mozilla
diff --git a/‎db-server/index.js‎
Lines changed: 3 additions & 0 deletions b/‎db-server/index.js‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎db-server/lib/error.js‎
Lines changed: 11 additions & 0 deletions b/‎db-server/lib/error.js‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎db-server/test/backend/db_tests.js‎
Lines changed: 85 additions & 6 deletions b/‎db-server/test/backend/db_tests.js‎
Lines changed: 85 additions & 6 deletions
diff --git a/‎db-server/test/backend/remote.js‎
Lines changed: 58 additions & 6 deletions b/‎db-server/test/backend/remote.js‎
Lines changed: 58 additions & 6 deletions
diff --git a/‎db-server/test/fake.js‎
Lines changed: 3 additions & 1 deletion b/‎db-server/test/fake.js‎
Lines changed: 3 additions & 1 deletion
@@ -97,6 +97,7 @@ function createServer(db) {
       return db.deleteEmail(req.params.id, req.params.email)
     })
   )
+
   api.get('/email/:email',
     op(function (req) {
       return db.getSecondaryEmail(Buffer(req.params.email, 'hex'))
@@ -125,6 +126,7 @@ function createServer(db) {
 
   api.get('/keyFetchToken/:id/verified', withIdAndBody(db.keyFetchTokenWithVerificationStatus))
   api.post('/tokens/:id/verify', withIdAndBody(db.verifyTokens))
+  api.post('/tokens/:id/verifyWith', withIdAndBody(db.verifyTokensWithMethod))
   api.post('/tokens/:code/verifyCode', withParamsAndBody(db.verifyTokenCode))
 
   api.get('/accountResetToken/:id', withIdAndBody(db.accountResetToken))
@@ -156,6 +158,7 @@ function createServer(db) {
   api.get('/totp/:id', withIdAndBody(db.totpToken))
   api.del('/totp/:id', withIdAndBody(db.deleteTotpToken))
   api.put('/totp/:id', withIdAndBody(db.createTotpToken))
+  api.post('/totp/:id/update', withIdAndBody(db.updateTotpToken))
 
   api.get('/__heartbeat__', withIdAndBody(db.ping))
 
 
@@ -72,6 +72,17 @@ AppError.expiredTokenVerificationCode = function () {
   )
 }
 
+AppError.invalidVerificationMethod = function () {
+  return new AppError(
+    {
+      code: 400,
+      error: 'Bad request',
+      errno: 138,
+      message: 'Invalid verification method'
+    }
+  )
+}
+
 AppError.wrap = function (err) {
   return new AppError(
     {
 
@@ -353,7 +353,7 @@ module.exports = function (config, DB) {
             assert.deepEqual(token.emailCode, accountData.emailCode, 'token emailCode same as account emailCode')
             assert.equal(token.verifierSetAt, accountData.verifierSetAt, 'verifierSetAt is correct')
             assert.equal(token.accountCreatedAt, accountData.createdAt, 'accountCreatedAt is correct')
-            assert.equal(!! token.mustVerify, !! sessionTokenData.mustVerify, 'mustVerify is set')
+            assert.equal(token.mustVerify, sessionTokenData.mustVerify, 'mustVerify is set')
             assert.deepEqual(token.tokenVerificationId, sessionTokenData.tokenVerificationId, 'tokenVerificationId is set')
           })
       })
@@ -403,7 +403,7 @@ module.exports = function (config, DB) {
             assert.deepEqual(token.emailCode, accountData.emailCode, 'token emailCode same as account emailCode')
             assert.equal(token.verifierSetAt, accountData.verifierSetAt, 'verifierSetAt is correct')
             assert.equal(token.accountCreatedAt, accountData.createdAt, 'accountCreatedAt is correct')
-            assert.equal(!! token.mustVerify, !! sessionTokenData.mustVerify, 'mustVerify is correct')
+            assert.equal(token.mustVerify, sessionTokenData.mustVerify, 'mustVerify is correct')
             assert.deepEqual(token.tokenVerificationId, sessionTokenData.tokenVerificationId, 'tokenVerificationId is correct')
 
