fix: oauth isn't a second factor, fixes backup codes not always being…

… removed and fixes #1317
HangarMC · Jan 26, 2024 · 6ed8222 · 6ed8222
1 parent 0d738d5
commit 6ed8222
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/backend/src/main/java/io/papermc/hangar/components/auth/dao/UserCredentialDAO.java b/backend/src/main/java/io/papermc/hangar/components/auth/dao/UserCredentialDAO.java
@@ -41,8 +41,8 @@ public interface UserCredentialDAO {
     boolean update(long userId, JSONB credential, @EnumByOrdinal CredentialType type);
 
     @EnumByOrdinal
-    @SqlQuery("SELECT type FROM user_credentials WHERE user_id = :userId AND type != :password AND (type != :webAuthn OR (credential ->> 'credentials' IS NOT NULL AND jsonb_array_length(credential -> 'credentials') > 0))")
-    List<CredentialType> getAll(long userId, @EnumByOrdinal CredentialType password, @EnumByOrdinal CredentialType webAuthn);
+    @SqlQuery("SELECT type FROM user_credentials WHERE user_id = :userId AND type != :password AND type != :oauth AND (type != :webAuthn OR (credential ->> 'credentials' IS NOT NULL AND jsonb_array_length(credential -> 'credentials') > 0))")
+    List<CredentialType> getAll(long userId, @EnumByOrdinal CredentialType password, @EnumByOrdinal CredentialType webAuthn, @EnumByOrdinal CredentialType oauth);
 
     @UseStringTemplateEngine
     @RegisterConstructorMapper(value = UserCredentialTable.class, prefix = "uc")

diff --git a/backend/src/main/java/io/papermc/hangar/components/auth/service/CredentialsService.java b/backend/src/main/java/io/papermc/hangar/components/auth/service/CredentialsService.java
@@ -56,7 +56,7 @@ public boolean updateCredential(final long userId, final Credential credential)
     }
 
     public List<CredentialType> getCredentialTypes(final long userId) {
-        return this.userCredentialDAO.getAll(userId, CredentialType.PASSWORD, CredentialType.WEBAUTHN);
+        return this.userCredentialDAO.getAll(userId, CredentialType.PASSWORD, CredentialType.WEBAUTHN, CredentialType.OAUTH);
     }
 
     public void verifyPassword(final long userId, final String password) {
@@ -126,14 +126,14 @@ public void verifyBackupCode(final long userId, final String code) {
 
     public void checkRemoveBackupCodes() {
         final List<CredentialType> credentialTypes = this.getCredentialTypes(this.getHangarPrincipal().getUserId());
-        if (credentialTypes.size() == 1 && credentialTypes.get(0) == CredentialType.BACKUP_CODES) {
+        if (credentialTypes.size() == 1 && credentialTypes.getFirst() == CredentialType.BACKUP_CODES) {
             this.removeCredential(this.getHangarPrincipal().getUserId(), CredentialType.BACKUP_CODES);
         }
     }
 
     public int getAal(final UserTable userTable) {
         final List<CredentialType> types = this.getCredentialTypes(userTable.getUserId());
-        if (types.isEmpty() || (types.size() == 1 && types.get(0) == CredentialType.BACKUP_CODES)) {
+        if (types.isEmpty() || (types.size() == 1 && types.getFirst() == CredentialType.BACKUP_CODES)) {
             return userTable.isEmailVerified() ? 1 : 0;
         } else {
             return 2;