Require 2FA token in order to disiable 2FA. Added 2FA recovery code to data/domain model and exposed recover and regenerate 2FA APIs

2025-07-02 16:42:50 -05:00 · 2016-11-14 21:13:53 -05:00
parent 17f8d0f677
commit e68ed04f77
8 changed files with 104 additions and 23 deletions
--- a/Procedures/User_Update.sql
+++ b/Procedures/User_Update.sql
@ -10,6 +10,7 @@
    @TwoFactorEnabled BIT,
    @TwoFactorProvider TINYINT,
    @AuthenticatorKey NVARCHAR(50),
+    @TwoFactorRecoveryCode NVARCHAR(32),
    @CreationDate DATETIME2(7),
    @RevisionDate DATETIME2(7)
 AS
@ -29,6 +30,7 @@ BEGIN
        [TwoFactorEnabled] = @TwoFactorEnabled,
        [TwoFactorProvider] = @TwoFactorProvider,
        [AuthenticatorKey] = @AuthenticatorKey,
+        [TwoFactorRecoveryCode] = @TwoFactorRecoveryCode,
        [CreationDate] = @CreationDate,
        [RevisionDate] = @RevisionDate
    WHERE
--- a/src/Sql/dbo/Tables/User.sql
+++ b/src/Sql/dbo/Tables/User.sql
@ -1,17 +1,18 @@
 CREATE TABLE [dbo].[User] (
-    [Id]                 UNIQUEIDENTIFIER NOT NULL,
-    [Name]               NVARCHAR (50)    NULL,
-    [Email]              NVARCHAR (50)    NOT NULL,
-    [EmailVerified]      BIT              NOT NULL,
-    [MasterPassword]     NVARCHAR (300)   NOT NULL,
-    [MasterPasswordHint] NVARCHAR (50)    NULL,
-    [Culture]            NVARCHAR (10)    NOT NULL,
-    [SecurityStamp]      NVARCHAR (50)    NOT NULL,
-    [TwoFactorEnabled]   BIT              NOT NULL,
-    [TwoFactorProvider]  TINYINT          NULL,
-    [AuthenticatorKey]   NVARCHAR (50)    NULL,
-    [CreationDate]       DATETIME2 (7)    NOT NULL,
-    [RevisionDate]       DATETIME2 (7)    NOT NULL,
+    [Id]                    UNIQUEIDENTIFIER NOT NULL,
+    [Name]                  NVARCHAR (50)    NULL,
+    [Email]                 NVARCHAR (50)    NOT NULL,
+    [EmailVerified]         BIT              NOT NULL,
+    [MasterPassword]        NVARCHAR (300)   NOT NULL,
+    [MasterPasswordHint]    NVARCHAR (50)    NULL,
+    [Culture]               NVARCHAR (10)    NOT NULL,
+    [SecurityStamp]         NVARCHAR (50)    NOT NULL,
+    [TwoFactorEnabled]      BIT              NOT NULL,
+    [TwoFactorProvider]     TINYINT          NULL,
+    [AuthenticatorKey]      NVARCHAR (50)    NULL,
+    [TwoFactorRecoveryCode] NVARCHAR (32)    NULL,
+    [CreationDate]          DATETIME2 (7)    NOT NULL,
+    [RevisionDate]          DATETIME2 (7)    NOT NULL,
    CONSTRAINT [PK_User] PRIMARY KEY CLUSTERED ([Id] ASC)
 );