           })
@@ -418,7 +418,7 @@ module.exports = function (config, DB) {
             return db.sessionToken(sessionTokenData.tokenId)
           })
           .then((token) => {
-            assert.equal(!! token.mustVerify, !! sessionTokenData.mustVerify, 'mustVerify is correct')
+            assert.equal(token.mustVerify, sessionTokenData.mustVerify, 'mustVerify is correct')
             assert.deepEqual(token.tokenVerificationId, sessionTokenData.tokenVerificationId, 'tokenVerificationId is correct')
           })
       })
@@ -432,7 +432,7 @@ module.exports = function (config, DB) {
             return db.sessionToken(sessionTokenData.tokenId)
           })
           .then((token) => {
-            assert.equal(!! token.mustVerify, !! sessionTokenData.mustVerify, 'mustVerify is correct')
+            assert.equal(token.mustVerify, sessionTokenData.mustVerify, 'mustVerify is correct')
             assert.deepEqual(token.tokenVerificationId, sessionTokenData.tokenVerificationId, 'tokenVerificationId is correct')
           })
       })
@@ -443,7 +443,7 @@ module.exports = function (config, DB) {
             return db.sessionToken(sessionTokenData.tokenId)
           }, assert.fail)
           .then((token) => {
-            assert.equal(token.mustVerify, null, 'mustVerify is null')
+            assert.equal(!! token.mustVerify, false, 'mustVerify is null')
             assert.equal(token.tokenVerificationId, null, 'tokenVerificationId is null')
           })
       })
@@ -1761,7 +1761,7 @@ module.exports = function (config, DB) {
           })
           .then((session) => {
             // Returns verified session
-            assert.equal(session.mustVerify, null, 'mustVerify is not set')
+            assert.equal(!! session.mustVerify, false, 'mustVerify is false')
             assert.equal(session.tokenVerificationId, null, 'tokenVerificationId is not set')
             assert.equal(session.tokenVerificationCodeHash, null, 'tokenVerificationCodeHash is not set')
             assert.equal(session.tokenVerificationCodeExpiresAt, null, 'tokenVerificationCodeExpiresAt is not set')
@@ -1835,6 +1835,8 @@ module.exports = function (config, DB) {
           .then((token) => {
             assert.equal(token.sharedSecret, sharedSecret, 'correct sharedSecret')
             assert.equal(token.epoch, epoch, 'correct epoch')
+            assert.equal(token.verified, false, 'correct verified')
+            assert.equal(token.enabled, true, 'correct enabled')
           })
       })
 
@@ -1862,6 +1864,83 @@ module.exports = function (config, DB) {
               })
           })
       })
+
+      it('should update totp token', () => {
+        return db.updateTotpToken(accountData.uid, {verified: true, enabled: true})
+          .then((result) => {
+            assert.ok(result)
+            return db.totpToken(accountData.uid)
+              .then((token) => {
+                assert.equal(token.sharedSecret, sharedSecret, 'correct sharedSecret')
+                assert.equal(token.epoch, epoch, 'correct epoch')
+                assert.equal(token.verified, true, 'correct verified')
+                assert.equal(token.enabled, true, 'correct enable')
+              })
+          })
+      })
+
+      it('should fail to update unknown totp token', () => {
+        return db.updateTotpToken(newUuid(), {verified: true, enabled: true})
+          .then(assert.fail, (err) => {
+            assert.equal(err.errno, 116, 'correct errno, not found')
+          })
+      })
+    })
+
+    describe('db.verifyTokensWithMethod', () => {
+      let account, sessionToken, tokenId
+      before(() => {
+        account = createAccount()
+        account.emailVerified = true
+        tokenId = hex32()
+        sessionToken = makeMockSessionToken(account.uid, false)
+        return db.createAccount(account.uid, account)
+          .then(() => db.createSessionToken(tokenId, sessionToken))
+          .then(() => db.sessionToken(tokenId))
+          .then((session) => {
+            // Returns unverified session
+            assert.equal(session.tokenVerificationId.toString('hex'), sessionToken.tokenVerificationId.toString('hex'), 'tokenVerificationId must match sessionToken')
+            assert.equal(session.verificationMethod, undefined, 'verificationMethod not set')
+          })
+      })
+
+      it('should fail to verify with unknown sessionId', () => {
+        const verifyOptions = {
+          verificationMethod: 'totp-2fa'
+        }
+        return db.verifyTokensWithMethod(hex32(), verifyOptions)
+          .then(assert.fail, (err) => {
+            assert.equal(err.errno, 116, 'correct errno, not found')
+          })
+      })
+
+      it('should fail to verify unknown verification method', () => {
+        const verifyOptions = {
+          verificationMethod: 'super-invalid-method'
+        }
+        return db.verifyTokensWithMethod(tokenId, verifyOptions)
+          .then(assert.fail, (err) => {
+            assert.equal(err.errno, 138, 'correct errno, invalid verification method')
+          })
+      })
+
+      it('should verify with verification method', () => {
+        const verifyOptions = {
+          verificationMethod: 'totp-2fa'
+        }
+        return db.verifyTokensWithMethod(tokenId, verifyOptions)
+          .then((res) => {
+            assert.ok(res)
+
+            // Ensure session really has been verified and correct methods set
+            return db.sessionToken(tokenId)
+          })
+          .then((session) => {
+            assert.equal(session.tokenVerificationId, undefined, 'tokenVerificationId must be undefined')
+            assert.equal(session.verificationMethod, 2, 'verificationMethod set')
+            assert.ok(session.verifiedAt, 'verifiedAt set')
+          })
+      })
     })
 
