adapter.find('email', req.session.email, function(err, user) { if (err) return next(err); var token = req.body.token; var key = user.twoFactorKey; var valid = utils.verify(token, key); if (valid) { // update user in db user.twoFactorEnabled = true; adapter.update(user, function(err, user) { if (err) return next(err); res.send('two-factor auth now enabled.\n log out and back in'); }); return; } var options = { key: key, email: req.session.email }; var qr = utils.qr(options); res.render('settings', { title: 'Settings', qr: qr, error: 'Token invalid' }); });
adapter.find('email', email, function(err, user) { if (err) return next(err); var key = user && user.twoFactorKey; // verify POSTed token var valid = utils.verify(token, key); // redirect to /login if invalid if (!valid) { // destroy current session return utils.destroy(req, function() { // send only JSON when REST is active if (config.rest) return res.send(401); res.redirect(loginRoute + '?redirect=' + target); }); } // token seems to be fine // user is now logged in req.session.loggedIn = true; // emit 'login' event that.emit('login', user, res, target); // let lockit handle the response if (config.login.handleResponse) { // send only JSON when REST is active if (config.rest) return res.send(204); // redirect to target url res.redirect(target); } });