequest) error {`
	`104`	`+// ProcessChallenge verifies either TOTP code or recovery key for an account`
	`105`	`+func (t TwoFAService) ProcessChallenge(loginState datastore.InterimPasswordState, req *TwoFAAuthRequest) error {`
`106`	`106`	`// Verify either TOTP code or recovery key`
`107`	`107`	`if req.TOTPCode != nil {`
`108`	`108`	`// Verify TOTP code`
`@@ -119,6 +119,10 @@ func (t TwoFAService) ProcessAuthRequest(loginState datastore.InterimPasswordS`
`119`	`119`	`}`
`120`	`120`	`}`
`121`	`121`
	`122`	`+ if err := t.ds.DeleteInterimPasswordState(loginState.ID); err != nil {`
	`123`	`+ return err`
	`124`	`+ }`
	`125`	`+`
`122`	`126`	`return nil`
`123`	`127`	`}`
`124`	`128`