     after(() => db.close())
 
@@ -372,7 +372,7 @@ module.exports = function(cfg, makeServer) {
             assert.deepEqual(token.emailCode, user.account.emailCode, 'token emailCode same as account emailCode')
             assert(token.verifierSetAt, 'verifierSetAt is set to a truthy value')
             assert(token.accountCreatedAt > 0, 'accountCreatedAt is positive number')
-            assert.equal(!! token.mustVerify, !! user.sessionToken.mustVerify, 'mustVerify is correct')
+            assert.equal(token.mustVerify, user.sessionToken.mustVerify, 'mustVerify is correct')
             assert.equal(token.tokenVerificationId, user.sessionToken.tokenVerificationId, 'tokenVerificationId is correct')
 
             // Create a verified session token
@@ -403,7 +403,7 @@ module.exports = function(cfg, makeServer) {
             assert.deepEqual(token.emailCode, verifiedUser.account.emailCode, 'token emailCode same as account emailCode')
             assert(token.verifierSetAt, 'verifierSetAt is set to a truthy value')
             assert(token.accountCreatedAt > 0, 'accountCreatedAt is positive number')
-            assert.equal(token.mustVerify, null, 'mustVerify is null')
+            assert.equal(token.mustVerify, true, 'mustVerify is true')
             assert.equal(token.tokenVerificationId, null, 'tokenVerificationId is null')
 
             // Attempt to verify a non-existent session token
@@ -436,7 +436,7 @@ module.exports = function(cfg, makeServer) {
             return client.getThen('/sessionToken/' + user.sessionTokenId)
           })
           .then(function(r) {
-            assert.equal(r.obj.mustVerify, null, 'mustVerify is null')
+            assert.equal(!! r.obj.mustVerify, true, 'mustVerify is true')
             assert.equal(r.obj.tokenVerificationId, null, 'tokenVerificationId is null')
 
             // Attempt to verify the session token again
@@ -1524,8 +1524,8 @@ module.exports = function(cfg, makeServer) {
             .spread((sessionTokenResp, keyFetchTokenResp) => {
               respOk(sessionTokenResp)
               respOk(keyFetchTokenResp)
-              const sessionToken = sessionTokenResp
-              const keyFetchToken = keyFetchTokenResp
+              const sessionToken = sessionTokenResp.obj
+              const keyFetchToken = keyFetchTokenResp.obj
               assert.equal(sessionToken.tokenVerificationId, null, 'tokenVerificationCodeHash not set')
               assert.equal(sessionToken.tokenVerificationCodeHash, null, 'tokenVerificationCodeHash not set')
               assert.equal(sessionToken.tokenVerificationCodeExpiresAt, null, 'tokenVerificationCodeExpiresAt not set')
@@ -1537,7 +1537,6 @@ module.exports = function(cfg, makeServer) {
 
     describe('totp tokens', () => {
       let user
-
       beforeEach(() => {
         user = fake.newUserDataHex()
         return client.putThen('/account/' + user.accountId, user.account)
@@ -1554,6 +1553,8 @@ module.exports = function(cfg, makeServer) {
             const result = r.obj
             assert.equal(result.sharedSecret, user.totp.sharedSecret, 'sharedSecret set')
             assert.equal(result.epoch, user.totp.epoch, 'epoch set')
+            assert.equal(result.verified, user.totp.verified, 'verified set')
+            assert.equal(result.enabled, user.totp.enabled, 'enabled set')
           })
       })
 
