From 6ed82225e16e03f7582d70b07125b1e900b388af Mon Sep 17 00:00:00 2001
From: MiniDigger | Martin <admin@benndorf.dev>
Date: Fri, 26 Jan 2024 21:06:17 +0100
Subject: [PATCH] fix: oauth isn't a second factor, fixes backup codes not
 always being removed and fixes #1317

---
 .../hangar/components/auth/dao/UserCredentialDAO.java       | 4 ++--
 .../hangar/components/auth/service/CredentialsService.java  | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/backend/src/main/java/io/papermc/hangar/components/auth/dao/UserCredentialDAO.java b/backend/src/main/java/io/papermc/hangar/components/auth/dao/UserCredentialDAO.java
index 720fda100..d982e4fa1 100644
--- a/backend/src/main/java/io/papermc/hangar/components/auth/dao/UserCredentialDAO.java
+++ b/backend/src/main/java/io/papermc/hangar/components/auth/dao/UserCredentialDAO.java
@@ -41,8 +41,8 @@ public interface UserCredentialDAO {
     boolean update(long userId, JSONB credential, @EnumByOrdinal CredentialType type);
 
     @EnumByOrdinal
-    @SqlQuery("SELECT type FROM user_credentials WHERE user_id = :userId AND type != :password AND (type != :webAuthn OR (credential ->> 'credentials' IS NOT NULL AND jsonb_array_length(credential -> 'credentials') > 0))")
-    List<CredentialType> getAll(long userId, @EnumByOrdinal CredentialType password, @EnumByOrdinal CredentialType webAuthn);
+    @SqlQuery("SELECT type FROM user_credentials WHERE user_id = :userId AND type != :password AND type != :oauth AND (type != :webAuthn OR (credential ->> 'credentials' IS NOT NULL AND jsonb_array_length(credential -> 'credentials') > 0))")
+    List<CredentialType> getAll(long userId, @EnumByOrdinal CredentialType password, @EnumByOrdinal CredentialType webAuthn, @EnumByOrdinal CredentialType oauth);
 
     @UseStringTemplateEngine
     @RegisterConstructorMapper(value = UserCredentialTable.class, prefix = "uc")
diff --git a/backend/src/main/java/io/papermc/hangar/components/auth/service/CredentialsService.java b/backend/src/main/java/io/papermc/hangar/components/auth/service/CredentialsService.java
index 1917b416d..e79b3e8e0 100644
--- a/backend/src/main/java/io/papermc/hangar/components/auth/service/CredentialsService.java
+++ b/backend/src/main/java/io/papermc/hangar/components/auth/service/CredentialsService.java
@@ -56,7 +56,7 @@ public boolean updateCredential(final long userId, final Credential credential)
     }
 
     public List<CredentialType> getCredentialTypes(final long userId) {
-        return this.userCredentialDAO.getAll(userId, CredentialType.PASSWORD, CredentialType.WEBAUTHN);
+        return this.userCredentialDAO.getAll(userId, CredentialType.PASSWORD, CredentialType.WEBAUTHN, CredentialType.OAUTH);
     }
 
     public void verifyPassword(final long userId, final String password) {
@@ -126,14 +126,14 @@ public void verifyBackupCode(final long userId, final String code) {
 
     public void checkRemoveBackupCodes() {
         final List<CredentialType> credentialTypes = this.getCredentialTypes(this.getHangarPrincipal().getUserId());
-        if (credentialTypes.size() == 1 && credentialTypes.get(0) == CredentialType.BACKUP_CODES) {
+        if (credentialTypes.size() == 1 && credentialTypes.getFirst() == CredentialType.BACKUP_CODES) {
             this.removeCredential(this.getHangarPrincipal().getUserId(), CredentialType.BACKUP_CODES);
         }
     }
 
     public int getAal(final UserTable userTable) {
         final List<CredentialType> types = this.getCredentialTypes(userTable.getUserId());
-        if (types.isEmpty() || (types.size() == 1 && types.get(0) == CredentialType.BACKUP_CODES)) {
+        if (types.isEmpty() || (types.size() == 1 && types.getFirst() == CredentialType.BACKUP_CODES)) {
             return userTable.isEmailVerified() ? 1 : 0;
         } else {
             return 2;