@@ -1565,6 +1566,57 @@ module.exports = function(cfg, makeServer) {
               .then(assert.fail, (err) => testNotFound(err))
           })
       })
+
+      it('should update totp token', () => {
+        const totpOptions = {
+          verified: true,
+          enabled: true
+        }
+        return client.postThen('/totp/' + user.accountId + '/update', totpOptions)
+          .then((r) => {
+            respOkEmpty(r)
+            return client.getThen('/totp/' + user.accountId)
+              .then((r) => {
+                const result = r.obj
+                assert.equal(result.sharedSecret, user.totp.sharedSecret, 'sharedSecret set')
+                assert.equal(result.epoch, user.totp.epoch, 'epoch set')
+                assert.equal(result.verified, totpOptions.verified, 'verified set')
+                assert.equal(result.enabled, user.totp.enabled, 'enable set')
+              })
+          })
+      })
+    })
+
+    describe('should set session verification method', () => {
+      let user
+      beforeEach(() => {
+        user = fake.newUserDataHex()
+        return client.putThen('/account/' + user.accountId, user.account)
+          .then((r) => {
+            respOkEmpty(r)
+            return client.putThen('/totp/' + user.accountId, user.totp)
+          })
+          .then((r) => respOkEmpty(r))
+          .then(() => client.putThen('/sessionToken/' + user.sessionTokenId, user.sessionToken))
+          .then((res) => respOkEmpty(res))
+      })
+
+      it('set session verification method', () => {
+        const verifyOptions = {
+          verificationMethod: 'totp-2fa',
+        }
+        return client.postThen('/tokens/' + user.sessionTokenId + '/verifyWith', verifyOptions)
+          .then((res) => {
+            respOkEmpty(res)
+            return client.getThen('/sessionToken/' + user.sessionTokenId + '/device')
+          })
+          .then((sessionToken) => {
+            sessionToken = sessionToken.obj
+            assert.equal(sessionToken.verificationMethod, 2, 'verificationMethod set')
+            assert.ok(sessionToken.verifiedAt, 'verifiedAt set')
+          })
+      })
+
     })
 
     after(() => server.close())
 
@@ -128,7 +128,9 @@ module.exports.newUserDataHex = function() {
 
   data.totp = {
     sharedSecret: hex(10),
-    epoch: 0
+    epoch: 0,
+    verified: false,
+    enabled: true
   }
 
   return data
Original file line number	Diff line number	Diff line change
`@@ -72,6 +72,17 @@ AppError.expiredTokenVerificationCode = function () {`
`72`	`72`	`)`
`73`	`73`	`}`
`74`	`74`
	`75`	`+AppError.invalidVerificationMethod = function () {`
	`76`	`+ return new AppError(`
	`77`	`+ {`
	`78`	`+ code: 400,`
	`79`	`+ error: 'Bad request',`
	`80`	`+ errno: 138,`
	`81`	`+ message: 'Invalid verification method'`
	`82`	`+ }`
	`83`	`+ )`
	`84`	`+}`
	`85`	`+`
`75`	`86`	`AppError.wrap = function (err) {`
`76`	`87`	`return new AppError(`
`77`	`88`	`{`
Original file line number	Diff line number	Diff line change
`@@ -128,7 +128,9 @@ module.exports.newUserDataHex = function() {`
`128`	`128`
`129`	`129`	`data.totp = {`
`130`	`130`	`sharedSecret: hex(10),`
`131`		`- epoch: 0`
	`131`	`+ epoch: 0,`
	`132`	`+ verified: false,`
	`133`	`+ enabled: true`
`132`	`134`	`}`
`133`	`135`
`134`	`136`	`return data`